Virtualization Technology News and Information
Key Resources 2019 Predictions: How Can we Secure the Mainframe in 2019?

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Ray Overby, CEO and President at Key Resources

How Can we Secure the Mainframe in 2019?

Mainframes are the definition of mission-critical for countless businesses. But, despite how costly a mainframe breach would be, we're still not paying enough attention to mainframe security.

Here's what KRI is keeping an eye on as we move into the New Year.

Lack of Integrity: Bigger breaches will hit the cloud and hard to secure platforms.

Businesses are connecting more cloud apps to the mainframe to take advantage of the data it stores, but these platforms create an easy path to the mainframe because organizations aren't dealing with the excessive access issues they have. The more people that have unnecessary access to mainframe data, the more risk you've opened yourself up to. Users also often choose the same password across accounts, making it easier for hackers to gain access through distributed and cloud-based systems.

Between 2016 and 2018, the number of cloud data breaches has increased almost 300 percent, and this will only get worse. The bottom line is, you need to do your due diligence both on the configuration side and the software side.

Culture of Bad Security: Ignorance is the biggest threat to mainframe security.

Many people are lulled into a false sense of security when it comes to their mainframes, denying that security issues, like instances of poorly written software that open doors to operating system vulnerabilities, even exist. There's also a common misconception that authentication or configuration compliance is enough to keep the mainframe secure. However, excessive access and not scanning for software vulnerabilities continue to threaten data security.

Conspiracy of Silence: Mainframe industry will become more entrenched in the silence.

Mainframe vendors notoriously fail to publicly disclose vulnerabilities, creating a conspiracy of silence that suppresses discussion of mainframe security. Unfortunately, it doesn't look like this silence will break in 2019.

In the past, mainframe vendors have defended their tight-lipped approach to recording mainframe vulnerabilities by saying it's "what the customers want." Now, to justify continuing to conceal these vulnerabilities, they're saying the industry is too niche to warrant any public, organized vulnerability reporting. In the absence of leadership from vendors, mainframers will need to take vulnerability management into their own hands.


About the Author


Ray Overby is a Co-Founder and President of Key Resources, Inc., (KRI), a software and security services firm specializing in mainframe security.   A recognized world authority in mainframe security, risk, and compliance for IBM z System environments, Ray heads the KRI technical team. Drawing on his more than 30+ years' of experience in z Systems, in both hands-on technical development and strategic roles, Ray's multidimensional and solutions-driven approach assures he is highly valued by clients, and third party technology partners, and is much in demand as a speaker. 

Published Tuesday, January 29, 2019 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2019>