In the early years of mainframe security, keeping unauthorized people from sitting down at a terminal was enough to protect the data on the mainframe.
As time went on, mainframe security matured to the degree that the data was considered safe as long as its access was limited to those inside the corporate firewall, which could only be accessed from inside the building. The networks grew, and virtual private networks were granted access to the mainframe. As the Internet and the need for remote access became more prevalent, so also grew the need for vigilance and security.
As mainframes got wired into broader networks, every legitimate access point also became a potential threat. The identity of those logging in then became one of the most important factors in managing and securing access to sensitive data. Mainframe professionals were rightfully concerned about the risks and vulnerabilities of accessing the mainframe remotely. However, the benefits of broader access and higher utility won out, and mainframe security professionals were tasked with figuring out how to make remote access secure. The business benefits of remote access were indisputable, but so were the risks.
The New Perimeter is Identity
Now that the corporate firewall and the protections for data on the mainframe have to be in place for access from any point on the globe, geography no longer offers the perimeter of protection it once did. The new perimeter is identity.
Mainframe security now entails much more than controlling who has the key card and permission to sit down at a terminal. It’s more than making sure that the mainframe cannot be accessed from outside the corporate firewall. It is about controlling who can acquire access to information, what information they’re able to use, and what they’re able to do with that information.
In addition to verifying the identity of a user accessing the mainframe by their username and password, multi-factor verification is helpful. Also helpful is having a record and audit trail of what devices and IP addresses access the system.
Although it is still the norm, usernames and passwords without multi-factor authentication is insufficient. Users should also be required to offer a second form of authentication when logging in for the first time from a new device.
Tools that can spot irregularities in access can also be helpful. If a user logs in from North America in the morning, and then from China that afternoon, the system flags that as irregular and alerts IT.
Protecting data on the mainframe is now, more than ever, a responsibility to society as well as to a particular company
In addition to storing large amounts of business data, mainframes house the sensitive personal information of the company’s customers, prospects, and partners. Failing to keep data on the mainframe secure can have far-reaching adverse ramifications.
Being a good steward of that data means taking care of it at all times when it is in the custody of the company. The data must be securely protected while it is being stored, while it is being processed, and while it is moving between systems.
Technology will continue to permeate and to reach deeper into everyday life. The amount of personal and proprietary business data will grow. Mainframes will continue to be the system where much of that data is stored and processed. To fully harness the power and promise of mobile computing, and the advantages of remotely accessed mainframe resources, IT must maintain ever evolving security structures and rules.
What kind of a secure perimeter does your company have in place around its mainframe and data? We can help you be a good steward of your customers’ data and your company’s systems. Get started exploring our access management and encryption software solutions.
