At one point, your company may have made the decision to take security more seriously. It might have been a strategic initiative, or it might have been in response to a past security breach. The CEO might have addressed the company or sent out a memo. There might have been training around the topic. Your company may have even implemented new software and policies to make its systems more secure.
Regardless of what your company has done in the past, there will soon come a time when your organization will need to review what it has done and find out what is still left to do. You need to take the time to revisit and assess the steps you’ve already taken to secure your system. During this process you must assess your situation to see if you went far enough in your previous security efforts and to see if your organization is still doing what it said it would do regarding security. Making plans and commitments is meaningless without the action and hard work required to carry them out.
The value of the data on your system, your commitment to your customers’ privacy, and the ever-growing list of compliance requirements make it difficult to let data security drift too far off your radar. Most organizations running a mainframe already take security seriously. However, revisiting and verifying that your company has the right tools and policies in place will bring you peace of mind and confidence that your data is secure.
Your company has probably been through a security audit, or maybe you’ve done a self-audit to see how you’re doing. One of the most challenging things about data security is that you must continually assess and enhance your security practices to keep up with newly emergent security threats. There is not a single product to buy or policy to enforce that will take care of all the security threats for you. It will be an ever-present problem that requires constant vigilance and renewed efforts.
One area that requires special attention is encryption. It is a complicated topic, but encryption is critical to get right. Some cryptography systems are as obfuscated as the data they protect. Wouldn’t it be nice to untangle and see a clearer picture of what is going on with the encryption on your system? Programs like CryptoMon give a clear picture of how encryption is implemented on your mainframe.
Seeing what is happening in your system is key to discovering which parts are secure and what vulnerabilities your organization still needs to address. It is impossible to see everything that will happen in the future, but by renewing and acting on your company’s commitment to security today, you can protect your business’ valuable data and continue to be considered a trusted partner by your customers.
Other programs can also help enforce company security policies. For example, password management program ReACT can help enforce password rules. It can make sure passwords meet the right complexity requirements, enforce two-factor authentication, and make it easier for authorized people to reset their own passwords to gain access to their accounts.
Organizations need the proper security technology running on their systems but will not successfully recommit to security just by buying pieces of software. Software and technology are a major part of what is required to have a secure system, but policies and employee commitment are also a large part of establishing and maintaining a culture of security.