In the past, data center security was simpler to implement; in fact, there was a time when data center managers could see all the inputs and outputs to the mainframe in one or two rooms. However, this was when data was input via punched cards and output was recorded on tape or impact printers using green bar paper. A terminal had to be added as a logical unit and data center managers knew exactly who had access to the mainframe. Even when someone was logged in, managers always knew exactly what users were doing. Because computing resources were so precious, any abnormal behavior would have some effect on the environment. The SNA network was secured because all the devices on the network were defined. A physical survey of the data center was all that was needed to ensure it was secured.

New technology and constant market pressures have caused simple data center security to be a thing of the past. Today ’s market requires constant improvements in worker productivity. The advent of personal computing, Local Area Networks (LANs), and the Internet have led to a time of “pervasive connectedness,” even for the mainframe Moreover, the market bias has moved from allowing only the “select few” to access information to a stance of “information for all,” something original mainframe design and scope never contemplated.

Today, in some ways, the mainframe is no different from any UNIX or Windows server. It is TCP/IP connected and serves the data needs of almost every endpoint on the network. Just because the mainframe still resides in the glass house does not mean that it is as safe as it was 25 years ago; the mainframe sitting on the stark white raised floor of the data center is no longer the “air gapped” icon of data protection. Equally, the speed with which sensitive data on the mainframe can be converted to cash by cyber crooks has increased – the affects of pervasive connectedness are not limited to encroachments on the legacy mainframe identity and access management schemes. A credit card number stolen from the data center can be sold over the Internet in seconds.

According to many, 70% of all mission critical data remains on the mainframe and much of that data relates to customer and consumer  information. Yet, contemporary market conditions demand “always-on” access to data in  order to support online shopping, administration of retail banking, brokerage or other financial accounts, and other needs. Significant actions with potentially grave repercussions can be performed in a completely faceless manner. The drive to satisfy customer demands for convenience, serving a 24/7 global market place, has given rise to risks previously not looked for that must now be mitigated.

The consequence of increasing customer demands is that the risk to data becomes an issue, not just to the technologists who manage it, but to legislators and industry regulators as well. Protection of data privacy is now one of the principal areas of focus in each and every technology audit or review; and demonstration that appropriate best practice controls are in place is mandatory to avoid disruptions to technology and business plans.

Watch Webinar:

Mainframe Data Encryption

Protecting the privacy of sensitive mainframe data is paramount among new compliance requirements; and encryption is the natural means to achieve this privacy. Of the common encryption approaches available, disk encryption does not address many critical needs and transport encryption leaves gaps in protection even while being frequently used. Data-centric encryption offers the best combination of operational efficiency, reduced costs, and broad risk mitigation.