In the first blog of three we discussed how the mainframe must meet new demands in connectivity and security. In the second, we discussed Data Privacy and Access Control. In this final blog, Barbara Ballard looks at endpoint hardening and wraps up the options for extending enterprise-level security to the mainframe.
Endpoint hardening means strengthening the endpoints (devices) that access the mainframe to help prevent attacks. It secures systems by reducing the surface of vulnerability. This relies on installing the latest security patches, and configuring operating systems and applications according to least privilege principles, policies, and standards.
In mainframe organizations, the key application requiring endpoint hardening is the terminal emulator, or other host access software. Owners must lock down terminal emulation, as not all users need to create new sessions, edit macros, or connect to unauthorized systems.
In the new era of cyber security, terminal emulators need to be controlled. Centralized management of host access software simplifies locking down the emulator and applying the necessary security configuration changes, on demand.
The faster a security patch is rolled out, the quicker a threat is thwarted. But promptly applying patches for every individual desktop device is more complicated and time-consuming than using a server-based host access solution.
Defense in Depth
In this series, we have promoted a ‘defense in depth’ approach. This is the name we give to the coordinated use of multiple security controls to protect the information in the enterprise. The strategy follows the military principle that it is harder for an enemy to defeat a complex and multi-layered defense system than penetrate a single barrier.
In summary, no silver bullet will protect the enterprise from a breach. However, a multilayered defense plan, which includes the controls we have outlined in our first and second blogs, can secure the mainframe, and the data on it.
At a minimum, these controls must include
– Access control: Authentication and Authorization
– Data privacy: Encryption and Redaction
– Endpoint hardening: Terminal lockdown and Patch Rollouts
And it is worth noting these security controls work better together.
What to do now
The security challenges may seem daunting. Implementing everything outlined here may feel overwhelming. However, the mainframe must be secure. So, what do you do now? The best thing for any mainframe organization to do is something. Take any one, or more, of these controls and implement it – the sooner the better. And Micro Focus is here to help!
Check out these resources for more information about mainframe security:
– On-demand webinar: Quickly Implement Better Mainframe Access, Authentication, and Privacy
– Coming soon! IBM Systems eBook on Mainframe Security
– Try Host Access Management and Security Server (MSS) free for 120 days