Making the mainframe a good corporate citizen by updating the mainframe to current corporate security standards.
“It is not always the same thing to be a good man and a good citizen.” — Aristotle
As Aristotle wisely observed, there is a stark difference between being a good man and being a good citizen. We can take this adage and apply it loosely to what we often see in Mainframe environments with hundreds of customers today. The Mainframe is considered a ‘good man’ from a security practices viewpoint, but we need to ensure that the mainframe is a good corporate citizen by updating and maintaining our mainframe security management practices to the current security standards already in place in IT shops everywhere.
The mainframe has always been considered a secure computing platform. The core of IT security practices today formed from mainframe best practices, such as an identity management solutions which provide the foundation of resource protection within the system. Back when lessons were learned and security practices were being defined, access to computing resources was done via terminals, emulated or physical, that were identified in a particular network architecture, with activity logged, users tracked and external access limited or impossible. But several things have happened since those nascent times.
First, distributed platforms evolved and became significant targets for bad actors. As a result, over time these systems have adopted and been equipped with technology and methodologies to enhance their security. It is no surprise that many had their beginnings in Mainframe security management, and we see the now maturity of identity and access management solutions protecting distributed systems, logging and correlating activity, and tracing network access, to name a few of their defensive capabilities.
Next, the mainframe evolved to meet the needs of today’s modern computing requirements, making its massive values of reliability, scalability and transaction processing power available to corporate and customer users. To do so, the mainframe adopted key technology to access mainframe services such as transactions, databases, web services, and APIs in the same methods used elsewhere, providing interfaces and support that is no different to any other system. In fact, often developers and users may not even realize that a mainframe is being utilized.
As previously stated, not only technology but also methodology have evolved to enhance IT security, regardless of platform. The basic need to defend its assets and the need to comply with regulations have motivated organizations to introduce a set of security rules that are supported and enforced as part of a reliable and trusted computing environment. However, while these practices and tools have evolved out of necessity on distributed systems, often IT shops have neglected the Mainframe, leaving its practices and policies to fall behind, under the accepted notion that the mainframe is ‘secure’ or ‘invulnerable’ to attack. While the mainframe remains a secure platform, it has evolved to take on more risk. IT shops often take on this risk without consideration of additional security practices that they would demand on other platforms.
Let’s examine three critical areas to evaluate and consider best practices targets for improvement on the mainframe:
1. Identity management: Identity Management as a core of IT security practices evolved on the mainframe, with the development and acceptance of External Security Managers. Managing users is a common but time-consuming administration activity on mainframe, which can be aided by a consistent practice of removing unused, unneeded and expired accounts regularly. In addition, Privilege management is critical to the ongoing maintenance and management of the mainframe, but best practices today reject the notion of Privilege use being provided permanently or for long periods of time, when such access and permissions can be time-bound or task-bound, granted access only when needed. This also aligns Privilege Access Management to many regulations, which require careful management of such privileges due to the risk involved if such accounts are compromised. Finally, it has become compulsory to be able to use a second factor authentication in addition to complex passwords, all of which are supported by the mainframe today. This now-standard practice is mandated by regulations when managing data such as payment data.
2. Data management: The Mainframe continues to support the largest amount of corporate data, even in these days of Big Data and Cloud. Managing this data is a great advantage but also means great responsibility. Mainframe has been doing it for so long and in so many forms that it is difficult to keep record of where each and every regulated or sensible piece of data is. In fact, much of this data was not considered sensitive when it was created and was never managed at the highest level of security as a consequence. Yet today, much of this data is now considered to be Personally Identifiable, and increasingly, new regulations and compliance standards are being introduced to ensure proper handling and protection of such data. IT shops have created security policies for managing, cataloging and handling this sensitive data. Still, all too often, these rules are not applied to the mainframe, or only on the newer databases. Compliance with best practices and regulations for sensitive data should apply the policies regardless of platform.
3. Security events monitoring: As platforms grew and organizations became more and more concerned about security, it became important to centralize the monitoring of security events into a Security Operations Center. This SOC became the core to centralize monitoring and coordinate response to security incidents, and has been defined by the evolution of security monitoring and event management tools, which have matured into the SIEM (Security Information and Event Management) platform. The SIEM is an information system that compiles and correlates the information coming from all systems. Yet, despite this maturity in security event monitoring, few customers monitor for critical security events on the mainframe, and few still send those events to the SOC-based SIEM tool. Many do this for financial reasons, as the high transaction load on mainframes can produce a large number of security events, resulting in significant storage charges from SIEM vendors. The result is a shocking revelation: customers seem comfortable with not having complete security visibility of their entire enterprise, and specifically, do not have security visibility into their largest data and business platform in the enterprise! Today those difficulties can be overcome using the right tools to compile and filter the relevant information provided to the SIEM, giving the SOC important visibility over the full organization, and closing an obvious security hole in many IT shops: the mainframe.
Often organizations see the mainframe as secure and ignore or deprioritize its needs. Considering that the mainframe often acts as the main system of record in many critical processes, integrating the mainframe into those corporate standards is not an option but a must. Today this system is exposed to vectors of attack that are very similar to any other system and it must behave just as any other.
If you feel your environment can benefit from those enhancements, Broadcom is here to help your mainframe be not only a great system but an excellent corporate citizen, too.