Data centric security: Stop treating the mainframe separately

CA Technologies unveils the enterprise capabilities in CA Data Content Discovery

Historically, mainframe security has been managed separately from other platforms in a modern data center. But in today’s application economy, that is not viable. The mainframe is now a connected entity in the business and is critical to both the traditional high-volume transactional services as well as to newer services and mobile apps.

Hence let’s stop treating the mainframe differently – security professional both mainframe and distributed speak the same language and share the same concerns; it’s just that the policies and processes have been distinct. It’s vital now more than ever to view data-centric security holistically, rather than by platform. If you take a fragmented approach to security or worse treat the mainframe as a blackbox or fortress you introduce vulnerabilities into your enterprise. Data is always on the move so ultimately your overall security is no greater than your weakest security policy.

Security challenges and complexity

The holy grail of every organization is the security of corporate data: the protection of your most sensitive business assets. Yet the security challenges surrounding corporate data are manifold:

  • While worldwide 80% of all transactional data still reside on mainframes and that 90% of all credit card transactions pass through this modern IT-platform, there is a disturbing inability to actually locate all of that sensitive and regulated data. What you cannot locate, you cannot protect.
  • The mainframe brings significant business value, but it also brings new threats. This level of risk is further increased when organizations are unsure whether the mainframe is being managed according to set policy.
  • There is a decided skills gap with regard to mainframe expertise that affects the ability of companies to ensure the security of their data.
  • Because the connected mainframe touches many types of applications, data is constantly moving on, off, and around the platform. Analytics and mobile apps both exchange data with the mainframe. Stronger security measures are vital to protect this abundance of data in motion.
  • Mainframes are affected by new regulations that are swiftly coming into play, such as the EU-US Privacy Shield agreement and European Union General Data Protection Regulation (GDPR), which are focused on data privacy.

Given this complexity and what is at stake, it is essential that the mainframe no longer be treated as a separate platform when it comes to security.

The rise of data centric security

The key to bringing the mainframe into the holistic security platform is to introduce data-centric security. After all, hackers might attack a company through an application, but, ultimately, they are after corporate data. Similarly, insiders might choose to exfiltrate company data. Data-centric security therefore addresses protection by focusing on the data and the associated risks that it introduces for the organization. This data-centric approach complements the traditional identity-centric security model that has been used on the mainframe for decades.

Data-centric security involves three steps:

  • Finding data to determine where it resides on the mainframe.
  • Classifying data based on sensitivity level to facilitate regulatory compliance.
  • Protecting data by removing or modifying access rights as necessary and monitoring all user access to sensitive data

In the past, that was easier said than done. But today, implementing data-centric security is simple – with the right tool in hand.

Holistic security

CA Technologies latest releases of CA Data Content Discovery and CA Compliance Event Manager give businesses an enterprise data protection solution that is easy to use by both non-mainframe and mainframe security and compliance experts. These solutions simplify mainframe security and compliance by enabling robust, end-to-end protection of mission-essential corporate data. In one decisive move, CA Technologies strengthens mainframe security by:

  • Simplifying security and compliance through event reporting and enrichment that empowers non-mainframe experts to gain insight into mainframe security and compliance issues, and respond to potential vulnerabilities across the enterprise.
  • Providing enterprise-wide insights through the exporting of mainframe security incidents in real time to Splunk. This data is analyzed to deliver a deeper view of the security infrastructure, enabling informed, timely decision-making and remediation in response to critical situations.
  • Supporting data-in-motion to help prevent costly loss of sensitive data moving off the connected mainframe. This includes scanning coverage of all mainframe datasets (e.g., IMS, CA IDMS, CA Datacom) to secure all core applications.

Security for the connected mainframe

From finding and classifying to alerting and inspecting, CA Technologies solutions provide unified enterprise security while helping to increase an organization’s compliance posture. Moving from separate security platforms to a holistic approach can now become a reality, with tremendous effect.

Learn more about simplifying security management across the enterprise and enabling robust, end-to-end protection for data-in-motion from mobile to mainframe.




Ashok Reddy
Ashok is responsible for CA’s DevOps Line of Business including the Developer Products, Continuous Delivery,…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
Low-Code Development: The Latest Killer Tool in the Agile Toolkit?What Are “Irresistible” APIs and Why Does Akamai's Kirsten Hunter Love Them?Persado's Assaf Baciu Is Engineering AI to Understand How You Feel