Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Ray Overby, CEO and President at Key Resources
How Can we Secure the Mainframe in 2019?
Mainframes
are the definition of mission-critical for countless businesses. But, despite
how costly a mainframe breach would be, we're still not paying enough attention
to mainframe security.
Here's what KRI is keeping an eye on as we move into the New Year.
Lack of Integrity: Bigger
breaches will hit the cloud and hard to secure platforms.
Businesses
are connecting more cloud apps to the mainframe to take advantage of the data
it stores, but these platforms create an easy path to the mainframe because organizations
aren't dealing with the excessive access issues they have. The more people that
have unnecessary access to mainframe data, the more risk you've opened yourself
up to. Users also often choose the same password across accounts, making it
easier for hackers to gain access through distributed and cloud-based systems.
Between
2016 and 2018, the number of cloud data breaches has increased almost 300
percent, and this will only get worse. The bottom line is, you need to do your
due diligence both on the configuration side and the software side.
Culture of Bad Security: Ignorance
is the biggest threat to mainframe security.
Many
people are lulled into a false sense of security when it comes to their
mainframes, denying that security issues, like instances of poorly written
software that open doors to operating system vulnerabilities, even exist. There's
also a common misconception that authentication or configuration compliance is
enough to keep the mainframe secure. However, excessive access and not scanning
for software vulnerabilities continue to threaten data security.
Conspiracy of Silence:
Mainframe industry will become more entrenched in the silence.
Mainframe
vendors notoriously fail to publicly disclose vulnerabilities, creating a conspiracy
of silence that suppresses discussion of mainframe security. Unfortunately, it
doesn't look like this silence will break in 2019.
In
the past, mainframe vendors have defended their tight-lipped approach to
recording mainframe vulnerabilities by saying it's "what the customers want."
Now, to justify continuing to conceal these vulnerabilities, they're saying the
industry is too niche to warrant any public, organized vulnerability reporting.
In the absence of leadership from vendors, mainframers will need to take
vulnerability management into their own hands.
##
About the Author
Ray Overby is a
Co-Founder and President of Key Resources, Inc., (KRI), a software and security
services firm specializing in mainframe security. A recognized
world authority in mainframe security, risk, and compliance for IBM z System
environments, Ray heads the KRI technical team. Drawing on his more than 30+
years' of experience in z Systems, in both hands-on technical development and
strategic roles, Ray's multidimensional and solutions-driven approach assures
he is highly valued by clients, and third party technology partners, and is
much in demand as a speaker.