IT Network Security: Mainframe Security Best Practices for Meeting Compliance Regulations and Minimizing Data Vulnerabilities
Considering that mainframes handle 68 percent of the world’s production IT workloads, mainframe security is a huge component of your overall IT network security.
Mainframers recognize the importance of keeping the mainframe secure. Of the mainframe professionals surveyed in our 2018 State of the Mainframe Survey Report, 63 percent said that meeting security and compliance requirements is a top priority. Reducing security exposures, fulfilling audit requirements, and addressing compliance mandates remains a key initiative for IT executives and IT organizations. The cost of an audit, or even worse failing a compliance mandate, far exceeds the cost of the technologies that can be put into place to help address security and compliance initiatives.
So let’s review common mainframe security challenges and best practices for reducing risk and meeting compliance regulations.
Mainframe Security Challenges and Vulnerabilities
In this blog post from earlier this year, we discussed common mainframe security challenges, which included data protection, data visibility and compliance.
Putting encryption into software solutions that monitor, store and transport data is a big step towards protecting the data on the mainframe. CIO’s and other leaders need to examine all the ways that data is transported, stored, viewed, and used to ensure that the data is thoroughly protected throughout its lifecycle. For more on mainframe encryption, read our eBook: Data Encryption in the Mainframe World
In IT network security, the term visibility means an understanding of what is happening in your systems and infrastructure. Visibility through monitoring the mainframe’s machine data provides the foundation for making informed decisions about security. In our recent blog post, “Maximizing Mainframe Visibility” we review how to overcome mainframe visibility hurdles.
Compliance regulations provide guidelines for how businesses should be protecting critical customer data. Due to the sensitive nature of this data – and the potential harm to customers if it is not protected – the penalties for organizations that fail to comply with security regulations are quite considerable. The large fines given to businesses that do not meet compliance can cause irrevocable damage to the business both financially and in terms of the organization’s reputation.
Depending on the nature of your business and the customer data stored on your mainframe, you may face numerous mainframe regulation requirements, such as:
- General Data Protection Regulation (GDPR)
GDPR went into effect in late May 2018, to protect the personal data of Europeans including how their data is used, stored and accessed. GDPR was among the top security trends at the 2018 RSA conference. For more on how GDPR effects mainframe compliance, read our eBook Three Imperatives for Keeping IBM i Environments in Compliance with GDPR
- Service Organization Control 2 (SOC2)
Developed by the American Institute of CPAs (AICPA), SOC2 requires that companies set and comply with strict information security policies and procedures, encompassing the security, availability, processing, integrity and confidentiality of customer data. Check out our case study: Compliance Rules Lead Client-focused Healthcare Company to Ironstream + Splunk
- Internal Revenue Service Publication 1075 (IRS 1075)
U.S. government agencies and their agents that access federal tax information (FTI) are required to meet IRS Publication 1075 regulations. Read our case study: Solving IRS Pub 1075 Compliance Issues and Recovering $
Leveraging Machine Data to Combat Threats to Cyber Security
The huge volume of data processed by your mainframes can also help you to detect and stop attacks in real time. For example, it can enable banks to identify a fraudulent credit card transaction and stop while its happening. (Related: How Medical Mutual of Ohio Gains Vital Insights from Mainframe Data in Real Time)
Monitoring SMF and z/OS Log Data
One of top five mainframe trends from our 2018 State of the Mainframe Survey Report noted the increased role of machine data (SMF and z/OS log data) in addressing security and compliance mandates. Organizations are looking at leveraging analytics platforms for security and compliance, and they understand the value that SMF and other z/OS log data can provide when coupled with emerging big data analytics platforms including Splunk, Elastic, and Hadoop.
For more about what SMF data and how it can help in mainframe security, read The Ultimate Guide to Mainframe Machine Data
Security Information and Event Management (SIEM)
It was just a few years ago that Security Information and Event Management (SIEM) really starting gaining attention.
SIEM software products and services combine security information management and security events generated by network hardware and applications to provide real-time analysis of security alerts and threats happening within an organization’s IT infrastructure. The SMF and log files you’re familiar with are an important part of that puzzle, but not all of it. (Read: SIEM is Here: What You Should Know)
Monitoring security information and events is the fourth step in our IT Operations Checklist for z/OS Mainframes, which includes monitoring data movement, dataset access operations and privileged/non-privileged user activity as well as analyzing network traffic for unexpected high data volumes.
Syncsort’s Ironstream works with Splunk and Elastic platforms to help you monitor your mainframe log data as part of your larger IT network security and monitoring initiatives.
Real-time Monitoring for Enhanced Security
Capturing user behavior, especially in real-time, is seemingly impossible if you rely only on data you collect from the various logs and SMF data. That’s why Compuware, in conjunction with Syncsort and Splunk, recently announced Application Audit, a software tool that aims to transform mainframe cybersecurity and compliance through real-time capture and analysis of user behavior.
“Real-time data collection and analysis is critical in helping IT identify trends and solve issues before they negatively impact the business,” said Chris O’Malley, CEO, Compuware. With Syncsort Ironstream delivering Compuware Application Audit data to the Splunk platform, organizations can effectively tackle cross-platform cybersecurity and increasingly burdensome global compliance mandates.” (Read full press release)