Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Key Resources Inc. Survey Reveals Pervasive Complacency Around Mainframe Security

Key Resources Inc. announced the findings of its survey into mainframe security complacency among enterprises. "Don't Let Mainframe Security Complacency Leave Your Critical Customer Data At Risk" reveals that while 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security. The commissioned study, conducted by Forrester Consulting on behalf of KRI, surveyed 225 IT management and security decision makers at North American companies with $500 million or more in annual revenue.

"Despite widespread awareness concerning the stakes, enterprises simply aren't devoting enough attention and resources to mainframe security," said Ray Overby, president and co-founder of Key Resources Inc. "All it takes is one mainframe data breach to bring an organization to its knees. But, many organizations lack the tools, personnel, and in some cases, knowledge, they need to protect their mainframes and all the mission-critical data they hold."

Complacency in the Face of Massive Business Risk
Many organizations are actively working to secure their cloud infrastructure, but are they taking the appropriate steps to ensure the security of cloud-facing mainframes? Companies know that mainframe security is important, but they're not taking actions that reflect their priorities. Even though 95 percent of respondents say they're concerned about the potential of customer data breaches on the mainframe, 67 percent admit that only sometimes or rarely are they factoring security into mainframe decisions. This complacency puts their most critical IT systems at significant risk.

Addressing the problem means prioritizing scanning mainframe operating systems for zero-day vulnerabilities, which are a significant attack vector in data breaches. Yet, vulnerability scanning ranked last when respondents were asked to prioritize which factors are most important when managing mainframe security.

Misconceptions About How to Secure the Mainframe
Respondents' top mainframe priorities are data breach prevention, compliance, risk management, IT cost reduction/optimization and application availability. But despite this desire for data breach prevention, scanning for OS vulnerabilities is consistently ranked as a low priority. There's a fundamental misunderstanding among IT managers and security professionals about what it takes to secure the mainframe. Scanning for OS vulnerabilities is one of the most effective ways to prevent a breach.

IT managers do know, however, that they need help with their mainframe security. And while they find it easy to find the right mainframe security tools (65 percent), they overwhelmingly struggle to find the right personnel. The majority of respondents are either bringing in third-party mainframe security technology (96 percent) or outside resources to review security and compliance (95 percent). And, nearly three-quarters expect to experience a reduced risk of data breaches as a result of using mainframe security tools.

Protection Against Zero-Day Attacks

  • Eighty-six percent of IT management and security decision makers say that protecting systems from zero-day attacks is their biggest mainframe security challenge.
  • Additionally, 66 percent struggle to quickly identify vulnerabilities, while 63 percent struggle to ensure the integrity of vendor software.

They expect that using automated mainframe security tools will help them reduce the risk of breaches (73 percent) and decrease vulnerabilities (63 percent). Yet, the study shows that they view tasks like application scanning, penetration testing and gathering resources to secure the environment as critical or high priorities, while scanning for OS-level vulnerabilities ranks as the lowest priority.

"Many organizations lack the awareness needed to secure their operating system, which is what hackers exploit to gain access to critical corporate data through escalation of security authorities," said Overby. "One of the most important things they can do is set up a process to scan for zero-day vulnerabilities."

The full "Don't Let Mainframe Security Complacency Leave Your Critical Customer Data At Risk" report is available for download here.

Published Friday, April 12, 2019 11:41 AM by David Marshall
Filed under: ,
Get This Featured White Paper: 7 Trends in Endpoint Security
You may also be interested in this white paper: Leveraging the Combined Power of Liquit and Microsoft Intune
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<April 2019>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011