Mainframe's midlife crisis: Security

Computerworld - Twenty years ago, mainframes sat in tight glass houses, accessed by a limited list of select employees. Today, mainframes remain a mainstay of enterprise operations. All predictions of the mainframe's imminent demise have disappeared as quickly as those predicting the end of brick-and-mortar retailing. In fact, industry sources estimate that 30 billion Cobol transactions occur daily; that's more than the number of Web page hits in the same time period.
In today's enterprise, mainframes have shattered their glass houses and are accessible by a variety of network services. In addition to conventional users of core CICS or IMS-based transactions, large organizations (including many financial services companies) are shifting applications from Wintel to Linux on the mainframe to save costs and increase performance and reliability. And Web-based applications hosted on the mainframe's Linux or Unix environment enable millions of customers to access the core transactional data needed to conduct business.
With so much traffic from so many sources -- and new government regulations aimed at consumer privacy and corporate diligence -- it's time for companies to rethink how they secure the mainframe.
Fatigue, inexperience and overconfidence trump security
Marooned on islands, with limited outside connectivity, mainframes have always been relatively easy to administer and secure. It wasn't uncommon for an organization to literally have one mainframe technician per user. Now, it's one technician per 1,000 users. Across our customer base of more than 300 large companies, we're seeing the trend: Experienced mainframe help is overworked and hard to find. You can't just plug in a firewall administrator and expect him to find his way around a spaghetti works of applications and services that were written before that administrator was even born.
In addition to increased connectivity and staff scarcity and knowledge, one of the largest challenges for mainframe security is complacency and overconfidence. Most companies assume that mainframes are secure, simply because of their glass-house heritage. I recently visited a very large European bank that boasted about mainframe security. I made the wrong assumption; with so many applications hosted on the mainframe, it was relatively easy for an insider to abuse and compromise the system. Sensitive data could be copied, records deleted, and all traces of this activity could be removed.
In particular, mainframes are vulnerable to three major types of threats:

1. Malicious data access: Hackers and trusted users have increased potential to access the mainframe's core data repository just like any other platform. The Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) and other standards all point to the need to protect data accountability and integrity. The mainframe can't be an exception.


2. Self-inflicted mistakes: A generation of mainframe masters is quickly retiring, and less qualified or less experienced technical staffers (often rushed and overworked) can inadvertently change code or settings to open up holes or deliver too much authorization to the system.


3. Aged software: The strength of the mainframe is that you can continue to run the old reliable software without too much maintenance. But even mainframe software needs checks, patches and updates to close gaps or simply improve security.

1 2 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Additional Resources Xerox Win a color printer! By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer! Microsoft Upgrade to Internet Explorer 8 today. Save time and mitigate security risk. Deploy it now. Sybase NEXT-GENERATION MOBILITY PLATFORMS In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions. Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase. White Papers & Webcasts Hidden Cash: Maximizing the Value of Surplus Technology in a Down Economy In today's tightened economy, all major technology purchases are being carefully scrutinized to ensure that each new piece of hardware and software can...   Usability Is Everything Learn what sets Workday's HR and Payroll solutions apart from the competition.... Your Network at Half the Price: Slash Network Hardware Costs With Pre-Owned Equipment Pre-owned networking equipment is certainly less expensive than the new variety, but IT managers are often challenged to know when and how to...   The Value of Real SaaS at Workday Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll.... Impact of the Dramatic Increase in Devices on the Cost to Support This white paper describes the challenges that CIOs will face in coming years due to a dramatic increase in the number of devices...   SaaS at Flextronics, Inc. Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution.... Help Customers Preserve and Share Memories As digital cameras became more and more prevalent, many photofinishers bemoaned the demise of their traditional film and processing business model. Digital posed...   Why Compliance Pays This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data... For Best Results, Think Beyond the Box Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to...   Agile Enterprise Content Management (ECM) for Rapid ROI Find out how combining ECM and BPM will help adress issues about content rich business processes.... All White Papers | All Webcasts Computerworld Reports An Interactive eBook: Enterprise Security The Business Case for Server Virtualization Computerworld Technology Briefing: Intelligent Users Use Business Intelligence All Computerworld Reports Sign up to receive updates on the latest Hardware resources   White Papers Hidden Cash: Maximizing the Value of Surplus Technology in a Down Economy Impact of the Dramatic Increase in Devices on the Cost to Support For Best Results, Think Beyond the Box Media Buying Agency Reduces Paper and Storage Needs Accelerate SSL Encrypted Applications Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends A Truly Global HCM System Moving Beyond Monolithic - What's Next for Enterprise Application Architectures? MarketVibe: Communications and Collaboration Needs at Business Organizations The Value of Network and Application Visibility by Aberdeen Your Network at Half the Price: Slash Network Hardware Costs With Pre-Owned Equipment Help Customers Preserve and Share Memories Digitize More Memories with the Kodak's Photo Scanning System Get a More Complete Picture of Patient Health ESG Lab Field Audit Natural User Interface for Enterprise Applications Craft a Strategy to Lower Your Total Cost of Ownership The Shortcut Guide to Managing Certificate Lifecycles Differentiating With Technical Support: JBoss Customer Support Study The JBoss SOA Assessment Tool: Spend Less, Do More Sponsored Links HP StorageWorks products-control, consolidation and confidence. 64-page prescriptive guide to security, compliance, and IT operations. Looking to add Unix/Linux functionality to Windows? FREE guide to saving up to 95% on network hardware costs. Start saving today! Enhance your career with a Boston University online Master's in CIS Find IT jobs in the Healthcare industry on Dice.com Network Tools Made By Engineers for Engineers Live Webcast: Building a More Productive Organization  A User Perspective With the NEW KODAK i700 Series Scanners get full speed at 300dpi! ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker Introducing the new HP ProLiant G6 server family Wait for the upturn, or get ready for it with Capgemini's Technovision study. Download it here. Instantly know your IT service state - anytime, anywhere @ AccelOps.net Try the best rules engine free! Decisions.FICO.com Learn How to Create a High Performance Workplace Thrill Dad this Fathers Day and save up to 66% plus 4 FREE Caramel Apple Tartlets from Omaha Steaks. ESET NOD32 with ThreatSense(R) - Get your free trial now! Join the conversation about the hottest IT trends with Computerworld on Twitter. Create business data you can believe in with data governance Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.