Mainframe Blog

Strategic Security | Broadcom

Written by Stuart McIrvine | Nov 22, 2022 3:52:00 PM

Have you ever received one of those letters, “We are writing to inform you of a security incident involving certain personal information you provided…?” You likely have and you know how you felt about the business at that moment.

Have you ever had to send one? Imagine having to do that and think about all those customers contemplating your business at that moment. Now imagine that you’re Postbank, the banking division of South Africa's Post Office. They had taken precautions to protect their and customers’ data but they now face losses of more than $3 million and must replace 12 million credit cards at an approximate cost of $58 million. 

They had protected data with encryption and protected the encryption keys with a master key. Then, one or more employees (likely with privileged user access) gained access during a datacenter move and printed the master key – the key to rule all keys. There was nothing elegant here, no ring of organized criminals, no sophisticated breaching tools – just opportunity and a printer.

No one wants to be faced with that. Losses. Fines. Customer trust. Can your business withstand it? And this is just one example. In 2021, Varonis found that, on average, a financial services employee in large organizations has access to nearly 20 million files with 2% of those containing financial and PII information. What happens if that information is compromised?

With the level of change today, is it even possible to protect against breaches and risks? Cyber-attacks come from pseudo-amateurs with opportunity and from organized criminals with an evolving arsenal of tools. A large part of the global workforce is now working off-site exposing our networks, systems, and data to new threat vectors and inconsistent protections. Every day brings new challenges, new disruptions, and new risks.

So how do we solve the challenge so we can avoid imagining ourselves in the unenviable position of sending out a breach letter?

When it comes to security, it is critically important to always be prepared and a step ahead of change. Why? Change introduces risk. Change is often unpredictable as we saw with an instantaneous shift to remote work for many due to the pandemic. This is why we always need to be prepared. But how do we get to a state of prepared bliss when day-to-day tasks keep us busy?

Minimize disruptions.

If we reduce firefighting, we can allocate the time saved to strategic planning and implementation to keep security top-notch and further reduce our risk and our firefighting. Security is the constant element amongst all others in our business that cannot fail. The stakes to our brand, regardless of what regulations govern our business, are too high!

When applied to Mainframes, these stakes amplify. Mainframes secure over 70% of the world’s mission-critical data. They support our global economy processing 90% of global credit card transactions and hosting core banking applications for more than 90% of the world’s top 100 banks. It is unlikely that any of us can go through an entire day without interacting with a Mainframe.

The good news is that with strategic planning, we can maintain a solid security foundation. The Mainframe has always been a pillar others look up to when it comes to security. It is arguably the most securable IT platform. But digital transformation and unpredictable global events are driving environmental shifts! This can increase risk if we don’t keep pace and ensure we implement modern security on all IT platforms.

What’s keeping us busy and holding us back?

Many factors fuel firefighting and hold us back from strategic planning.

  • Cybersecurity skeleton crews
  • Complexity and lack of automation
  • Modern threats without the implementation of modern protections

Cybersecurity Skeleton Crew

High demand has created a shortage of skilled cybersecurity workers. This poses a real challenge as training new employees and building experience takes time before you have a knowledgeable, productive worker ready to make solid, independent security decisions. Where do I find qualified staff? How can I train employees in the skills I need? These are common questions when seeking cybersecurity staff for critical Mainframe infrastructure.

Complexity and Lack of Automation

That crosscut handsaw is an outstanding tool when you’re putting up a mailbox post. And it will do the job when you’re building a garage – but wouldn’t some automation be better? Same question for IT security – wouldn’t automation help us get more done and make addressing complex tasks easier? Just as with skilled workers, automation is another key element that requires an upfront investment. It becomes apparent very quickly how automation frees up time for strategic initiatives. Some large enterprises have 90% of their user accounts and entitlements that need cleanup. Imagine how long that takes to do manually and what doesn’t get done as a result. Complexity makes it difficult to see all the risks, and pockets of manual work slow us down and prevent us from being strategic.

