We exist in a constantly changing threat environment. As the threats evolve, the security solutions, best practices, industry standards and regulatory compliance must also evolve to keep up with the threat landscape. For many organizations, this means continuing to enhance the security of their mainframe production systems, while at the same time adapting to handle new business initiatives including cloud, mobile, and big data. Some of these key customer challenges in the mainframe environment include:
- Integrating mainframe security intelligence in with enterprise-wide security intelligence
- Protecting sensitive enterprise data when used in big data and cloud environments
- Provided automated reporting for compliance regulations and industry standards
- Allowing secure access by users with mobile and personal device access
- Securing and isolating consolidated virtual consolidated workloads and clouds
Let’s take a closer look at these five challenges:
1. Enhanced Mainframe Security Intelligence
Today mainframe threats are often detected, isolated, analyzed and handled in separate silos by mainframe specific products. This can prevent an organization from seeing the bigger picture or identifying broader enterprise-wide vulnerabilities. Consolidating mainframe security threats in with overall organization threats can help to analyze trends, pinpoint sources, and lead to timely efficient enterprise-wide threat responses that minimize damage.
2. Protecting Sensitive Data
Sensitive personal and critical business data must be adequately protected, especially as we find new ways to use the information in cloud environments and big data analytics. Data can be protected at various levels: field level, tables, files, storage devices, etc. in various ways: access controls, masking, encryption, network communications, etc. Estimates show that up to 70% of corporate production data may reside on mainframes especially for mission critical production workloads. Mainframes continue to offer strong security and privacy solution enhancements to protect data at rest and in motion.
3. Automated Compliance Reporting
With each new wave of threats and breach disclosures, there are expanded industry standards and compliance regulations. For instance retail breaches result in extension to the Payment Card Industry standards that protect our charge card information from identity theft and consumer fraud. Each round of stiffer regulations come with greater penalties and fines and requirements for more comprehensive compliance reporting. Solutions that can provide dashboard summaries of security status can automate compliance reporting to reduce audit overhead and costs.
4. Secure Personal and Mobile Devices Computing
As employees and customer consumers utilize their personal devices for work, we require better security to understand the level of trust in the user mobile device context. For instance did they provided strong user authentication such as digital certificates for secure communication protocols? Does their mobile device provide encryption of sensitive data stored on the device to prevent data disclosure? Is their device compliant with current patches and corporate security guidelines.
5. Virtual Workloads and Cloud Computing
When running virtual machines and private cloud workloads, you need isolation of the workloads, as though they were running on unconnected dedicated machines, and that can prevent data leakage between workloads. Mainframes offer a number of secure ways to run virtual machine workloads while providing isolation of users, applications and data including logical partitions, virtual machine system z/VM, and blade servers. In fact mainframe LPARs are evaluated at EAL5+, the highest commercial evaluation available today.
With greater than 45 years of integration between hardware and software, IBM System z servers and security software must continually evolve to provide a secure, integrated infrastructure for your mission critical production, cloud, web, mobile and big data applications in this constantly changing threat environment. On July 23, IBM announced a number security enhancements for encryption, digital certificates, security intelligence analytics, compliance reporting, data base auditing, and more that can help you keep up with the changing threat environment on mainframes.
How can your organization utilize more effective security intelligence to deal with the changing threats? How can you automate reporting of your compliance posture? And how do you protect your mission critical and sensitive data while allowing mobile devices access?
Read the IBM z/OS Version 2 Release 1 announcement
Read the IBM Security zSecure V2.1 announcement
Mainframe Security Marketing Manager, IBM Security
Anne Lescher is a Senior Marketing Manager currently championing mainframe security. Anne's involvement with mainframe security started with Resource Access ...