Data infrastructure optimization, availability & security software
Data integration & quality software
The Next Wave of technology & innovation

A Quick Guide to Reducing Mainframe Security Risks

IBM mainframe computers have a well-deserved reputation as being among the most secure IT platforms in the world. But that doesn’t mean their security can’t be compromised. With the wealth of mission-critical corporate data that resides on them, mainframes are tempting targets that data thieves work hard to invade. 

If you want your company to avoid being the star of the next data breach story on the evening news, here are some critical mainframe security issues you should address.

Access Control

The first line of defense in mainframe security is controlling who has access. An obvious place to start is by implementing RACF (Resource Access Control Facility) which provides native tools for managing user access to system resources. In addition, incorporating the following principles will provide added layers of access control protection:

  • Role-based Access Privileges – Access to various system resources is granted on a group rather than an individual basis. A user’s access rights come with membership in specific groups, and cease when the user leaves the group.
  • Role Segregation – This is critical! No user should have both ops privileges and audit privileges. Violating this rule allows individuals to first carry out and then cover up nefarious activities in the system.
  • Multifactor Authentication (MFA) – MFA is very effective in preventing access through the use of compromised passwords. With MFA, users are required to identify themselves in at least two independent ways before access is granted. IBM’s MFA for z/OS offering now makes this capability available on the mainframe. (Also referred to as Two Factor Authentication, or 2FA)
mainframe security

Pervasive encryption

Encryption is probably the most effective data protection tool yet devised. But its use has been limited because when extensively employed in x86 server environments, it dramatically degrades performance. But the recently released IBM z14 series of mainframes now provides the ability to encrypt all data in the system, whether at rest or in flight, while not significantly impacting throughput or transaction speed.

Real-Time Analytics

The length of time between the initiation of an attempted data breach and its discovery has a major impact on the amount of damage that results. With data transfers happening at electronic speeds, every second counts. For example, to prevent data theft, invalid access attempts such as failed TSO logons or efforts to initiate unauthorized FTP file transfers, must trigger scrutiny as soon as they happen, not when a log file is finally examined days or weeks later. That’s why tools like SIEM, which can analyze and report security-related information in real time, are a must. 

SIEM Integration

mainframe security

SIEM (Security Information and Event Management) tools provide the real-time monitoring, analysis, and alerting capabilities that are critical for any comprehensive data security strategy. They gather, transform, and correlate data from various sources, and can not only generate alerts when abnormal processes seem to be occurring, but can also automatically invoke other security controls to curtail such activities immediately.

According to Gartner, the premier SIEM product available today is Splunk. But since Splunk was designed for the distributed systems environment, it cannot natively access mainframe data. Bridging that gap is the role of Syncsort’s Ironstream, which is the industry’s leading tool for automatically forwarding IBM z mainframe data into the distributed systems realm. The two together allow mainframes to be seamlessly integrated into the SIEM ecosystem.

How to Address the Top 5 Mainframe Security Vulnerabilities, Capacity Planning

According to Gartner, the premier SIEM product available today is Splunk. But since Splunk was designed for the distributed systems environment, it cannot natively access mainframe data. Bridging that gap is the role of Syncsort’s Ironstream, which is the industry’s leading tool for automatically forwarding IBM z mainframe data into the distributed systems realm. The two together allow mainframes to be seamlessly integrated into the SIEM ecosystem.

Periodic Reviews

The final essential for a top-notch mainframe security strategy is periodic review of all technical and personnel dispositions to ensure that the changes that inevitably occur over time don’t create hidden vulnerabilities. Special attention should be paid to:

  • Keeping group and individual access privileges current
  • Ensuring that group membership rolls are current with personnel changes
  • Updating RACF profiles
  • Making sure all software updates are correctly installed

Make sure to download our eBook and learn how to address the top 5 mainframe security vulnerabilities.

Related Posts