Modern Threats without the Implementation of Modern Protections

Firefighting will ensue if we try to solve modern risks with archaic processes. Even the Mainframe, the pillar of security strength, must modernize security efforts as the context of the environment in which it runs continuously changes. As we’ve connected the Mainframe into networks to expose more value to more users and customers, we’ve also created more risk. We need to respond to the security, risk, compliance, and privacy needs of today with tools to match. The Mainframe is no longer the machine behind the curtain!

I've noted some real challenges. It’s ok to feel overwhelmed, but never defeated. There are steps we can take that will free up some time to ensure we can once again plan, keep pace with change, and even move one step ahead! A platform can only be as secure as we make it through deploying a modern strategy.

Solutions

Building Beyond the Cybersecurity Skeleton Crew

The demand isn’t decreasing, so how do we resolve the shortage of cybersecurity workers? Vendors may offer training. For example, at Broadcom, we take steps to help organizations upskill as a part of our value-add Beyond Code programs. We offer no-cost online product education – but we also train to a much deeper level. We will train your staff face-to-face as part of our New Hire training - the same classes we deliver for our Associate Software Engineers. Seven weeks of intense training on everything Mainframe – including soft skills, technical topics such as z/OS basics, security, TPX, TSO/ISPF, REXX, and Assembler.

Or, if you are having trouble finding talent, we will invest with you through our Vitality Residency Program. Through the program, we will hire new talent and train them to be Mainframe experts in our products. Once they are fully trained, with initial experience gained through an on-site residency at your business, they transition and become one of your employees fully certified in our solutions -- all at little to no cost to you.

Trained workers result in a huge return on the time investment — employees develop skills in the exact areas your organization needs, have access to our experts and a mentor even after they transition to your organization, and gain knowledge that takes the guesswork out of their day-to-day tasks... which means less risk. Think about the rapid scramble caused by COVID-19. In such events, we may not be able to scale to rapid security requests with existing skills. Think about the competitive advantage to your organization by taking advantage of a skill-building offer!

Solving Complexity and Simplifying through Automation

Integrating your Mainframe into your SOC or SIEM can solve many issues. Having a consistent dashboard across the enterprise ensures we’re taking advantage of all available skills and offers opportunities to address vulnerabilities before they become threats. Mainframe security tools from Broadcom support interoperability and integration of data with many popular SIEMS such as Splunk, QRadar, LogRhythm, and others to help you simplify and automate across the enterprise.

Automation is also a good way to gain a large buy-back in time. So — where do we start? Configuration compliance can deliver significant ROI through automation. Let the tools do the work. Get started with MRI Security Essentials and see right through the complexity. Customers have reported a 94% reduction in the time it took to monitor and check their security configuration settings — using an automated tool such as MRI Security Essentials versus manual labor. Or consider applying a tool like CA Cleanup to that user account and entitlements problem.

Modern Threats Solved with Modern Protections

Mainframes are the most securable IT platform, but it isn’t automatic. We need to ensure we deploy on Mainframes the same protections we apply to hybrid/cloud systems. A re-evaluation of Mainframe security will highlight modernization efforts that can deliver savings in time and a reduction in risk in the digitally transformed world.

A simple assessment can determine if commonly used distributed security controls – Multi-Factor Authentication, privileged user management, or data classification – are also deployed in the Mainframe environment. You may find that as attention has been focused elsewhere on distributed systems or cloud hot spots, some gaps have appeared and need to be filled in Mainframe environments.

MRI Security Essentials is a great starting point and you can also examine tools to help you advance the entire Mainframe security lifecycle on the Broadcom Mainframe Security website. Our solutions work with all three Mainframe ESMs – Top Secret, ACF2, and RACF.

Mainframe environments often process over 100,000 security calls a second! That’s a lot of reason to justify a solid security strategy and a re-evaluation of your efforts. Remember, busy is only in the eye of the beholder and may not move you towards your security goals! Strategic, on the other hand, will result in fulfilling your security goals and better long-term success!

Stop the Firefighting and Advance Your Mainframe Security Today!