Common Security Challenges on the Mainframe and IBM i Platforms
Security on the mainframe and IBM i platform (and all of IT) is at the forefront of CIO/CTO minds today. Various compliance laws and regulations, most recently GDPR, has forced these leaders to focus on how safe and secure their data is – as well as the ability to have security team visibility into this data.
There are various areas to consider with respect to security. I’ll touch on each of them briefly here:
Controlling access to system and data
Are the people entrusted with access to data the only ones who are accessing this data? Regulations such as GDPR require that access to protected data be limited to those that need it and only for periods of time where that access is required. How are organizations ensuring that nobody else is able to get at this data? Can the organization prove that it is monitoring all access and has governance in place to determine who has access, when, and for how long?
Limiting activity granted to user profiles
The days where entire teams and groups of people are granted wide open access to all systems has come to an end. Having necessary security in place means that only those that need access to systems are granted such access and that few are granted this access on an ongoing basis.
Allowing access to those that don’t need it or allowing it for too long shows that the organization has inadequate controls and may not be protecting private data.
Tracking database and system activity
Just controlling access to data and limiting user activity isn’t enough to prove the organization is doing everything possible to protect the infrastructure and the data. The organization must track all system and database activity and be prepared to react when there are users and activities present that aren’t expected or thought to be allowed or necessary.
Reporting on security violations
GDPR and other regulations/laws prescribe timeframes on what must be reported and when, but it’s best practice to have a plan in place to report on security violations and breaches that have been found. Many organizations have suffered lost revenue, fines, and lost reputation because of breaches that were either not caught or not reported in a timely manner.
Ensuring compliance with regulations
Not complying with security regulations is a quick path to being out of business. Large fines (to the organizations and to the leaders personally) can cause irrevocable damage to the business financially and to the reputation to the business. It’s also the right way to do business, especially today when so much private data exists and can be exploited in ways that can do harm to the individual.
Ensuring compliance requires a plan as well as the tools to capture the information necessary to monitor the infrastructure for breaches and potential breaches.
Protecting data via encryption, masking, scrambling, etc.
Putting encryption and other techniques into software solutions that look at, keep, and transport data is a big step towards protecting the data and show that the organization is serious about doing what’s necessary to protect their customers and their private data. CIO’s and other leaders should be examining all of the ways that data is transported, stored, viewed, and used and ensure that the data is thoroughly protected throughout its lifecycle.
Visibility of data
Finally, let’s address the visibility of all of this key security data. Organizations have invested a lot of money in various platforms that help make their business money, but all of them store critical system and security logs in various ways. Mainframes store data in logs, typically accessible with tools only used by mainframe system programmers. IBM i systems have data in journals that are, again, only accessible natively by IBM i experts.
But most organizations have centralized teams now who are looking at security data and how successful can those teams be if they are missing data from vital platforms like the mainframe and IBM i?
Many organizations have standardized on Splunk as a place to receive and view all kinds of data, security data included. That means that in order for the security people to be successful, they only need to know how to work with the data in Splunk, not all the various platforms and technologies that capture and provide the data.
Ironstream and our new Ironstream for IBM i take data from the mainframe and IBM i systems and forward that crucial data to Splunk and other SIEM consoles for viewing, alerting, and analysis. Having that vital data to hand means that organizations have complete visibility into these environments without the need for costly monitoring systems or for specialized, scarce, and costly expertise. Make sure to register for our upcoming webcast: Ironstream for IBM i – Enabling Splunk Insight into Key Security and Operational Metrics.
Download the Next-Gen Operational Intelligence checklist to discover what you need to start monitoring on your mainframe.