Mainframe

Beyond Encryption: A Layered Approach to Cyberthreat Defense

June 22, 2022

Cracking the Code for Managing Mainframe Security

The mainframe offers unrivaled data security capabilities. In fact, the platform’s architecture is designed to prevent cyberattacks. True security, however, takes more than just secure hardware. How you put software into play makes the difference. Broadcom maximizes the value of the mainframe through advanced cybersecurity solutions and a layered approach to protecting business-critical data.

No matter what industry you are in, data security is critical to your business success. Organizations that cannot protect information will not survive. There are so many stories of data breaches that it is hard to keep track. Identity theft on an unprecedented scale is now possible due to high profile breaches of retail stores, credit bureaus, and social networks. It is clear that a failure to safeguard private data is a major risk to individuals, to companies, and to society. 

The Zero Trust Approach     

Securing expansive hybrid IT environments can appear daunting. A great way to cut through the fog of possibilities and proceed with clarity is Zero Trust, an approach that exists in sharp contrast to the more limited and insufficient, perimeter defense paradigm that’s been the standard for decades. The problem with that standard is that, once people got inside, they had access to just about everything. 

In today’s world, you need a smarter approach based on the assumption that no one can be trusted, even when they’re inside the proverbial castle. Zero Trust requires users to prove their identities every step of an interaction. Even when that is done, users only have access to the specific resources requested, and only after verifying that they have proper authority and business need. Another critical aspect of Zero Trust is that it grants just-in-time access to resources for only a limited window of time.

Create a Winning Cybersecurity Strategy

Security requires strategy. You have to dedicate a finite pool of money, staff, and time across a variety of business priorities. Meanwhile, the bad guys can go “all in” on their attacks. Against this backdrop, IT organizations need to figure out how to take a limited set of resources and protect their most crucial data and applications. Trying to protect everything is unrealistic for most organizations. Not affordable and not feasible. So, for Zero Trust, it comes down to strategically identifying and prioritizing the most crucial assets.      

You can never be completely safe, but you can reduce risk in multiple ways. Think of security like an onion. Add layers such as identity authentication, privileged access management, data classification, security event management, and automated ID cleanup. Only then, grant access to the system, data, and resources. This will provide the protection you need where you need it most. 

Encryption for Today … and Tomorrow

Another key element of digital security is encryption. Current algorithms used in data encryption provide protection against many common security breach concerns, but leave certain risk factors open. To address that remaining risk, the new z16 features Quantum Safe Computing, a cutting-edge approach to encryption on the mainframe.  

Many common encryption algorithms, such as public-key RSA or DSA systems, provide suitable protection against traditional computers. However, they’re built using techniques that Quantum computers are capable of cracking. The risk is that bad actors could steal data today and hold onto it with the expectation of cracking its encryption protection – with the help of Quantum computers – down the road. Current Quantum safe cryptography algorithms, like AES-256, are built in ways that both traditional and Quantum computers will struggle to crack. Bringing Quantum Safe Computing to the mainframe further ensures strong protection for data today as well as tomorrow.

Remember that encryption, no matter what form, is only as good as the humans protecting the keys, so it is not a silver bullet. Humans can be compromised with phishing attacks, or malicious insiders can go rogue. That’s why it’s essential to implement a layered security approach combining encryption with other techniques.

Beyond the Algorithm

Data security and privacy are two of the most important issues businesses face today. Institutions that fail to safeguard data can risk regulatory penalties and fines, legal consequences, and costly civil settlements. They can even jeopardize their existence. As a result, today’s IT leaders need to think beyond traditional approaches to security and apply a much broader range of solutions to keep information private.

Broadcom’s comprehensive approach answers this challenge, safeguarding valuable corporate information and identities. The first layer of defense is an External Security Manager (ESM), such as ACF2 or Top Secret, which enforces the principle of least access and employs Quantum Safe encryption. Amplifying its value further, Broadcom's security portfolio is IBM RACF compatible and therefore supports all ESMs in the market.

Successive layers of protection allow companies to manage user access through multi-factor authentication. They manage privileged users by elevating and de-elevating privileges as needed. Going further, companies can classify, locate, and protect sensitive mainframe data, continuously monitor and alert suspicious activity, and automate cleanup of unused IDs and entitlements. Broadcom’s solution even provides self-service audit reporting for compliance processes.

While the threat landscape will continue to intensify, companies can proceed with confidence using a layered security strategy that combines critical software capabilities with proven best practices.  

If you’d like to discuss the best way forward with Zero Trust, please contact me directly at ravi.patil@broadcom.com.

Tag(s): Mainframe

Subscribe to blog updates

By submitting this form I acknowledge that my use of Broadcom’s website is subject to Broadcom’s Terms of Use, and that my personal data is processed according to Broadcom’s Privacy Policy.