Key Findings

The survey ran online for three weeks during November/December 2020 and asked, among other things:

  1. What regulatory compliance requirements are currently impacting your organisation?
  2. Is there centralised management of distributed mainframe access systems and applications?
  3. What authentication methods are required to access the mainframe?

A total of 93 responses were captured, with 53% of respondents being at executive or middle management level, working in a range of industries, with 61% of respondents coming from the IT, financial and public sectors.

1.      56% of respondents believe that increased vulnerability of the mainframe to attacks owing to the lack of enterprise level modern security is a real concern, and say they have addressed this completely. 21% say they are concerned but plan to address it within the next 6 months to a year.

2.      Asked to list the regulatory requirements that are currently impacting the organisation, 66% of respondents cited GDPR, 54% cited POPIA, a quarter (25%) said PCI DSS compliance (credit card transactions) and 20% said Payment Services Directive (PSD2).

3.      A third (33%) of respondents said they were in the process of handling the adoption of the TLS 1.3 cryptographic protocol and the SHA-2 cryptographic hash functions. Almost a quarter (22%) said adoption was complete and a further 22% said it was on the cards for the next 6 months.

4.      This adoption was primarily driven by GDPR (57%) and internal requirement or mandate (56%). 37% said it was an internal partner, customer or vendor requirement, and 36% said it was driven by POPIA.

5.      Asked about centralised management of distributed mainframe access systems and applications, 41% said they already managed these centrally, 17% said they would like to be able to do this and planned to address it within the next 6 months, 14% said they’d address it within the next 12 months. 15% felt it wasn’t a concern for them.

6.      Username and password were the authentication methods required for mainframe access by nearly half (43%) of respondents.

7.      Almost all of the survey respondents (93%) agreed that they’re concerned about high levels of user frustration owing to lack of operational efficiency as users demand faster and more modern applications for accessing mainframe applications.

8.      A large proportion – 85% of respondents – is concerned about the lack of integration of terminal-based host applications with mainframe tasks and systems.

9.      The distributed management of terminal-based applications is a concern owing to a greater chance of attacks due to lack of access control for half (49%) of respondents, 47% are concerned about increased administrator overheads and 44% are concerned about weak passwords and access management.

10.   Finally, 67% of respondents have embarked on their POPIA journey, whereas 20% plan to within the next six to 12 months.