IBM Security Z Security

What does Winston Churchill have to do with mainframe security?

By Mike Rich posted Thu April 25, 2019 04:18 PM


After attending IBM Think 2019 and Share 2019 earlier this year I began to recognize what makes these conferences unique. Behind the “charm” of each venue — funky booths, long lines, uncomfortably wet carpet — these gatherings are a melting pot of sharp, curious people that share an interest in improving our digital and analog lives. Add in the explosion of cyberthreats, and you are part a lively conversation about how we can stay safe amidst all of this transformation.

Like Winston Churchill once said, “Nothing in life is so exhilarating as to be shot at with no result.” I sensed this notion going through the heads of attendees as they applied this phenomenon to their own situations — i.e., “It is only a matter of time until my company is targeted.” And then the thoughts leap to “how can I manage such an attack without being in the news, being blamed for plummeting market value, or losing the trust of our customers?”

Luckily, there is pathway out of this fear through good strategy and action. When attendees realize that there is a way to prevent and diffuse the negative impacts of a data breach, there’s a collective sigh of relief and feeling of empowerment. Event hosts like IBM (my employer) and SHARE (of which I am a member) are introducing solutions to cybersecurity-concerned professionals that counter a wide variety of threats and open up a world of opportunities. This is what catapults the industry and drives advancement.

For the mainframe community, it’s a wakeup call to correct the common misconception that we don’t have to worry about mainframe security because it comes with everything you need “right out of the box.” The truth is that hackers and threats are becoming more sophisticated and that mainframe is more connected than ever — cloud, IoT, Blockchain, composite apps and on and on — so old assumptions must be challenged. A more modern (and safer!) way to think about is that the mainframe is the most securable platform and it requires a multi-layered approach that 1) leverages all of the goodness inherent to IBM Z and 2) adds essential functions to thwart today’s threats without hindering business.

During his session at Share 2019, Mark Wilson of RSM Partners explained how people used to think that the mainframe was un-hackable because no one had the knowledge to navigate and operate z/OS. Fast forward to 2019, now anyone can conduct a simple Google search to learn the tools to compromise z/OS in a matter of hours. Don’t get me wrong, it is still by no means easy to breach a mainframe — but even the cyber-equivalent of Moat Cailan is insufficient to ensure the levels of security needed to protect critical data, ensure privacy and meet compliance mandates. My belief is that these themes and ideas will continue to be at the forefront and be the fuel to propel cybersecurity forward.

Lastly, let's touch upon the antiquated idea that the "mainframe is dead." Former Editor-in-Chief of InfoWorld, Stewart Alsop, was quoted in 1991 stating, “I predict that the last mainframe will be unplugged on March 15, 1996.” Well, that didn’t happen. In fact, the reality is quite the opposite. Today, the mainframe is the trusted foundation for digital business at top banks, insurers, retailers, and governments. Over the last ten years, installed MIPs have more than tripled. And more than half of that added horsepower is for new workloads. Customer Information Control System (CICS) mainframe transactions currently total about 1.9 million transactions per second. Google searches per second are a paltry 63k. Bottom line: Nobody’s unplugging anything.

To learn more or to experience the exciting world of mainframe security for yourself, come visit IBM Systems Tech U in Atlanta next week or Las Vegas the week of October 7!

1 comment



Sun April 28, 2019 11:05 PM

So true.  Companies need to realize they are vulnerable and take the steps to protect themselves.