What is your security team trying to achieve? To disallow the PurePath display for everyone or just administrators? To audit access? To disallow access to data for persons who have administrative access to the OS?
PurePath data are stored in a proprietary format, not easily visible to anyone having access to the files and not having access to the GUI. I personally think that there is no requirement to have administrative access to the operating system for anyone not having administrative access to Dynatrace as the system is (almost) self-maintaining.
I agree with Julius. I'm also unclear as to the concern. What data in the purepath is of concern? Is it visualizing the Class.methods? Request Parameters? Users Passwords? Knowing the concern might help us ensure the concern is resolved, possibly by current product functionality.
Only systems and operations administrators have access to the servers. The Dynatrace Administration Team does not have access to the servers. The management of user passwords has been delegated to the AD.
The Security team requests to forbid access to purepath files, which may contain sensitive data for systems administrators and operations teams.
PurePath storage files are not easily readable. Although it can be reverse engineered, it would take a significant effort to get any meaningful data from the files.
The easiest approach here would be to disallow systems administrators to have access to Dynatrace cluster nodes (there is almost nothing to do on the node for them except for extending filesystems or doing system updates - and they are not required by dynatrace.
Anyway even encrypting the data would not disallow Dynatrace administrators to have access to PurePath data. You can limit confidential data display in Dynatrace for certain users.
I believe your concerns are not valid. Your administrators already have access to the same data that's located in purepaths, such as users requests coming across the network. Your administrators can easily use tools to capture packets and see what users are submitting. In fact the purepath secures this data even better in that it does not show parameters, which can be sensitive. Your administrators already have access to the request parameters without needing Dynatrace. So encrypting the purepaths would not provide you any additional security.
I remember that the dynatrace documentation says "All communication are encrypted and transmitted securly" between the agents and the dynatrace cluster.
In addition, user login is done in https.The Security team tells me that the encryption of purepaths is not incompatible with the encryption of network requests.