By Bill Wilkie, Dino-Software (5-minute read)
An interesting scenario challenging the security of temporary data sets and sort work areas was brought to our attention, so we are conducting some market research on the subject and request readers to weigh in with their opinions.
Is There an Exposure?
When the topic of erasing data for security purposes comes up, a common question may be, “Is it Necessary? Especially in a secure environment.” It is well known that any data set that contains sensitive information must be secured. There are several layers to the fortress in effort to make it impenetrable for the protection of data, and if there should be a breach, that data is rendered unusable. The IT arsenal is loaded with the use of firewalls, RACF, Top Security, data encryption, etc. However, is there an area of vulnerability that is being overlooked? Are there some potential flaws lurking in the protection hierarchy? If any of this data is breached, there can be financial consequences to a company that far exceed the cost of prevention.
Temporary Data Sets & Sort Work Areas
When the protections afforded sensitive data are removed by an authorized user simply supplying the correct password and decryption key, and that data is then read into a sort work area, it has been presented that those sort work areas now contain decrypted and readable sensitive data. Furthermore, at the end of the sort, when the sort work areas are programmed for deletion, “delete” only erases the pointer to where the data resides from the disk’s table of contents. It does not erase the data. The actual data written in that space still exists until it is eventually overwritten in its entirety by another requestor for space on that volume.
To add more food for thought, let’s say that the sort used 6 work areas of 10 cylinders each. Someone comes along and asks for 10 cylinders worth of data, and they are assigned the same space formerly assigned to SORTWORK01. But that application doesn’t use the entire 10 cylinders; it only uses 1 track. This means that there are now 149 tracks worth of sensitive data after the Last Block pointer for the new data set that are now still owned by the new data set. Potentially, anyone who can print the disk after the Last Block pointer is now able to see the raw data, and it will remain there as long as that new user holds onto that space. The same would be true for all the other work areas from that sort. Further, multiply that by the number of times that scenario is carried out by that same application and all other applications operating in the same manner. These accumulating remnants of unprotected data sets expose a vulnerability.
Bill Wilkie is the Sr. Product Developer of DINO’s XTINCT which provides fast, secure, and permanent disk and tape erasure. XTINCT meets DoD standards for cleaning and purging data. For more information on XTINCT, visit http://www.xtinctdinosoftware.com.
Dino-Software Corporation develops enterprise-wide solutions for the management, analysis, protection, and repair of complex z/OS mainframe environments. Dino-Software has long been acknowledged for its superiority in ICF catalog management and technical support, helping organizations ensure their business-critical assets remain online and recoverable in a disaster. Learn more about Dino-Software and its z/OS mainframe storage solutions at http://www.dino-software.com.