SHARE in Orlando – Five Myths that Can Put Your Mainframe at Risk

During SHARE in Orlando 2015, Rui Miguel Feio discussed incorrect beliefs and assumptions that can adversely affect mainframe users. The following five myths can compromise the business impact, security and/or performance of your mainframe, so it is important to arm yourself with the truth.

Myth #1: the Mainframe is Dead

Some industry analysts have been predicting the mainframe’s demise since the PC made its debut in the 1980s, deeming it as powerful as the mainframe. Another common misconception is that only “old” people and antiquated companies use the mainframe.

On the contrary, 96 of the world’s top 100 banks and 90 percent of the world’s largest insurance companies all use mainframes. Additionally, 85 percent of all mission-critical applications run on COBOL and the mainframe. And finally, the mainframe contributes to 25 percent of IBM’s revenue and 35 percent of its operating profit. These statistics demonstrate that the technology is clearly still a vital part of the business world.

The danger of this myth is that it can lead to a lack of investment in new solutions for the mainframe, lack of training on the mainframe and failure to replace or hire mainframe focused resources.

Myth #2: No One Hacks the Mainframe

Common misconceptions around the mainframe’s level of security is that it cannot be hacked, no one is going to bother hacking it and that a hacker would need to specialize in the mainframe in order to hack it.

While the mainframe is highly resilient in the face of security threats, it is not secure by default. Like any platform, users must adapt the mainframe to evolving threats and review its current defenses on a regular basis. Quite a few banks, which make up a huge percentage of mainframe users, have been hacked in recent years. Users must continuously implement, review, test and improve security measures.

Myth #3: the Mainframe is Isolated from the Rest of the World

Some people believe that the mainframe lacks connections to other technologies such as mobile that have made an enormous impact on business. This could not be further from the truth. One strength of the mainframe is its flexibility; it can work well with many different technologies and users can leverage it for many different applications.

And the mainframe is an integral piece of IT ecosystems, playing an essential role in the processing of critical information. Its reach extends past servers to the quality of experience the organization delivers to customers. In this way, the mainframe touches everything. Overlook its impact and you may find yourself dealing with negative business implications.

Myth #4: “We Do Not Use Unix System Services”

Feio talked about how often his team at RSM Partners hears this phrase from his clients. They believe that it is unnecessary for them to learn or address Unix System Services (USS).

As Feio points out, this is the wrong attitude because USS is a part of z/OS whether users want to acknowledge it or not. TCP/IP, DB2, CICS, IMS, Websphere, MQ  and Oracle Web Server all use USS.

If not properly addressed, USS can pose a major security risk. In fact, hackers possess a deep understanding of USS, and often use it as an entry point when attempting to hack the mainframe.

Myth #5: Outsourcing will Solve All Problems

Many companies regard outsourcing as a quick, easy way to save money. At the same time, outsourcers want to make money. This creates a conflict of interest that poses several risks to the company.

Enamored with the idea of saving money, some organizations exhibit the following risky behavior:

  • Assume the outsourcer will complete all assignments as directed.
  • Fail to read relevant documentation provided for outsourced projects.
  • Fail to review their own documents outlining processes and procedures for outsourced projects.
  • Fail to assume responsibility once outsourced projects have been assigned.

In response, some outsourcers will take advantage of the situation with the following actions:

  • Provide technical and non-technical documentation drafted with a greater emphasis on legal terms.
  • This documentation will not go into detail about processes and procedures.
  • And due to the lack of specification on processes, charge for every piece of work not covered by the agreement.
  • Allocate the same technical resource to more than one client, and replace experienced resources with cheaper inexperienced personnel.
  • Cover only the minimum contracted services, and charge for extra services including security.


Fortunately, you can minimize all of the above risks by addressing each and responding in an appropriate way for your organization. When it comes to the mainframe, knowledge really is power.

 

Recent Stories
Securing the Mainframe: Minding the Details

'Framing the Future: Part 1 – Seeking and Foundation

z/VM Virtual Switch: The Benefits of Network Virtualization for the Mainframe