The Future of Mainframe Security – A Personal Perspective from SHARE in Orlando

By Dan O’Brien

We hear it all the time—the mainframe is the most secure platform on the planet. That may be true, but even Achilles had his heel. And what was Samson without his long flowing hair?

Mark Wilson, technical director of RSM Partners, reminded enterprise IT professionals during a session at SHARE in Orlando that as secure as the mainframe is, we shouldn’t get complacent.

True, it’s rare for a mainframe to be hacked, Wilson said. It’s most common for a threat to come from an inside job rather than an outside job, too. But it’s not unthinkable.

Wilson said he hears it all the time. Clients will tell him that they guarantee their mainframe has never been hacked over 50 years of usage at the organization. His first question: Are you sure? In one case, Wilson then took the opportunity to demonstrate the vulnerability by trying to break into the organization’s system. The organization allotted a day for security testing. It took Wilson less than 20 minutes to compromise the mainframe.

Wilson outlined other common misconceptions he hears:

  • “It’s a mainframe, therefore it’s secure.”
  • “It’s behind all of our perimeter defenses.”
  • “No one understands it so it’s not an issue.”

To which he replies: “Rubbish, rubbish, rubbish, rubbish. … To a bad guy, it’s just another IP address.”

Wilson pointed out that one of the biggest challenges IT professionals face is navigating the language of security with both new employees as well as senior management who might not be as attuned to the differences between terms such as penetration test and hacker. Penetration tests, of course, are done by the good guys to test the internal configuration of systems—basically to see how far inside you can get. Hacking, on the other hand, is done by the bad guys who are after our data, or perhaps attempting to shut down our systems.

That leads to another challenge: having the funding to train new employees and provide ongoing education to senior ones so that everyone has the knowledge they need to combat cyber crime.

So what’s an enterprise IT organization supposed to do?

The first step is to get the mainframe taken seriously by senior management. That’s the only way that you’ll get the funding you need to attend educational events such as SHARE in San Antonio, bring in a consultant to work on specific issues, and buy the tools you need to protect your systems.

You also absolutely must have a security plan that starts with a detailed technical audit, including all subsystems. Examine the processes and procedures you have in place, as well as the structure of the team and the teams you interface with. From there, list the issues you’ve discovered and prioritize how you’ll deal with them.

At the end of the day, make sure you focus on two things: the proper tools and constant training. Take the time to do it right the first time, too, and acknowledge that security is a constantly evolving practice.

SHARE offers robust training through its events, including the upcoming sessions in San Antonio, which run from February 28 to March 4. Need help convincing your boss to spare the expense? Visit SHARE’s page of Justification Resources for a roadmap that will help you show just how much your organization will benefit from your participation.

1 Like
Recent Stories
Navigating z/VM’s Shared File System

The Evolving World of Database Reorganization

Opening the Mainframe: Meet Zowe