I've had a great week in Montpellier, France at the WW IBM Z Security Conference, but sadly, my mastery of the French language is still elusive. However, I am able to confirm something that requires no translation: cybersecurity is a worldwide hot topic and organizations of all shapes and sizes, across every industry, are "sharing the pain."
Mark Wilson, of RSM Partners, presented a session on "Hacking the Mainframe." While he and I have always disagreed on the difference between a "hack" and a "breach" we DO agree that when a company's data is compromised, it's not good for anyone. Mark's example described how someone with no mainframe skills was able to use a tool that analyzes network traffic and pick up user credentials (e.g., userid and password), and eventually gain access to a mainframe system.
Mark is an energetic speaker (he will be presenting at IBM's TechU Conference in Hollywood, FL in October) and he made some very good points about how companies have the tools to protect themselves but they have to use them. Additionally, it was obvious to me that if the company depicted in Mark’s scenario would have implemented a security strategy requiring additional factors for authentication (i.e., something you know, something you have, and something you are) and not just relied on the age-old userid and password, those stolen credentials would have been useless. Check out IBM MFA for z/OS to learn how you can implement multi-factor authentication on the mainframe without making changes to the RACF infrastructure.
And if you’re wondering why the conference sign has flamingos (Flamant Rose in French), it’s because here in the south of France flamingos are flourishing. Apparently, the brine lagoons, marshes and salt flats that lie between the Rhone river and the Mediterranean Sea provide an ideal breeding ground for these beautiful birds. Who knew?