Secure passwords are a great first step to protecting the data on your mainframe, but you must ask yourself: who has access to them?
Even the most creative passwords and secure authentication methods are useless if the wrong people are granted access or have profiles that give them access to more than they should have.
Managing and maintaining passwords and permissions for large groups of users is challenging. The importance of security increases in proportion to the number of users and user profiles, as well as the nature of the data being protected.
Without a clear view into which users have access to what data, your mainframe data may as well be open to everyone. Accounts must be cleaned up and removed; permissions must be expanded or limited; vulnerable data must be encrypted for maximum protection.
Passwords and accounts, secure encryption, authorized access: all of it matters. All of it is vital in keeping data safe and secure. However, when there are hundreds or even thousands of users and accounts with authorized access to the mainframe, it becomes increasingly necessary to have a strong organizational system in place to provide a good picture of who has access to what on your mainframe.
RACF (Resource Access Control Facility) is a great tool for managing the varying levels of access granted to different users on your mainframe. RACF provides access control and auditing tools for the z/OS and z/VM operating systems, and provides a system for establishing the security policies of a mainframe system. It helps identify and authenticate users. RACF classifies and protects system resources as well as grants authorized access to specific resources. Finally, the program provides an auditing system that logs access to protected system resources so there is a constant record of who accesses what.
However, monitoring all the entry points to your system manually is a near impossible task. Even with RACF and other access control tools, keeping tabs on all the user accounts and various permission profiles can be very daunting. For all the benefits within the RACF program, there are other tools and resources that would make it more useful and effective in protecting your system. That’s where ERQ come in. ERQ (Easy RACF Query) automates much of the administration of RACF and provides extensive and customizable reporting tools to keep track of users and manage permission profiles.
RACF is a good first step in managing the access control systems that protect the data on the mainframe. However, there is much that is lacking from the core software. RACF administrators have to have the tools they need to manage access to the system and to automate many of the more mundane tasks associated with running mainframes in large complex environments.
Customizable screens and powerful reporting tools will make administering RACF more efficient and will help you be confident that your system is secure. Quick access to live and archived RACF databases means all the relevant administrative data will be right at your fingertips.
If you run RACF on your mainframe, you owe it to yourself to try a 30-day free trial of ERQ. See if it doesn’t transform the way you think about and interact with RACF.
