Disaster recovery Toolkit

Story: Government at a loss over data security

Posted by: 23201 (Tuesday 22 January 2008, 8:29 PM)

Address the cause, not the symptom

We've seen the endless variety of ways in which the government and other central agencies have found to lose data and we've seen a corresponding number of inquiries into how it happened and how we can mitigate the losses in future, such as AES encryption, etc.

But this only addresses (or apparently doesn't!) the symptom, data loss. The common thread in all these incidents is that data was being moved outside the secure owning data centre. That is the cause and that is what should be addressed. The previous poster points out that secure networks technology exists and so, with that in place, I suggest that sensitive data should NEVER leave the data centre in which it resides. There, it can be fully secured. Then use the secure network to allow legitimate access to the data only for the purpose and duration for which it is required. When processing is complete, the secure network can disallow further access.

Can data centres be secured in this way? Yes, but not with commodity servers. The minimum requrement would be an IBM System z, running zOS - not zVM, not zLinux, not "toy department" commodity servers - industrial strength is mandatory here. zOS and its predecessor, MVS, have never been hacked.

As the previous poster said, it isn't rocket science, just common sense, though in the case of these data losses, "common sense" may be an oxymoron!

View complete profile

Private message disabled

View all posts