Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/15/2019
10:00 AM
Ray Overby
Ray Overby
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?

The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.

By all accounts, a mainframe renaissance is here. After years of negativity and predictions about the impending death of the mainframe, the technology is experiencing a resurgence and wide adoption this year, with even greater growth predicted beyond 2019.

Case in point: IBM's Z series mainframe sales are up 70% year-over-year. And a recent Compuware survey showed that mainframe workloads are increasing. Currently, 57% of enterprises with a mainframe run more than half of their critical applications on the mainframe, but that number is expected to rise to 64% by next year, according to Compushare.

As the face of IT has changed, the mainframe has kept up with trends, with its ever-evolving ability to provide the performance and number-crunching required by technologies such as machine learning and artificial intelligence.

But while mainframe technology has evolved to meet the trends, the security processes and practices needed to keep the platform secure haven't exactly kept up. It's not for lack of technology and tools, however. The phenomenon is largely due to a series of misconceptions among IT professionals around mainframe security. Those misconceptions are placing countless businesses — and an enormous amount of sensitive customer data — at serious risk.

Debunking Misconceptions
I've spent the majority of my career in mainframe security, and the one mistaken belief I come across consistently is that the mainframe is inherently secure. What I hear is that mainframes have security built into them from the ground up — that through cryptographic hardware acceleration and a secure operating system, mainframes fulfill the critical requirement of keeping data protected. But that's only part of the story.

If you're thinking "But one of the main reasons I chose mainframe technology was its reputation for security!" you're not mistaken. It's true — the mainframe is arguably the most secure platform. But really, I prefer to think of the mainframe as the most securable platform. Any system comes with weaknesses, and the mainframe is no exception.

Like any other system, mainframes are subject to ransomware attacks, cybersecurity threats, and vulnerabilities that leave them open to serious exposures. Despite the reputation for security, reliability, and scalability, the mainframe requires the same level of attention as any other computing platform when it comes to security.

Widespread Complacency
Unfortunately, I see businesses overlooking mainframe security all too often. This advice isn't only meant for businesses new to mainframes that might not know any better. It's also an important reminder to businesses that have long been relying on mainframes to run mission-critical processes and safeguard sensitive customer information.

Overlooking mainframe security is an industrywide issue today. Recent research shows that even though 85% of companies say that mainframe security is a top priority, 67% admit that they only sometimes or rarely factor security into mainframe environment decisions.

In other words, companies aren't practicing what they preach when it comes to mainframe security. And as we hear about a new data breach seemingly every day, business and consumers alike should be worried about the implications of security complacency.

There's also a widespread lack of knowledge around how to best protect the mainframe. Executives around the world rank security as the second-biggest challenge today, but they're not sure how to get started.

Creating a Mainframe Security Strategy
Companies can't afford a breach: The cost of a data breach is high, averaging $3.86 million globally, not to mention the damage to your business in reputational harm and potential lost business. With that in mind, how can businesses build a successful mainframe security strategy?

Most organizations rely on third-party tools to establish permissions (authentication) and access control (authorization), but that alone isn't a complete solution. Security exploits are also a major cause of breaches, and organizations need to make sure they're taking steps to protect against them. A Forrester survey of companies that have experienced a data breach within the last year found that 35% were caused by an exploited vulnerability.

With the threat and vulnerability landscape constantly changing, organizations are under attack across their IT systems. As a result, compliance regulations increasingly require mainframe penetration testing, vulnerability scanning, and ongoing vulnerability management. Consistent testing and evaluation can help uncover known and zero-day vulnerabilities.

A comprehensive security strategy also includes things like automating compliance assessments, penetration testing, scanning mainframe applications and operating systems (OS) for vulnerabilities, and, of course, making sure they have the right resources (both in terms of tools and people) to secure the environment.

In other words, the best defense is a good offense. Organizations need to be proactive about protecting the mainframe not only against known threats but also seeking out the gaps in their systems that might allow unknown threats to creep into their mainframe and compromise customer data.

Ultimately, the mainframe renaissance will equip businesses with the processing power, reliability, and scalability they need to thrive. But for true peace of mind, especially where sensitive customer data is involved, businesses need to be aware of the importance of mainframe security and, just as importantly, prepared to execute on it.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: 5 Things to Know About Cyber Insurance.

Ray Overby is a Co-Founder and President of Key Resources, Inc., (KRI), a software and security services firm specializing in mainframe security. A recognized world authority in mainframe security, risk, and compliance for IBM Z System environments, Ray heads the KRI ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AndrewfOP
50%
50%
AndrewfOP,
User Rank: Moderator
8/16/2019 | 10:14:39 AM
Mainframe vs. PC security
I would say this to those who thought mainframes are "inherently" more secure:

It is true that mainframe security is "easier" to maintain and an aggregate network of PCs. Once the mainframe itself is secured, all systems are secured, as opposed to securing all individual PCs in various configurations and network exposures. However, reserves is also true. If mainframe security is breached, the whole system goes down, whereas certain sections of a PC network might still be secured or can be made functional immediately after attacks. It's all about trade-offs and proper security postures for different computer systems.

 
tdsan
50%
50%
tdsan,
User Rank: Ninja
8/15/2019 | 1:25:19 PM
Training, where can we get time to run practice workloads on a mainframe
I think the biggest problem is the lack of availability to work on a mainframe and to become familiar with it, one needs time to work on it to take into consideration the commands one has to run to ensure its availability and security. I know there is Z-Linux, ZOS but I can't go to a friend or neighborhood store or online and put the time in to master mainframe security procedures, there is a process of course.

Maybe you can shed some light, other than taking these expensive online classes or going to one of IBM's training facilities (Rockville, Gaithersburg, RTP or ATL).

Give me some of your thoughts.

T
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...