In 2018, organizations that trust passwords alone to manage access to their critical business information are like Cro-Magnon hunters protecting their tribe with a stone ax. While it’s a simple and comparatively easy solution to implement, it isn’t a viable approach in an increasingly competitive digital business environment. It also doesn’t provide enough protection to combat real risks that exist today.

Certainly, passwords are tough to beat when it comes to a cheap, fast and convenient way to deliver authentication. In today’s threat landscape, however, passwords alone represent a dangerous and dated solution. They’re easily guessed, bypassed, stolen and even sold — and they don’t meet modern security needs.

Multifactor Authentication: Mainframe Security Concerns Come Into Focus

Smart companies — especially ones that deploy large-scale systems based on mainframes — are finding ways to manage access to their data and infrastructure safely. Regardless of their industry vertical or geographic location, organizations are increasingly focused on a common concern: cybersecurity.

Cyberthreats subject companies to risk that can damage customer and partner relationships, not to mention brand reputation, lost revenue and fines. The threats will continue to rise in variety and volume as businesses embrace digital transformation (and attackers become more sophisticated).

A recent survey by the IBM Institute for Business Value found that 94 percent of C-suite executives expect their company to have a significant cybersecurity incident in the next two years — and less than 20 percent have a high level of confidence in their preparedness to combat these threats.

Protecting Mainframe Data in the Post-Password Era

Multifactor authentication (MFA) is a powerful solution that organizations can use today to restrict access to sensitive information. While variations of MFA have been available for several years to manage access to phones, laptops and tablets, this capability has only recently been an option for mainframes. Since tremendous amounts of valuable data and proprietary IP are typically stored and managed on mainframes, MFA now makes it much easier to control access to mission-critical information.

MFA is an umbrella term for an approach that forces users to identify themselves with something they:

  • Know, such as a password or PIN;
  • Have, such as a cell phone or key fob; and
  • Are, such as a fingerprint, voice print or iris scan.

Organizations across industries are implementing MFA to provide additional layers of access security and make the bad guys work a lot harder. The result delivers on the primary objective: Make access easier for people who are authorized and more difficult for attackers.

The Rise of Multifactor Authentication Means Passwords Are Ancient History

In recent years, more and more companies are turning to MFA solutions to address their security and compliance concerns. In 2015, 66 percent of organizations were using MFA in some capacity, according to SecureAuth. In 2016, that number jumped to an impressive 93 percent. In 2017, more than 30 percent of organizations were looking to expand or implement MFA over the next 12 months.

To meet this demand, IBM MFA for z/OS enables verification of all users, including employees, contractors, outsourced IT, partners and customers — basically anyone who logs into your existing enterprise security management (ESM) solution.

If you are looking to provide the next level of secure access to your organization’s critical data, put down the stone ax, step out of the cave and stop using your password.

Learn more about IBM Multi-Factor Authentication for z/OS

More from Mainframe

How Dangerous Is the Cyberattack Risk to Transportation?

4 min read - If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware attacks. In one event, attackers breached the New York Metropolitan Transportation Authority (MTA) systems. Thankfully, no one was harmed, but incidents like these are cause…

Low-Code Is Easy, But Is It Secure?

4 min read - Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion in 2020. The market is forecast to reach over $47 billion in 2025 and $65 billion in 2027 with a CAGR of 26.1%. Very few,…

Starting From Scratch: How to Build a Small Business Cybersecurity Program

4 min read - When you run a small business, outsourcing for services like IT and security makes a lot of sense. While you might not have the budget for a full-time professional on staff to do these jobs, you still need the services.However, while it might be helpful to have a managed service provider handle your software and computing issues, cybersecurity for small and medium businesses (SMBs) also requires a personal, hands-on approach. While you can continue to outsource some areas of cybersecurity,…

A Journey in Organizational Resilience: Supply Chain and Third Parties

4 min read - The next stop on our journey focuses on those that you rely on: supply chains and third parties.  Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call when it comes to cybersecurity resilience. You see, the purpose of using external partners is to take advantage of a capability that your organization did not have, or the vendor was just better at than you. In turn, there was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today