Ads by TechWords

See your link here
Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Hardware
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Mainframe's midlife crisis: Security

January 29, 2004 12:00 PM ET

Computerworld - Twenty years ago, mainframes sat in tight glass houses, accessed by a limited list of select employees. Today, mainframes remain a mainstay of enterprise operations. All predictions of the mainframe's imminent demise have disappeared as quickly as those predicting the end of brick-and-mortar retailing. In fact, industry sources estimate that 30 billion Cobol transactions occur daily; that's more than the number of Web page hits in the same time period.
In today's enterprise, mainframes have shattered their glass houses and are accessible by a variety of network services. In addition to conventional users of core CICS or IMS-based transactions, large organizations (including many financial services companies) are shifting applications from Wintel to Linux on the mainframe to save costs and increase performance and reliability. And Web-based applications hosted on the mainframe's Linux or Unix environment enable millions of customers to access the core transactional data needed to conduct business.
With so much traffic from so many sources -- and new government regulations aimed at consumer privacy and corporate diligence -- it's time for companies to rethink how they secure the mainframe.
Fatigue, inexperience and overconfidence trump security
Marooned on islands, with limited outside connectivity, mainframes have always been relatively easy to administer and secure. It wasn't uncommon for an organization to literally have one mainframe technician per user. Now, it's one technician per 1,000 users. Across our customer base of more than 300 large companies, we're seeing the trend: Experienced mainframe help is overworked and hard to find. You can't just plug in a firewall administrator and expect him to find his way around a spaghetti works of applications and services that were written before that administrator was even born.
In addition to increased connectivity and staff scarcity and knowledge, one of the largest challenges for mainframe security is complacency and overconfidence. Most companies assume that mainframes are secure, simply because of their glass-house heritage. I recently visited a very large European bank that boasted about mainframe security. I made the wrong assumption; with so many applications hosted on the mainframe, it was relatively easy for an insider to abuse and compromise the system. Sensitive data could be copied, records deleted, and all traces of this activity could be removed.
In particular, mainframes are vulnerable to three major types of threats:

  1. Malicious data access: Hackers and trusted users have increased potential to access the mainframe's core data repository just like any other platform. The Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) and other standards all point to the need to protect data accountability and integrity. The mainframe can't be an exception.

  2. Self-inflicted mistakes: A generation of mainframe masters is quickly retiring, and less qualified or less experienced technical staffers (often rushed and overworked) can inadvertently change code or settings to open up holes or deliver too much authorization to the system.

  3. Aged software: The strength of the mainframe is that you can continue to run the old reliable software without too much maintenance. But even mainframe software needs checks, patches and updates to close gaps or simply improve security.

Teaching an old dog new tricks
Advice


Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Hidden Cash: Maximizing the Value of Surplus Technology in a Down Economy
In today's tightened economy, all major technology purchases are being carefully scrutinized to ensure that each new piece of hardware and software can...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Your Network at Half the Price: Slash Network Hardware Costs With Pre-Owned Equipment
Pre-owned networking equipment is certainly less expensive than the new variety, but IT managers are often challenged to know when and how to...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Impact of the Dramatic Increase in Devices on the Cost to Support
This white paper describes the challenges that CIOs will face in coming years due to a dramatic increase in the number of devices...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Help Customers Preserve and Share Memories
As digital cameras became more and more prevalent, many photofinishers bemoaned the demise of their traditional film and processing business model. Digital posed...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

For Best Results, Think Beyond the Box
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to...  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....