The mainframe is now an integral part of a rapidly-evolving connected, digital, and hybrid IT world. To remain, it must meet new demands for device connectivity and security. But what does that look like? In the first of three blogs, Barbara Ballard assesses how the enterprise is extending enterprise-level security to the mainframe with access control, data privacy, and endpoint hardening.
Why mainframe security matters
The mainframe continues to be business-critical, and it is here to stay. A recent Forrester survey shows that 72 percent of customer-facing applications are ‘completely or very reliant’ on mainframe processing. Now, 64percent of enterprises will run more than half of their business-critical applications on the mainframe, up from 57 percent in 2018. And that’s not all. IBM states that 80 percent of the world’s corporate data resides or originates on mainframes.
Despite all this, many organizations struggle to extend enterprise security to the mainframe. According to IBM, 85 percent of companies say mainframe security is a top priority, yet 67 percent admit that they only sometimes or rarely factor security into mainframe environment decisions. What is a mainframe?
Regulatory requirements demand additional security for the mainframe, as it is a crucial component of the enterprise. These regulations include Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). All require security controls that we will discuss here.
These regulations protect individuals and their data. For example, PCI DSS mandates multi-factor authentication (MFA) in certain scenarios regarding cardholder data, encryption, and data masking, as well as specifics around applying security patches. GDPR includes securing data in transit and at rest, and at its core, requires that personally identifiable information is only accessible by those with a legitimate reason to do so. And CCPA shares much of the same foundation as GDPR.
Sensitive data needs strong security
In addition to regulations requiring secure systems, the uptick of breaches proves the need for strong security for systems holding sensitive data. The most common breach is through compromised account credentials. Making access harder is the key to breach prevention.
One of the best ways to prevent unauthorized access is through multi-factor authentication (MFA). With MFA, the password will not be enough to gain access. In addition to access controls, data privacy through encryption in conjunction with data masking ensures sensitive data stays secure. If your systems are compromised, but sensitive information is encrypted and masked, that data will not be visible.
More than ever before, organizations must extend enterprise-level security controls to the mainframe. At a minimum, these controls include:
– Access control
– Data privacy
– Endpoint hardening
Our second post, Tightening Mainframe Access and Security: Part 2, looks at Access Control and Data Privacy in more depth. Until And to learn more about integrating IAM with your mainframe, be sure to view this whitepaper, Integrating Host Systems with Modern Security Frameworks