I was recently reading a little about security and System z in the IBM Redbooks publication, Security on the IBM Mainframe, Vol. 1 - A Holistic Approach to reduce Risk and improve Security, SG24-7803, written by my colleague and fellow project leader, Axel Buecker. In the introduction, he wrote:
“Cyber security is a large concern to many organizations, whether they are commercial, governmental, military, and so on. There are unsolicited access attempts to the data on those mainframes, through illegitimate acts of cybercrime.
Cybercrime is a sophisticated activity. It is no longer a playing field for script-kiddies trying to get access to systems and servers for fun, nor is it about quick hacks to get in and get out quickly. It is now about real commercial, political or even military advantages. Hacking is only part of the process that is used criminally to gain access to data held within organizations and enterprises. If access to one part of an enterprise is gained, then this can now be used to gain access to another part of the same enterprise. The breach of the security controls is used to create or obtain another breach. Data is leaked carefully over a long period of time. Breaches are used and controlled by attackers so that detection is difficult.
The goal in many of these attacks is to access the data that is held on the mainframe. Why would the mainframe be under attack? Well, many years ago the infamous American bank robber John Dillinger was asked why he robbed banks. He replied “Because that is where the money is” (this quote was also attributed to Willie Sutton).
So the answer to why the mainframe is now under attack is that this is the server where many organizations store and process their most valuable data. In an age of increasing security consciousness, IBM System z provides the capabilities to address the needs of today's business security challenges.”
This is such an important topic given the recent data infiltrations at, not only Home Depot and JP Morgan Chase, but many other large corporations over the past few years. Security, no matter which platform chosen, is only as good as the designers and implementers. A poor architectural design produces a poor application with poor control. And while RACF will stop the unauthorized (either application or person) from access to important data, if the architectural strategy for RACF is poor, the integrity of your data can become compromised.
It is for this reason that my next project will involve writing an architectural reference guide. It will be more of a guide for those planning their security for a System z environment. It will be an IBM Redbooks publication and there will not be any sort of hands on work for this book.
I want this book to guide people on the security necessary for a couple of use cases and help architects design their security. For example, if you are tasked with designing a mobile application that accesses your System z data, what should happen from a security perspective from the moment the transaction hits the system of engagement onwards. What architectural design elements are necessary to ensure secure data transactions from start to finish?
Do you think you have what it takes to work on this important publication? Come and join us in beautiful Poughkeepsie, NY (only about 75 miles from beautiful NYC)! You can apply using this link: End to End Security with System z. This residency starts on 03 Nov 2014 and ends 25 Nov 2014 (only 3.5 weeks!)