The survey ran online for three weeks during November/December 2020 and asked, among other things:
- What regulatory compliance requirements are currently impacting your organisation?
- Is there centralised management of distributed mainframe access systems and applications?
- What authentication methods are required to access the mainframe?
A total of 93 responses were captured, with 53% of respondents being at executive or middle management level, working in a range of industries, with 61% of respondents coming from the IT, financial and public sectors.
1. 56% of respondents believe that increased vulnerability of the mainframe to attacks owing to the lack of enterprise level modern security is a real concern, and say they have addressed this completely. 21% say they are concerned but plan to address it within the next 6 months to a year.
2. Asked to list the regulatory requirements that are currently impacting the organisation, 66% of respondents cited GDPR, 54% cited POPIA, a quarter (25%) said PCI DSS compliance (credit card transactions) and 20% said Payment Services Directive (PSD2).
3. A third (33%) of respondents said they were in the process of handling the adoption of the TLS 1.3 cryptographic protocol and the SHA-2 cryptographic hash functions. Almost a quarter (22%) said adoption was complete and a further 22% said it was on the cards for the next 6 months.
4. This adoption was primarily driven by GDPR (57%) and internal requirement or mandate (56%). 37% said it was an internal partner, customer or vendor requirement, and 36% said it was driven by POPIA.
5. Asked about centralised management of distributed mainframe access systems and applications, 41% said they already managed these centrally, 17% said they would like to be able to do this and planned to address it within the next 6 months, 14% said they’d address it within the next 12 months. 15% felt it wasn’t a concern for them.
6. Username and password were the authentication methods required for mainframe access by nearly half (43%) of respondents.
7. Almost all of the survey respondents (93%) agreed that they’re concerned about high levels of user frustration owing to lack of operational efficiency as users demand faster and more modern applications for accessing mainframe applications.
8. A large proportion – 85% of respondents – is concerned about the lack of integration of terminal-based host applications with mainframe tasks and systems.
9. The distributed management of terminal-based applications is a concern owing to a greater chance of attacks due to lack of access control for half (49%) of respondents, 47% are concerned about increased administrator overheads and 44% are concerned about weak passwords and access management.
10. Finally, 67% of respondents have embarked on their POPIA journey, whereas 20% plan to within the next six to 12 months.