System administrators, by definition, have to be trustworthy, given
that they have full control of the systems and data under their care.
Sure, you can imagine scenarios where the sysadmin absconds with all
the data, but such a person should not have been put into that kind
of position of power.
Encrypting data in ADSM, in your scenario, is rather pointless in that
it is under the control of the sysadmin whom you don't want to trust.
If your users are *seriously* concerned about the confidentiality of
their data, they should be encrypting it where it lives, on their host.
This gives the fullest protection, no matter where that data goes, and
is under their control rather than someone else's.
Richard Sims, Boston University OIT
|