Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Ray Overby
Ray Overby
Connect Directly
E-Mail vvv

The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?

The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.

By all accounts, a mainframe renaissance is here. After years of negativity and predictions about the impending death of the mainframe, the technology is experiencing a resurgence and wide adoption this year, with even greater growth predicted beyond 2019.

Case in point: IBM's Z series mainframe sales are up 70% year-over-year. And a recent Compuware survey showed that mainframe workloads are increasing. Currently, 57% of enterprises with a mainframe run more than half of their critical applications on the mainframe, but that number is expected to rise to 64% by next year, according to Compushare.

As the face of IT has changed, the mainframe has kept up with trends, with its ever-evolving ability to provide the performance and number-crunching required by technologies such as machine learning and artificial intelligence.

But while mainframe technology has evolved to meet the trends, the security processes and practices needed to keep the platform secure haven't exactly kept up. It's not for lack of technology and tools, however. The phenomenon is largely due to a series of misconceptions among IT professionals around mainframe security. Those misconceptions are placing countless businesses — and an enormous amount of sensitive customer data — at serious risk.

Debunking Misconceptions
I've spent the majority of my career in mainframe security, and the one mistaken belief I come across consistently is that the mainframe is inherently secure. What I hear is that mainframes have security built into them from the ground up — that through cryptographic hardware acceleration and a secure operating system, mainframes fulfill the critical requirement of keeping data protected. But that's only part of the story.

If you're thinking "But one of the main reasons I chose mainframe technology was its reputation for security!" you're not mistaken. It's true — the mainframe is arguably the most secure platform. But really, I prefer to think of the mainframe as the most securable platform. Any system comes with weaknesses, and the mainframe is no exception.

Like any other system, mainframes are subject to ransomware attacks, cybersecurity threats, and vulnerabilities that leave them open to serious exposures. Despite the reputation for security, reliability, and scalability, the mainframe requires the same level of attention as any other computing platform when it comes to security.

Widespread Complacency
Unfortunately, I see businesses overlooking mainframe security all too often. This advice isn't only meant for businesses new to mainframes that might not know any better. It's also an important reminder to businesses that have long been relying on mainframes to run mission-critical processes and safeguard sensitive customer information.

Overlooking mainframe security is an industrywide issue today. Recent research shows that even though 85% of companies say that mainframe security is a top priority, 67% admit that they only sometimes or rarely factor security into mainframe environment decisions.

In other words, companies aren't practicing what they preach when it comes to mainframe security. And as we hear about a new data breach seemingly every day, business and consumers alike should be worried about the implications of security complacency.

There's also a widespread lack of knowledge around how to best protect the mainframe. Executives around the world rank security as the second-biggest challenge today, but they're not sure how to get started.

Creating a Mainframe Security Strategy
Companies can't afford a breach: The cost of a data breach is high, averaging $3.86 million globally, not to mention the damage to your business in reputational harm and potential lost business. With that in mind, how can businesses build a successful mainframe security strategy?

Most organizations rely on third-party tools to establish permissions (authentication) and access control (authorization), but that alone isn't a complete solution. Security exploits are also a major cause of breaches, and organizations need to make sure they're taking steps to protect against them. A Forrester survey of companies that have experienced a data breach within the last year found that 35% were caused by an exploited vulnerability.

With the threat and vulnerability landscape constantly changing, organizations are under attack across their IT systems. As a result, compliance regulations increasingly require mainframe penetration testing, vulnerability scanning, and ongoing vulnerability management. Consistent testing and evaluation can help uncover known and zero-day vulnerabilities.

A comprehensive security strategy also includes things like automating compliance assessments, penetration testing, scanning mainframe applications and operating systems (OS) for vulnerabilities, and, of course, making sure they have the right resources (both in terms of tools and people) to secure the environment.

In other words, the best defense is a good offense. Organizations need to be proactive about protecting the mainframe not only against known threats but also seeking out the gaps in their systems that might allow unknown threats to creep into their mainframe and compromise customer data.

Ultimately, the mainframe renaissance will equip businesses with the processing power, reliability, and scalability they need to thrive. But for true peace of mind, especially where sensitive customer data is involved, businesses need to be aware of the importance of mainframe security and, just as importantly, prepared to execute on it.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: 5 Things to Know About Cyber Insurance.

Ray Overby is a Co-Founder and President of Key Resources, Inc., (KRI), a software and security services firm specializing in mainframe security. A recognized world authority in mainframe security, risk, and compliance for IBM Z System environments, Ray heads the KRI ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
8/16/2019 | 10:14:39 AM
Mainframe vs. PC security
I would say this to those who thought mainframes are "inherently" more secure:

It is true that mainframe security is "easier" to maintain and an aggregate network of PCs. Once the mainframe itself is secured, all systems are secured, as opposed to securing all individual PCs in various configurations and network exposures. However, reserves is also true. If mainframe security is breached, the whole system goes down, whereas certain sections of a PC network might still be secured or can be made functional immediately after attacks. It's all about trade-offs and proper security postures for different computer systems.

User Rank: Ninja
8/15/2019 | 1:25:19 PM
Training, where can we get time to run practice workloads on a mainframe
I think the biggest problem is the lack of availability to work on a mainframe and to become familiar with it, one needs time to work on it to take into consideration the commands one has to run to ensure its availability and security. I know there is Z-Linux, ZOS but I can't go to a friend or neighborhood store or online and put the time in to master mainframe security procedures, there is a process of course.

Maybe you can shed some light, other than taking these expensive online classes or going to one of IBM's training facilities (Rockville, Gaithersburg, RTP or ATL).

Give me some of your thoughts.

Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.