Share this post:
From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the In The Making blog. The opinions in these blogs are their own, and do not necessarily reflect the views of IBM.
Organizations have long depended on IBM mainframe systems to deliver the robust performance, availability and security required for mission-critical business applications. Airlines, banks, insurance companies, retailers and other organizations all rely on mainframes for vital, secure transaction processing.
Today, many organizations are expanding their use cases for mainframe systems. As they deploy increasingly interconnected workloads, security needs to remain top of mind. To explore ways organizations can take advantage of mainframe security capabilities to combat intensifying cyber threats, we spoke with Mike Miracle, Senior Vice President of Marketing and Strategy at BlackRidge Technology. Miracle shares his thoughts on mainframe security and how new technologies can further bolster cyber defenses and mitigate the risk of exposure.
Q: Mainframes are known for tight security. What factors are driving organizations to mainframe systems that bolster data protection?
A: We’ve all seen and heard the constant stream of news stories about hacking, fast-spreading malware and other cybersecurity events. And these reports remind us that arguably no system — and no organization — is unbreachable.
But organizations are progressively integrating their mainframes into the highly-connected cloud world. They are using mainframes to run mobile apps, integrate with blockchain transactional systems, speed analytic insights and create more secure hybrid cloud environments. The more that organizations integrate mainframes with other systems — within and beyond the enterprise — the more they are committing to making the infrastructure decisions that provide secure environments for business transactions and avoid becoming targets of cyberattacks.
Regulatory compliance issues also need to be considered, especially for organizations in financial services, government, healthcare and other highly-regulated industries. Whether organizations are connecting to external systems or running multiple workloads within their mainframe environments, they need to take effective measures to safeguard their applications and their data to demonstrate that sensitive, regulated information is protected.
Q: What key concern in our “highly connected world” should IT leaders focus on?
A: As the mainframe becomes more interconnected, they need to reinforce the level of trust among all the systems accessing it. Think of the way people used telephones before the era of caller ID. They had to answer the phone and greet the caller before they knew who was on the line. Just from that greeting a bad actor could learn about potential vulnerabilities — including whether they were at home, male or female, adult or child and so on — and then later use that information against them.
Network connections are similar. When you receive an incoming network connection request, you have to exchange information through the “three-way handshake.” But you’re potentially giving away information during that handshake — information about the application and the version of the operating system you’re running. Someone could use that information to pinpoint vulnerability and plan an attack.
Q: How does an organization achieve that level of trust and help ensure its systems do not compromise security during the network connection process?
A: You can address the fundamental trust issue by verifying the identity of the entity that’s trying to connect with you. Here’s how it works: your administrators set policies that specify who can connect with your systems. An identity-based network security approach is designed to specifically authenticate the identity and apply the security policy on the first packet of a network session. If you get a connection request from someone who is not authorized, the connection is dropped — so you don’t give away any information.
This approach blocks all the port scanning and reconnaissance that unauthorized entities might try to conduct. Your applications remain cloaked, or invisible. And if they can’t see your environment, they can’t attack it.
Q: How do you safeguard workloads from internal threats?
A: The approach for internal threats is similar to the one for external threats. More organizations are running multiple applications within their mainframe environment and connecting to other systems whether on premises or in the cloud. They need to isolate applications to reduce risks and also comply with regulations.
An identity-based network security approach, for example, isolates mainframe workloads and administrative portals, and helps prevent potential attacks from unauthorized internal — or external — users. It enables you to segment applications and departmental assets to maintain strict compliance.
Q: Suppose an organization has integrated its blockchain with a mainframe. How does the approach you describe come into play?
A: Blockchain technology has evolved from just cryptocurrency use cases to being applicable as a business-critical transaction ledger. Today’s blockchains can be global, distributed, peer-to-peer networks. Those networks exchange sensitive and often highly regulated client and transactional data.
Protecting the information that flows through blockchains is absolutely essential for network participants. The question is, how can you be sure that everyone in the network is who they say they are?
When deploying the technology approach I just described, the mainframe is not being exposed to external attacks from unknown participants in the blockchain network. You can protect your data with encryption without having to change applications, impacting service levels, or incurring huge costs. At the same time, the distributed clients that are connected through the blockchain are protected as well.
Q: What do these security technologies for mainframes bring to organizations?
A: IBM mainframe systems reinforce the level of trust for transactional workloads by encrypting data — whether that data is in flight or at rest — through policy-based data set encryption. And providing a layer of identity-based network security, for example, helps organizations ward off advanced threats. Adding that layer of protection is particularly important as you expand mainframe use cases into the interconnected world. This approach enables you to leverage the security that the mainframe can bring while protecting critical data and transactions against escalating cyberthreats.