Data infrastructure optimization, availability & security software
Data integration & quality software
The Next Wave of technology & innovation

IT Network Security: Mainframe Security Best Practices for Meeting Compliance Regulations and Minimizing Data Vulnerabilities

Considering that mainframes handle 68 percent of the world’s production IT workloads, mainframe security is a huge component of your overall IT network security.

Mainframers recognize the importance of keeping the mainframe secure. Of the mainframe professionals surveyed in our 2018 State of the Mainframe Survey Report, 63 percent said that meeting security and compliance requirements is a top priority. Reducing security exposures, fulfilling audit requirements, and addressing compliance mandates remains a key initiative for IT executives and IT organizations. The cost of an audit, or even worse failing a compliance mandate, far exceeds the cost of the technologies that can be put into place to help address security and compliance initiatives.

So let’s review common mainframe security challenges and best practices for reducing risk and meeting compliance regulations.

Mainframe Security Challenges and Vulnerabilities

In this blog post from earlier this year, we discussed common mainframe security challenges, which included data protection, data visibility and compliance.

Mainframe Encryption

Putting encryption into software solutions that monitor, store and transport data is a big step towards protecting the data on the mainframe. CIO’s and other leaders need to examine all the ways that data is transported, stored, viewed, and used to ensure that the data is thoroughly protected throughout its lifecycle. For more on mainframe encryption, read our eBook: Data Encryption in the Mainframe World

Data Visibility

In IT network security, the term visibility means an understanding of what is happening in your systems and infrastructure. Visibility through monitoring the mainframe’s machine data provides the foundation for making informed decisions about security. In our recent blog post, “Maximizing Mainframe Visibility” we review how to overcome mainframe visibility hurdles.

Regulatory Compliance

Compliance regulations provide guidelines for how businesses should be protecting critical customer data. Due to the sensitive nature of this data – and the potential harm to customers if it is not protected – the penalties for organizations that fail to comply with security regulations are quite considerable. The large fines given to businesses that do not meet compliance can cause irrevocable damage to the business both financially and in terms of the organization’s reputation.

Depending on the nature of your business and the customer data stored on your mainframe, you may face numerous mainframe regulation requirements, such as:

Read our eBook: How to Address the Top 5 Mainframe Security Vulnerabilities

Leveraging Machine Data to Combat Threats to Cyber Security

The huge volume of data processed by your mainframes can also help you to detect and stop attacks in real time. For example, it can enable banks to identify a fraudulent credit card transaction and stop while its happening. (Related: How Medical Mutual of Ohio Gains Vital Insights from Mainframe Data in Real Time)

Monitoring SMF and z/OS Log Data

One of top five mainframe trends from our 2018 State of the Mainframe Survey Report noted the increased role of machine data (SMF and z/OS log data) in addressing security and compliance mandates. Organizations are looking at leveraging analytics platforms for security and compliance, and they understand the value that SMF and other z/OS log data can provide when coupled with emerging big data analytics platforms including Splunk, Elastic, and Hadoop.

Mainframe security - the importance of monitoring machine data (SMF and z/OS log data)

For more about what SMF data and how it can help in mainframe security, read The Ultimate Guide to Mainframe Machine Data

Security Information and Event Management (SIEM)

It was just a few years ago that Security Information and Event Management (SIEM) really starting gaining attention.

SIEM software products and services combine security information management and security events generated by network hardware and applications to provide real-time analysis of security alerts and threats happening within an organization’s IT infrastructure. The SMF and log files you’re familiar with are an important part of that puzzle, but not all of it. (Read: SIEM is Here: What You Should Know)

What is Security Information and Event Management (SIEM)?

Monitoring security information and events is the fourth step in our IT Operations Checklist for z/OS Mainframes, which includes monitoring data movement, dataset access operations and privileged/non-privileged user activity as well as analyzing network traffic for unexpected high data volumes.

Syncsort’s Ironstream works with Splunk and Elastic platforms to help you monitor your mainframe log data as part of your larger IT network security and monitoring initiatives.

Real-time Monitoring for Enhanced Security

Capturing user behavior, especially in real-time, is seemingly impossible if you rely only on data you collect from the various logs and SMF data. That’s why Compuware, in conjunction with Syncsort and Splunk, recently announced Application Audit, a software tool that aims to transform mainframe cybersecurity and compliance through real-time capture and analysis of user behavior.

“Real-time data collection and analysis is critical in helping IT identify trends and solve issues before they negatively impact the business,” said Chris O’Malley, CEO, Compuware. With Syncsort Ironstream delivering Compuware Application Audit data to the Splunk platform, organizations can effectively tackle cross-platform cybersecurity and increasingly burdensome global compliance mandates.” (Read full press release)

Further Reading on Mainframe Security Best Practices

Related Posts