As programming languages and database systems age, their legacy grows. They prosper by producing business applications that deliver immense value over many generations.
Imagine a critical database system and its respective programming language, which enterprises have used to build applications for IBM zSystems for over 40 years. Now think about the company behind these technologies committing to fully support them up to the year 2050 and beyond, providing long-term assurances to its customer base. This is the story of Adabas and Natural (link resides outside of ibm.com), technologies that are foundational to many thousands of applications that serve some of the largest organizations in the world.
Software AG (link resides outside of ibm.com), the developer of Adabas & Natural, does not take this long-term commitment lightly. In line with its IT Security strategy, Software AG’s first step is to ensure that its 100 mainframe developers can access the systems they need to maintain and enhance Adabas & Natural safely, securely, and with minimal friction. For this task, Software AG has chosen to secure its mainframe access leveraging IBM Z Multi-Factor Authentication.
It may sound more like a traditional rhyme—"something you know, something you have, something you are”—but these are the basic tenets of multi-factor authentication (MFA). The National Institute of Standards and Technology (NIST) (link resides outside of ibm.com) defines MFA as “an authentication system that requires more than one distinct factor for successful authentication.” As a simple password can always be stolen, getting access to two factors proves to be far more difficult. For Software AG, adding this additional layer of security was vital.
Nicole Ritchie, Director of Product Marketing for Adabas & Natural, explains: “We are tasked with supporting very large enterprises running mission-critical applications on IBM zSystems as securely as possible and with the highest availability. Adding MFA to our process helps us provide more secure access management and peace of mind in what we deliver to our end-users and their end-users.”
Software AG’s security strategy is multi-layered. In addition to migrating to MFA, the company adopted stronger data encryption to help defend against attacks and facilitate compliance across all regions. Jürgen Lind, Senior Director of Product Management at Software AG uses an analogy during IBM’s ISV zSecurity webinar series: “Implementing encryption without secure access is like installing a new fence without a gate. And secure access without encryption is like a gate without a fence” (link resides outside of ibm.com). Therefore, Software AG is implementing a holistic mainframe security strategy.
Hans-Georg Saftig, Director for A&N R&D Mainframe Infrastructure at Software AG, adds: “We are the first link in a long chain of cybersecurity responsibility. We need to empower our developers who are building new features and capabilities to take Adabas & Natural into the next half-century. Our strategy must provide protection for as many scenarios as possible, using methods that we can expand as new threats surface.”
One of the advantages of adopting an MFA solution was the ability to move at a pace that worked for Software AG’s developers. Mr. Saftig explains: “We needed to make our work on the IBM zSystems platform more secure, but it was really important to find a balance. We take security risks very seriously, and we also need to enable our development team to remain productive and focus on development. IBM Z Multi-Factor Authentication helped in two ways: we didn’t have to roll it out to everyone at once, and as we roll it out to each segment of users, that segment will quickly be in a more secure posture.”
Mr. Saftig adds: “During the PoC, we initially faced some challenges in incorporating the IBM Z Multi-Factor Authentication solution in a way that would work seamlessly across our complex environment. With help from the folks at IBM Lab we optimized the configuration and now all is well."
Software AG also stresses the importance of the planning step in the change process. “Once we made our decision to adopt a stronger security posture, our IBM team walked us through an IBM Mainframe Security Workshop (link resides outside of ibm.com)”, shared Saftig. “They helped us identify and capture our current status, where we wanted to be, what we needed for compliance, and how we could get there—even down to how we would stage and test the new implementation. In the end we had a recipe for success, and everyone was happy.”
Software AG’s mantra is “Simplify the Connected World.” The company has devoted itself to supporting digital transformation and helping its clients meet ever-changing customer expectations. The key is to establish a digital backbone that enables systems to integrate more seamlessly, connect more effectively, and process more efficiently.
Ritchie states: “We're protecting the development environment for our core products and add-ons, which then support hundreds upon hundreds of our enterprise customers. By keeping that environment secure, we're able to provide faster delivery and updates to our customer base.”
Saftig adds: “It’s most important that the big banks, the government organizations, the insurance companies relying on Software AG’s mainframe solutions can be confident that the code they are using, the applications they rely on, are secure and we’re making every effort to ensure they’re secure in the future. It’s as simple as that.” Software AG’s investment in IBM zMFA outlines the importance of securing access to the mainframe, no matter the size of the environment.
Software AG (link resides outside of ibm.com) simplifies the connected world. Founded in 1969, it helps deliver the experiences that employees, partners and customers now expect. Its technology creates the digital backbone that integrates applications, devices, data and clouds; empowers streamlined processes; and connects “things” like sensors, devices and machines. Software AG helps more than 10,000 organizations to become a truly connected enterprise and make smarter decisions, faster. The company has more than 5,000 employees across more than 70 countries and annual revenue of over €830 million. Its ambition is to exceed €1 billion of organic revenue in 2023.
Legal
© Copyright IBM Corporation 2022. IBM Corporation, IBM Systems, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, September 2022.
IBM, the IBM logo, ibm.com, and IBM Z are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copyright-trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.