Evangelizing Mainframe
Print Email

How Secure Is Your Site?

It’s easy to think people won’t try to hack mainframes or the information passing through them because they’re different than Windows and Linux platforms, but that’s no longer the case. Security by obscurity doesn’t apply in a world where mainframes are linked to mobile devices and Internet of Things devices. For example, RESTful web applications can be developed for Liberty in CICS, bringing the mainframe squarely into the world of computing that hackers are all too familiar with. CICS TS 5.4 supports applications written to the Java EE 7 full platform specification, allowing users to run JDBC, JCA and JCICS in the Liberty JVM server. And as it turns out, hacking Java these days is quite commonplace.
 
Controlling System Access With RACF 
 
So, your mainframe isn’t as secure as you might have thought. What now? External security manager (ESM) products such as IBM RACF can be used to protect valuable data stored in IMS databases, Db2 and flat files. RACF maintains mainframe security by monitoring and controlling which users and programs access resources, such as a dataset. And security staff can decide which resources they want to protect and which users need access to those resources. RACF functions also enable you to:
 
  • Identify and verify system users
  • Identify, classify and protect system resources
  • Authorize users who need access to protected resources 
  • Control the means of access to system resources
  • Log and report unauthorized attempts at gaining access to the system and to the protected resources
  • Administer security to meet an installation’s security goals

IBM Security Guardium 
 
In addition to RACF, IBM Security Guardium can help keep your mainframe data safe. This suite of products can be used to:
 
  • Analyze your data risk. IBM Security Guardium can automatically discover and classify sensitive data, uncover usage patterns, and assess compliance risks.
  • Protect your critical data using extensive audit capabilities, encryption, masking, redaction, and dynamic blocking and alerting
  • Seamlessly adapt to changes by supporting traditional and new data technologies such as Hadoop, NoSQL and cloud
     
The IBM Security Guardium suite of products includes:
 
  • IBM Security Guardium Data Protection for Databases
  • IBM Security Guardium Data Protection for Files
  • IBM Guardium Multi-Cloud Data Protection
  • IBM Multi-Cloud Data Encryption
  • IBM Security Guardium Big Data Intelligence
  • IBM Security Key Lifecycle Manager
  • IBM Security Guardium Data Encryption for Db2 and IMS Databases
  • IBM Security Guardium Data Protection for Big Data
  • IBM Security Guardium Vulnerability Assessment

IBM zSecure 
 
The IBM zSecure family of products is also designed to help sites remain vigilant with solutions that improve security efficiency, reduce costs and manage risk. These solutions help organizations safeguard enterprise compliance and remain vigilant against threats. In addition, they can enable you to comply with industry regulations, enhance security intelligence, improve identity governance, reduce costs and protect your enterprise while supporting new cloud, mobile, and big data applications.
 
Products in the zSecure family include:
 
  • zSecure Adapters for SIEM
  • zSecure Admin
  • zSecure Alert
  • zSecure Audit
  • zSecure CICS Toolkit
  • IBM Multi-Factor Authentication for z/OS
  • zSecure Manager for RACF z/VM
  • zSecure Visual
  • zSecure Command Verifier

IBM z14 
 
In addition to the software I mentioned earlier, IBM z14 can also provide cryptography technology, including:
 
  • Pervasive encryption of data. This allows sites to encrypt data associated with an entire application, cloud service or database in flight or at rest with one click. 
  • Tamper-responding encryption keys that prevent hackers from targeting encryption keys that are routinely exposed in memory when they’re used 
  • Encrypted APIs. Using IBM z/OS Connect technologies makes it easy for cloud developers to discover and call any IBM Z application or data from a cloud service, or for IBM Z developers to call any cloud service. IBM Z now allows these APIs to be encrypted.

These IBM tools can keep mainframe data safe from hackers, and can help us mainframers get a good night’s sleep.

Posted: 9/13/2018 9:04:58 AM by Trevor Eddolls

Print Email

Join Now!