There are things in life that we can get away with doing just once a year—filing our federal income taxes, going for a physical or filling out a performance review. If all goes well, we can tick these things off our to-do list for another year and move on.
Then there are the activities that we need to keep up regularly, like going to the gym and flossing. To this list also add your mainframe security plan. In order to avoid catastrophes like a data breach, you need to regularly monitor your mainframe for red flags. It’s not a once-a-year check in—it’s a continuous cycle of maintenance, improvement, monitoring and adjusting.
Don’t Overestimate Your Mainframe Security
Many IT professionals are still under the impression that you can’t hack a mainframe. While it is true that the mainframe is more secure than open systems, mainframes have been hacked. Most of these hacks are inside jobs. Edward Snowden was able to access sensitive NSA data because an insider didn’t follow proper security protocol. That person has since resigned from the NSA and everyone knows what happened to that sensitive data that Snowden was able to access.
So while the mainframe continues to be the mainstay of large enterprises responsible for millions of data transactions per day, there is a growing awareness that better security practices and monitoring of the mainframe are also essential. After all, what other system handles so much mission-critical information yet your business would spend so little time monitoring?
The Mainframe Security Routine IT Needs to Implement
If you don’t floss regularly you’re at risk of gum disease and, eventually, the irrevocable loss of a natural tooth. It doesn’t happen overnight but it’s a real risk over time. If you don’t have a mainframe security routine, you might not see the repercussions right away, either—but you’re at risk all the same. Without clear visibility into the daily events happening on your mainframe, and without regular auditing and checks of data access, you’re leaving too much to chance. It just takes one incident to cost you thousands—even millions—of dollars and the loss of your customers’ hard-earned trust.
The best mainframe security plan is routine and cyclical. You start by developing your security strategy. You might even bring on a consultant or outside vendor to advise you on the best tools to help safeguard your Big Iron. Then you monitor your mainframe. You stay alert for any red flags and when you see one, you mark it as an action item to immediately address. You make a tweak to your strategy or develop a new security protocol to fill that gap. And then you go back to monitoring.
You do regular self-audits to make sure you’re remaining compliant. You keep regular tabs on who’s accessing your data—whether that data is original or replicated—and you know when they accessed the data, why, and if it was shared with anyone else (even for legitimate reasons).
One major retailer was the victim of an insider breach involving a contract employee who “stole customer credit card information from an IBM mainframe application simply by copying the data from the screen. That Personally Identifiable Information (PII) ended up on the black market.” Implementing masked data—where sensitive customer data is visible to approved users only—would have likely prevented this costly and embarrassing mistake.
Likewise, there are other security tools that could have protected the data from falling into an unauthorized contractor’s hands. One way to significantly improve mainframe security is to integrate mainframe event data with a company’s SIEM platform.
Getting into this mainframe security routine is what helps CIOs sleep soundly at night, knowing that they are on top of what is happening with their company’s most sensitive data.