We in the security field like to use metaphors to help illustrate the significance of data in the enterprise. I’m a big fan of cooking, so I’ll use the metaphor of a secret sauce. Think about it: Each transaction basically reflects your organization’s unique relationship with a customer, supplier or partner. By sheer quantity alone, mainframe transactions provide a huge number of ingredients that your organization uses to make its secret sauce — enhancing customer relationships, tuning supply chain operations, starting new lines of business and more.
Extremely critical data flows through and into mainframe data stores. In fact, 92 of the top 100 banks rely on the mainframe because of its speed, scale and security. Additionally, more than 29 billion ATM transactions are processed per year, and 87 percent of all credit card transactions are processed through the mainframe.
Safeguarding Your Secret Sauce
The buzz has been strong for the recent IBM z14 announcement, which includes pervasive encryption, tamper-responding key management and even encrypted application program interfaces (APIs). The speed and scale of the pervasive encryption solution is breathtaking.
Encryption is a fundamental technology to protect your secret sauce, and the new easy-to-use crypto capabilities in the z14 will make encryption a no-brainer.
With all the excitement around pervasive encryption, though, it’s important not to overlook another component that’s critical for data security: data activity monitoring. Imagine all the applications, services and administrators as cooks in a kitchen. How can you ensure that people are correctly following the recipe? How do you make sure that they aren’t walking off with your secret sauce and creating competitive recipes or selling it on the black market?
Data Protection and Activity Monitoring
Data activity monitoring provides insights into access behavior — that is, the who, what, where and when of access for DB2, the information management system (IMS) and the file system. For example, by using data activity monitoring, you would be able to tell whether the head chef (i.e., the database or system administrator) is working from a different location or working irregular hours.
In addition, data activity monitoring raises the visibility of unusual error conditions. If an application starts throwing a number of unusual database errors, it could be an indication that an SQL injection attack is underway. Or maybe the application is just poorly written or maintained — perhaps tables have been dropped or application privileges have changed. This visibility can help organizations reduce database overhead and risk by bringing these issues to light.
Then there’s compliance, everybody’s favorite topic. You need to be able to prove to auditors that compliance mandates are being followed, whether that includes monitoring privileged users, not allowing unauthorized database changes or tracking all access to payment card industry (PCI) data. With the EU’s General Data Protection Regulation (GDPR) set to take effect in May 2018, the stakes are even higher.
Automating Trust, Compliance and Security
As part of a comprehensive data protection strategy for the mainframe, IBM Security Guardium for z/OS provides detailed, granular, real-time activity monitoring capabilities as well as real-time alerting, out-of-the-box compliance reporting and much more. The newest release, 10.1.3, provides data protection improvements as well as performance improvements to help keep your costs and overhead down.
Your mainframe data is precious — it is your secret sauce. As such, it should be kept under lock and key, and monitored at all times.