November 13, 2020 By Bob Miller 4 min read

Is mainframe usage on the decline? That’s what we wanted to find out in Deloitte’s 2020 Mainframe Market Pulse Survey. From our work with IBM in organizations across industries, we were confident that the survey would show mainframes are still prevalent in the corporate world. And, in fact, the results showed that mainframe usage is rising.

Even more eye-opening? The strength of support for mainframes and active plans to expand their usage. Ninety-one percent of respondents identified expanding their mainframe footprints as a moderate or critical priority in the next 12 months. Seventy-four percent say they “believe the mainframe has long-term viability as a strategic platform for their organizations.” And 72 percent are planning upgrades to their mainframes in the next three years, to address expected increases in usage across three key areas: security (69%), storage (62%) and software (61%)[1].

The value starts with security

What’s driving the robust and growing usage of mainframe computing? There are lots of reasons, but security topped the list in our survey results. This should come as little surprise. Mainframes offer unparalleled protection, and that’s a big deal at a time when data breaches can not only be devastating to a company’s brand but can force them to run aground of rising regulatory requirements regarding data security.

Don’t get me wrong—security has always been a top-tier issue, but it’s even more critical today, in an environment where information is used and shared broadly across employees, partners, regulators, and more, through many different channels and clouds. A quarter of our survey respondents pointed to “maintaining compliance” as a top priority for their IT organizations.

For example, imagine an airplane manufacturer operating at the center of a sprawling network of maintenance teams all over the world. Information sharing between these groups is constant and, of course, highly sensitive. If an engine shows warning signs of failure, maintenance teams and the manufacturer need to share volumes of data with one another, securely and remotely. But how secure is that information–wherever it is? The answer has serious implications for passenger safety, as well as for the manufacturers of these expensive machines and the airlines that rely on them to serve the travel needs of millions of passengers.

What happens once sensitive data is in transit?

Even mainframes have their security limits in today’s environment, where data is in transit (leaving the mainframe or in the process of entering it) constantly. Meanwhile, regulators are steadily tightening their requirements regarding the security of in-transit data, stipulating that organizations are still responsible for what happens to data after it “leaves” their systems. Which means organizations need the ability to protect the data even after it departs the mainframe.

This is a big deal. And it’s why pervasive encryption has been deployed so broadly in recent years. With pervasive encryption, data at rest and in transit can be encrypted at scale, simplifying encryption and reducing costs associated with protecting data and achieving compliance mandates.

But even pervasive encryption only goes so far. Looking to the future of hybrid cloud security, IBM is extending data protection beyond data at rest and in transit to cover data in use with confidential computing capabilities.

Beyond pervasive encryption

Pervasive encryption is a powerful tool that reduces the cost and vulnerability of standard encryption, is more effective at preventing incursions, requires less effort to secure, and is more cost effective than alternative solutions. But it still may not be enough—not when users with keys can be unreliable. They’re human, after all. What happens when they switch jobs? Or leave the organization? Or prove to be untrustworthy?

IBM Data Privacy Passports on IBM z15 give companies maximum control over data wherever it travels after it leaves the system of record—throughout the enterprise and into the hybrid cloud—allowing them to manage how data is shared on a need-to-know basis, with centralized control over user access policies. Just as important, with Data Privacy Passports, companies can document their ability to control and track data in order to ease compliance. If regulators want to know who had access to encrypted data, when they had access, and when access was revoked, it’s all managed and tracked in Data Privacy Passports.

That airplane manufacturer working with maintenance teams all over the world? It can put Data Privacy Passports to work in further securing its most sensitive product data, in conjunction with pervasive encryption and blockchain. No matter where the data goes, they’re able to track it. It’s never unencrypted, and future access can be revoked at any time.

Mainframes give you more control over your sensitive data

Today, your ability to confidently share and control data outside the mainframe adds up to a big strategic advantage. It can help your organization move faster, collaborate more effectively, and ease the challenges of compliance. So if you’re one of the majority of IT or business leaders who have plans to expand your mainframe usage, or just one of the many who are working to get more from your technology investments, this is the moment to take advantage of major advances in mainframe security enablers.

Regardless of the ebb and flow of their marketplace popularity over the years, mainframes have always been recognized for their security advantages. At a time when organizations are sharing more information than ever, in more types of ways, it’s possible to secure mainframe-based data even further—wherever it goes. That’s powerful. It can lead to stronger outcomes across your organization, not just in IT. That level of control and security is available today. Don’t sit this one out.

About IBM z15

>> Learn more about IBM z15, the new IBM Z® single-frame and multi-frame systems bring security, privacy and resiliency to your hybrid cloud infrastructure.

About Deloitte

As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

More from Cloud

Get ready for change with IBM Cloud Training

2 min read - As generative AI creates new opportunities and transforms cloud operations, it is crucial to learn how to maximize the value of these tools. A recent report from the IBM Institute for Business Value found that 68% of hybrid cloud users already have a formal, organization-wide policy or approach for the use of generative AI. That same report also noted that 58% of global decision makers say that cloud skills remain a considerable challenge. Being proactive in your learning can significantly…

Data center consolidation: Strategy and best practices

7 min read - The modern pace of data creation is staggering. The average organization produces data constantly—perhaps even continuously—and soon it’s investing in servers to provide ample storage for that information. In time, and probably sooner than expected, the organization accrues more data and outgrows that server, so it invests in multiple servers. Or that company could tie into a data center, which is built to accommodate even larger warehouses of information. But the creation of new data never slows for long. And…

Hybrid cloud examples, applications and use cases

7 min read - To keep pace with the dynamic environment of digitally-driven business, organizations continue to embrace hybrid cloud, which combines and unifies public cloud, private cloud and on-premises infrastructure, while providing orchestration, management and application portability across all three. According to the IBM Transformation Index: State of Cloud, a 2022 survey commissioned by IBM and conducted by an independent research firm, more than 77% of business and IT professionals say they have adopted a hybrid cloud approach. By creating an agile, flexible and…

Tokens and login sessions in IBM Cloud

9 min read - IBM Cloud authentication and authorization relies on the industry-standard protocol OAuth 2.0. You can read more about OAuth 2.0 in RFC 6749—The OAuth 2.0 Authorization Framework. Like most adopters of OAuth 2.0, IBM has also extended some of OAuth 2.0 functionality to meet the requirements of IBM Cloud and its customers. Access and refresh tokens As specified in RFC 6749, applications are getting an access token to represent the identity that has been authenticated and its permissions. Additionally, in IBM…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters