Security

Are your security practices of yesterday your security exposures of today?

Share this post:

Once upon a time, it was easy to secure a z/OS (e.g., MVS) system. Users were defined, passwords created, and datasets protected. Users accessed the mainframe from terminals connected directly to the mainframe. Now, consider today’s environment. Users access the mainframe from different places and even via mobile devices. Are yesterday’s security practices today’s security exposures? Have you updated your security practices for today’s environment?

Since 1976, RACF has been a key component of mainframe security, integrating with the IBM z/OS operating system to control system access. From identifying and verifying users to logging and reporting unauthorized attempts at access, RACF has been critical to keeping mainframe environments secure.

Have your processes kept place in taking advantage of these items? If not, you could be at risk for security exposures.

The first step in improving mainframe security is to recognize the potential for problems. Security administrators and enterprise management often assume mainframes with RACF are inherently secure. But a security system is constantly being updated with new definitions to address the security needs of the business—and forces are constantly at work that can cause vulnerabilities if those definitions are not cleaned up.

Have you removed the entitlements and privileges of employees who left the organization? How about updating user profiles of employees who changed roles? And are you creating work for auditors—and risking a failed audit—by making them wade through information that’s no longer relevant or too complicated to understand?

But just like regular maintenance on your car or spring cleaning at your house, cleaning up your RACF databases is a necessary and ongoing task. A dirty database that is filled, for example, with out-of-date access permissions for employees who no longer work at the organization or security definitions for a decommissioned software package can be the cause of a failed security audit. More importantly, a dirty database can allow these same former employees— or hackers and malicious users who gain their IDs and access privileges—to commit fraud or theft.

For more than 50 years, IBM mainframes have been industry leaders in providing a secure base for critical business operations—right up to today’s IBM z Systems. Security capabilities are actually built into the entire z Systems stack.

More Security stories

Hybrid multicloud: A mouthful, but the right approach

Hybrid cloud, Mainframes, Multicloud

From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these posts are their own, and do not necessarily reflect the views of IBM. New technologies breed new buzzwords and terminology, and sometimes it can be ...read more


Announcing our direction for Red Hat OpenShift for IBM Z and LinuxONE

LinuxONE solutions, Mainframes, Multicloud

In early July, IBM and Red Hat officially closed their most significant acquisition of 2019–an important milestone combining the power and flexibility of Red Hat’s open hybrid portfolio and IBM’s technology and deep industry expertise. The feedback from our clients and partners is clear. A recent IBM report found that 80 percent want solutions that ...read more


Get ready, IBM z/OS V2R4 is on the way!

Hybrid cloud, Mainframes, Servers

The newest version of IBM Z’s premier operating system is jam-packed with innovation to help clients build applications and services based on the highly scalable and secured mainframe infrastructure. It provides performance and availability for on-premises or provisioned-as-a-service workloads as businesses continue their digital transformation. z/OS V2.4 is designed to improve the integration of z/OS ...read more