Bob Fake, CEO, InfoSec
The mainframe is just like any other part of an IT infrastructure in that it needs to be protected from security breaches. Nothing is exempt, and nothing should be left vulnerable so that it may be compromised. However, when it comes to security, mainframes are often treated differently from the rest of the IT set-up. And this is due to some longstanding perceptions—but are these perceptions true, or just the result of past mindsets spilling over into the present?
The persistent idea that the mainframe is highly secure most likely springs from its long history of standing up to outside attack. The mainframe has been around for more than 50 years, and was originally a standalone environment, making it highly secure and nearly impenetrable. There was the mainframe hardware —with all of the applications and data living on the mainframe and the communication connections were hard-wired to the mainframes. This made the whole structure extremely secure.
But over recent years, where we have added more customer-centric, value-added interfaces to our applications that used to live and run only on the mainframe, we have extended them outside of the data center. This provides the perk of browser-based connections to servers and the mainframe. But, as we open up the communication with these connections, we also open up to other types of communication—including security threats.
And just as we monitor data coming from firewalls to our other servers, the mainframe is now connected to the firewall as well. So we must now become cognizant of the connection types that we have, the data that is coming to and from the mainframe, and how that traffic is being managed and monitored. There is a lot going on and thus a lot to monitor.
While the mainframe is still, by far, the most secure platform out there, a solid security strategy includes a plan for protecting it from certain types of unnecessary access—and, more importantly, internally ensuring that those who manage the mainframe do not misuse any legitimate authority for misappropriating information. No matter how secure a system is from the outside-in, we cannot forget the potential for the threat to come from within.
This is where an expert team of consultants with decades of mainframe experience can become a helpful alliance in your quest for seamless mainframe security. To fully protect yourself from both internal and external threats, you need a SIEM strategy in place that allows you to engage in real-time reporting. Engaging with a third-party consulting partner can be your key to determining your needs, establishing an effective and seamless strategy, and using the right processes to carry it out consistently across your organization.