Mainframe use is on the rise—driven by security and compliance requirements

Is mainframe usage on the decline? That’s what we wanted to find out in Deloitte’s 2020 Mainframe Market Pulse Survey (link resides outside ibm.com). From our work with IBM in organizations across industries, we were confident that the survey would show mainframes are still prevalent in the corporate world. And, in fact, the results showed that mainframe usage is rising.

Even more eye-opening? The strength of support for mainframes and active plans to expand their usage. Ninety-one percent of respondents identified expanding their mainframe footprints as a moderate or critical priority in the next 12 months. Seventy-four percent say they “believe the mainframe has long-term viability as a strategic platform for their organizations.” And 72 percent are planning upgrades to their mainframes in the next three years, to address expected increases in usage across three key areas: security (69%), storage (62%) and software (61%).

What’s driving the robust and growing usage of mainframe computing? There are lots of reasons, but security topped the list in our survey results. This should come as little surprise. Mainframes offer unparalleled protection, and that’s a big deal at a time when data breaches can not only be devastating to a company’s brand but can force them to run aground of rising regulatory requirements regarding data security.

Don’t get me wrong—security has always been a top-tier issue, but it’s even more critical today, in an environment where information is used and shared broadly across employees, partners, regulators, and more, through many different channels and clouds. A quarter of our survey respondents pointed to “maintaining compliance” as a top priority for their IT organizations.

For example, imagine an airplane manufacturer operating at the center of a sprawling network of maintenance teams all over the world. Information sharing between these groups is constant and, of course, highly sensitive. If an engine shows warning signs of failure, maintenance teams and the manufacturer need to share volumes of data with one another, securely and remotely. But how secure is that information–wherever it is? The answer has serious implications for passenger safety, as well as for the manufacturers of these expensive machines and the airlines that rely on them to serve the travel needs of millions of passengers.

Even mainframes have their security limits in today’s environment, where data is in transit (leaving the mainframe or in the process of entering it) constantly. Meanwhile, regulators are steadily tightening their requirements regarding the security of in-transit data, stipulating that organizations are still responsible for what happens to data after it “leaves” their systems. Which means organizations need the ability to protect the data even after it departs the mainframe.

This is a big deal. And it’s why pervasive encryption has been deployed so broadly in recent years. With pervasive encryption, data at rest and in transit can be encrypted at scale, simplifying encryption and reducing costs associated with protecting data and achieving compliance mandates.

But even pervasive encryption only goes so far. Looking to the future of hybrid cloud security, IBM is extending data protection beyond data at rest and in transit to cover data in use with confidential computing capabilities.

Pervasive encryption is a powerful tool that reduces the cost and vulnerability of standard encryption, is more effective at preventing incursions, requires less effort to secure, and is more cost effective than alternative solutions. But it still may not be enough—not when users with keys can be unreliable. They’re human, after all. What happens when they switch jobs? Or leave the organization? Or prove to be untrustworthy?

IBM Data Privacy Passports on IBM z15 give companies maximum control over data wherever it travels after it leaves the system of record—throughout the enterprise and into the hybrid cloud—allowing them to manage how data is shared on a need-to-know basis, with centralized control over user access policies. Just as important, with Data Privacy Passports, companies can document their ability to control and track data in order to ease compliance. If regulators want to know who had access to encrypted data, when they had access, and when access was revoked, it’s all managed and tracked in Data Privacy Passports.

That airplane manufacturer working with maintenance teams all over the world? It can put Data Privacy Passports to work in further securing its most sensitive product data, in conjunction with pervasive encryption and blockchain. No matter where the data goes, they’re able to track it. It’s never unencrypted, and future access can be revoked at any time.

Today, your ability to confidently share and control data outside the mainframe adds up to a big strategic advantage. It can help your organization move faster, collaborate more effectively, and ease the challenges of compliance. So if you’re one of the majority of IT or business leaders who have plans to expand your mainframe usage, or just one of the many who are working to get more from your technology investments, this is the moment to take advantage of major advances in mainframe security enablers.

Regardless of the ebb and flow of their marketplace popularity over the years, mainframes have always been recognized for their security advantages. At a time when organizations are sharing more information than ever, in more types of ways, it’s possible to secure mainframe-based data even further—wherever it goes. That’s powerful. It can lead to stronger outcomes across your organization, not just in IT. That level of control and security is available today. Don’t sit this one out.

About IBM z15

>> Learn more about IBM z15, the new IBM Z® single-frame and multi-frame systems bring security, privacy and resiliency to your hybrid cloud infrastructure.

About Deloitte

As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.