Mainframe Blog

Why Broadcom's MFA is a Mainframe Must-Have | Broadcom

Written by Jose Arias | Sep 28, 2023 2:00:00 PM

Imagine the surprise when, as an occasional gym visitor, you return to your fitness center one day, eager to resume your workouts, only to find that the familiar wristband is no longer the key to access. Picture yourself in my shoes, standing at the gym entrance, accustomed to swiftly scanning my wristband for access. It was a simple process; I never gave it a second thought. However, on this particular day, I was met with a digital prompt requesting my fingerprint for entry. It was a seamless transition, and I couldn't help but marvel at the gym's commitment to security, even though wristband sharing among members had been relatively rare.

The gym has adopted security best practices, implementing multi-factor authentication (MFA) through biometric fingerprint recognition. This remarkable shift in security protocols not only caught me off guard but also got me thinking about a broader issue – the protection of our mainframe data, an asset far more valuable than any gym membership. While MFA is now common in many aspects of our digital lives, why do we still rely on password-based security, the equivalent of that now-defunct gym wristband, for our mainframes?  Why do our most sensitive data remain secured by an outdated and single-factor authentication method?

This article explores the importance of MFA in the mainframe environment and how Advanced Authentication Mainframe (AAM) by Broadcom is revolutionizing this critical aspect of cybersecurity.

 

AAM provides two different approaches, the traditional  “In-Band” and the enterprise MFA – “Out-of-Band”

 

What is MFA? 

MFA is a cybersecurity protocol that enhances security by requiring users to provide two or more authentication factors before gaining access to a system or application. 

The three categories of authentication are:

  • Something you know: Typically refers to a password or PIN. It's something the user remembers and provides during the authentication process.
  • Something you have: This can be a physical card, a token, a mobile phone, or any other device that generates or receives temporary codes. RSA tokens, for example, are used to generate one-time access codes.
  • Something you are: Refers to biometric features, like fingerprints, facial recognition, or iris scanning. These are unique physical or behavioral traits of an individual.

By combining at least two of these factors, MFA provides a much higher level of security than simply using a password alone. This is especially helpful in guarding against phishing attacks, keyloggers, and other types of threats that might compromise a single form of authentication.

Consider the example of the gym mentioned above, which recently upgraded its security measures. While the gym's previous access system relied solely on wristbands that members used to check in, they have now introduced biometric MFA in the form of fingerprint scanning. This change was driven by a desire to minimize the risk of fraud and unauthorized access, even though the incidence of members sharing wristbands was relatively low.

Now, let's shift our focus to the world of mainframes, where organizations store and process their most sensitive and critical data. Surprisingly, mainframes often rely only on the digital equivalent of a password to safeguard access. Despite being the backbone of many enterprises, this lacks the advanced security measures that we've come to expect in other areas of our digital lives.

Adding Additional Security Layer with AAM

 

 

This is where AAM by Broadcom steps in. AAM is designed to strengthen mainframe security by implementing modern MFA protocols. Here's how AAM can benefit the mainframe environment:

  • Enhanced security: AAM adds an extra layer of security to the mainframe by requiring users to provide multiple forms of authentication. This ensures that even if one factor is compromised, unauthorized access remains highly unlikely. Additional factors for high-risk logons can be configured, based on logon conditions such as location, time of day, or logon velocity. 
  • RSA SecurID support: Using RSA SecurID’s authentication APIs, AAM secures privileged or normal users by requiring them to logon using RSA SecurID’s soft-token or hard-token
  • User-friendly experience: AAM is designed to be user-friendly and non-disruptive to existing workflows. Works directly with ACF2, Top Secret, and IBM RACF using the same interface, so it is easy to learn and start using from day one.
  • No application updates required: Integrates with Symantec VIP Authentication Hub (entitlement included with AAM)  to always provide an eight-character credential for logon, eliminating the need for application updates to support multi factor authentication.
  • Compliance: AAM helps organizations meet stringent compliance requirements by implementing robust authentication measures. This is especially crucial in industries with strict regulatory mandates.
  • Adaptable for a few or all: Set permissions for particular users or applications based on business requirements, with an option to revert to primary mainframe credentials during service interruptions.
  • PIV/CAC support: Integrates with Symantec Privileged Access Manager to extend support for smart cards. 
  • Enhance in-band support using RADIUS: Boost identity verification by mandating users to submit both an ESM password or passphrase and a RADIUS credential.
  • Logging and monitoring: AAM provides detailed logs and monitoring capabilities, allowing organizations to track and analyze authentication events, further enhancing security.

 

As our gym adopts MFA with biometrics to safeguard something as simple as gym access, it raises important questions about why mainframes, the repositories of our most critical data, often rely on passwords alone. AAM by Broadcom offers a solution to this dilemma, bringing the much-needed security of MFA to the mainframe environment. By implementing AAM, organizations can fortify their mainframes, ensuring that their most valuable assets remain well-protected in an increasingly digital world. 

It's clear that for mainframes to remain secure and effective in today's digital landscape, the adoption of tools like Broadcom's AAM is more than a recommendation–it's a necessity.