Virtualization offers an answer to mobile security vulnerabilities
9/18/2013 1:01:01 AM |
By Erika Morphy
Editor’s note: This article is based on content initially published in the SHARE President’s Corner blog.
At face value, the growing ubiquity of mobile—from BYOD to consumers' love affair with all things app—presents little danger to the mainframe. The mainframe, in short, is impenetrable, end of story. Well, it’s not quite that simple.
In truth, mainframe operations can certainly be affected by mobile security threats to a company's IT system. The growing use of employees' own mobile devices is one clear example. Another is the growing number of complex mobile applications that are linking into a company's overall IT infrastructure and technology and business architecture.
Consider the modern global manufacturer. It obviously has complex data-management needs supporting a just-in-time manufacturing, logistics and parts operation. The system —or rather, the people accessing this system—must manage and analyze data about vehicle parts availability, shipping estimates, inventory levels and sales planning. Increasingly, this information is being accessed from the shop floor via a tablet or other mobile device.
In some cases, companies are incorporating social media and mobile in these applications. This trend will only continue. A recent survey by the Manufacturing Leadership Council found that 13 percent of manufacturing executives plan to digitize their design/production processes, and social media tools represent an important component. By 2023, that percentage will rise to more than half (53 percent), the survey projects.
Indeed, considering the gravitas of some of these mobile apps, one could argue that they’re on track to presenting a bigger security risk to IT than BYOD.
One obvious response to this potential security issue is to test and develop such apps within the mainframe environment to ensure they work as they’re supposed to—and, more importantly, don’t leave the company vulnerable to unexpected flaws or glitches. In reality, though, developing and testing apps within a mainframe environment is a time-consuming and costly endeavor. The testing process can pose unexpected risks as well, especially if the data used is customer data that has not been masked, which happens more often than many realize or would like.
Enter service virtualization, in particular service virtualization for the mainframe—an especially useful tool for developers that are building complicated mobile apps that integrate deep into an enterprise's IT system.
Several vendors, including IBM, have been rolling out simulated test environments for the mainframe with an eye to creating a safer environment for mobile app testing and development.
"Mobile development is one of the areas that IBM has been emphasizing for the mainframe,” says Charles King, principal of Pund-IT, "and, in general, this is something I have been hearing about from other vendors as well—that is, using the mainframe in conjunction with a general purpose virtualization platform to ensure that new tools and products are securely tested and developed.”
In October 2012, IBM released a slew of new technologies along these lines, including a new enterprise Power Systems platform, a high-end disk storage system and key software updates for IBM’s zEnterprise EC12. To highlight one tool, IBM unveiled a Software Defined Networking controller for its enterprise-networking portfolio. The controller provides intelligent software for IBM RackSwitch and other OpenFlow-enabled switches. Through OpenFlow, IBM says, developers can create virtual networks with the scalability and flexibility required to respond to business changes in cloud and mobile services environments.
IBM is hardly alone. Statistics show that vendors are targeting the virtualization solutions market in response to growing demand. IDC, for one, reports that the virtualization solutions market is expected to grow 12.3 percent year over year in 2013 and maintain this pace as it moves from 14 percent overall market share in 2011 to more than 20 percent in 2016.
Likewise, Gartner reports that IT operations management (ITOM) software market revenue reached $18 billion last year, for a 4.8 percent year-over-year increase. That growth was fueled in part by investments in virtualization management tools, Gartner said.
It’s little wonder demand is growing for these tools. Virtualization is becoming a crucial environment for testing if nothing else, from a security perspective, says Graham Cluley, a London-based independent software analyst. The bottom line "is there is no such thing as a 100 percent secure computing environment,” Cluley says. “And I would argue the case that the mainframe's greatest vulnerability could be the sense that it is impenetrable—that it can't be attacked.”
With this mindset so prevalent in IT, he adds, "virtualization tools can be a great asset, allowing IT to run software and tools and test certain scenarios in a sandboxed environment.”
Erika Morphy has been writing about the business impact of technology for 20 years, covering finance, mobility, transportation, the supply chain, Web 2.0, enterprise software/cloud computing, online privacy issues, identity theft and online security.