Security and the mainframe

Read time 3min 20sec

Resilience and security have long been hallmarks of mainframe computing. This is because mainframes were developed to meet an organisation's core business application and critical data processing requirements.

This is the word from IBM's Andy Hoiles, new workload leader for the Middle East and Africa at IBM Middle East. In a complex IT environment with intricate security problems, it can be difficult to define how much security is required and how much this will
impact operating efficiency, he says.

Hoiles acknowledges that restricting access or layering additional security can affect the productivity of employees and reduce the agility of the organisation. He believes that a centralised mainframe makes it easier to manage users, in addition to simplifying data control and system monitoring. "Centralised mainframe systems make sense for businesses that can ill afford the financial costs and damage to reputation of security breaches."

Over the years, as technology has evolved and threats have increased, so too has the mainframe to meet these new computing and security requirements, he states. Mainframes have long provided answers to complex security challenges through efficient access management and control and a clear segregation of duties between users, Hoiles adds.

"Embedding security and availability or resiliency features within the hardware itself, or within the system microcode over its 50 year history, has given mainframe technology a distinctive edge over many of its rivals." In the Internet era, Hoiles cites the addition of cryptographic technology, to ensure the secure exchange of information across theses networks, as an example of how the mainframe has maintained this tradition of reliability over the years.

According to Hoiles, because malicious attacks on IT infrastructures are a modern day reality, having a secure platform that "does not act like an information sieve to hackers" is vital. "There is no doubt that security challenges continue to impact the agility of many businesses," he mentions, adding that there has been a sharp rise in external attacks. On the other end of the spectrum, internal threats also pose a significant challenge, with careless or malicious employee behaviour cause for concern.

"Once an attack has penetrated within the IT infrastructure, whether it be production, test or development, it becomes difficult to contain the immediate damage as the danger moves from server to server, often wreaking havoc and bringing down services," he says, continuing that distributed environments, with multiple servers and operating environments, can be difficult to administer. "In such a complex environment the points of vulnerability are numerous, with the detection of intrusion more difficult."

Security has not only become a boardroom discussion, but it is also a worry for governments and regulatory bodies who have had to respond to security breaches by increasing national regulations and industry standards; a conversation that continues to change with each high profile security breach.

He believes that organisations must look across their entire infrastructure, both IT and
physical security, to create a secure environment. "There is no doubt that the areas of greatest vulnerability are often given the most attention but each component should not be viewed in isolation." Constant vigilance and attention is needed on security, regardless of IT platform, Hoiles stresses.

"Security measures, features and functions need to evolve constantly to address the latest threats. Mainframes are no different and have evolved constantly to ensure the highest levels of levels of security," Hoiles concludes. "The mainframe continues to evolve and have the highest levels of security for any commercially available system, providing the foundation for a secure enterprise."

See also