Thought Leadership: David Rivard Talks About Securing Sensitive Data on the Mainframe

David Rivard currently serves as z System Channel and Product Manager for SSH Communications Security. As with many of today's top mainframe experts and professionals, he is a longtime industry veteran and proud of it. "I've been in the IT industry since 1982, in mainframe security since 1991, and I have been with SSH helping our customers secure data in transit since 2007," he said.

During a recent telephone interview with SHARE'd Intelligence, Rivard shared his thoughts on the mainframe's place in the 21st century its role in safeguarding sensitive data, the difficulties in cobbling together enterprise security for data that is shared across multiple platforms and much more.

SHARE'd Intelligence: What strengths would you say the mainframe has in terms of securing sensitive data?

David Rivard: I see the mainframe as the gold standard as far as a secure platform on the enterprise. Many of the mainframe security standards have been adopted in open systems to solidify access and identity management controls. As far as sensitive data and data in transit on the mainframe, the mainframe started out with a really good standard of remote job entry and early protocols like Network Data Mover. It always had a good, secure standard in place. What we're seeing with our customers today is that the mainframe, in some instances, is really just a large server in the overall enterprise and has had to adopt open standards.

SI: What are some of the weaknesses that must be overcome?

DR: One of the chief shortcomings is education. A lot of mainframe engineers have not made the transition to becoming open-systems engineers. It's not easy. They've been living in the mainframe world over the past 20 or even 30 years. We now have to accept the fact that, as technologists, we have to understand all operating systems and all protocols. We just can't be content and contained in our one little area and say we're secure.

SI: It sounds like part of your job is bringing people together who haven't been in each other's orbit before.

DR: It's kind of funny. I enjoy visiting our customers and seeing mainframe system engineers and systems programmers sitting down with network engineers and people from the traditional UNIX and Linux worlds. They now realize that they have to talk to each other and that's because the mainframe is an open system on the enterprise these days. The challenge is getting these engineers to break down the mainframe in terms that they can understand. People used to be able to get away with saying, "I'm not a mainframe person. I don't understand it. It's not my job." They now have to say that they integrate with the mainframe and they understand the challenges of Big Data.

SI: You're obviously passionate about your line of work. What drives you?

DR: The absolute favorite part of my job is getting these people together and talking. There used to be an artificial barrier between the mainframe people and the distributed network people. Even if they sat on the same floor, they would never talk to each other. They had their own little worlds. That's gone now, and I really enjoy uniting those people.

SI: What is the most challenging part of your job?

DR: When someone comes to me and says, "I don't do UNIX." Or they say, "I don't do mainframe." It's 2015, and we all need to have an overall enterprise perspective. How do we secure data at rest and data in transit? You can no longer build a shell and say that security resides in just one area.

SI: How easy is it to cobble together enterprise data security for data that is shared across multiple platforms, including the mainframe in a large enterprise using platform specific solutions?

DR: It's not easy. But as professionals, we must look at it as a challenge. In the 1990s, we had provisioning tools that used provision ID and passwords all across different databases on the enterprise. Now, security needs to be thought about in a holistic enterprise manner. The mainframe is no longer in its own little, secure shell with those databases anymore. You have all sorts of identities trying to authenticate to either the mainframe security databases or some kind of other entity. You need to think from an enterprise perspective how that authentication can be tracked from the web all the way back to the mainframe.

SI: What risks need to be addressed to keep sensitive data secure on the mainframe and across the enterprise?

DR: Companies need to realize that their mainframe data can be accessed from almost anywhere now. Also, with the secure protocols that come with open systems, you need to understand X.519 certificates in relation to authenticating identities to https and to SSH, and you need to manage those credentials not only on the mainframe, but all over the enterprise. When those credentials are managed, then the data itself can be managed when it leaves the mainframe.

SI: Can you provide our readers with an example of an organization that has succeeded in meeting these challenges?

DR: SSH works with a large foreign bank in New York that is able to do scans for credentials both on mainframe and off mainframe. The mainframe has been around since 1969. But with VMware these days, virtualized machines and file systems can be copied in an instant, and all of these credentials can be copied in an instant. With the tools it has in place, this particular bank has discovered and managed all of these credentials and is getting it under control.

SI: Was there some advice given to you early in your career that has really stuck with you over the years?

DR: Someone once told me, and this was in 1991, that there's not going to be any less security in the world. There's only going to be more! So, as mainframe technologists, we need to accept that with all of these new and different protocols, there's only going to be more and more security built around it all. We need to continue to learn these new technologies.

SI: What advice would you have for today's young IT professionals with regards to a career in mainframe?

DR: Absolutely learn the mainframe because we older people aren't going to be around forever, and the mainframe is going to be around for a long, long time. If you learn it, you're going to have a great career.

SI: What are you looking forward to in 2016?

DR:I can't wait for SHARE in San Antonio and learning how my customers and potential customers are using Linux and UNIX on the mainframe to move forward with their web services and computing. I think that is going to be very interesting!

— Information Inc.

Recent Stories
GDPR Breaches Will Be Expensive – The Mainframe Is Not Exempt

Message from SHARE: A Look Back at 2017-18

When DevOps-guru Comp Sci Grads Discover the Mainframe Is Cool