Zero Trust for Mainframe Security

April 14, 2021


Ever wondered why so many organizations suffer security breaches and then are surprised it happened? It comes down to a mindset. If you expect that a breach will never happen to you, you’re in a great position to be surprised. You’re also in a position where you’re not providing the optimal security posture to protect your business. The most secure organizations live every day assuming they are going to be breached, or have already been breached. They also assume that their current security controls are not good enough and are in need of continuous improvement. This is the foundation for a Zero Trust model for security. Zero Trust brings calm to the storm of risk, and, as the name suggests, it creates a shift from the perimeter security model of “trust but verify” to “verify before you trust.”

The mainframe has never been a trusting platform. That’s one of the features that I love about it. Working with our customers to help them achieve the strongest possible security posture with their mainframe is more than a professional focus for me. Knowing its importance to everything they do, I view it as more of a mission. When partnering with our customers, I stress that users on the mainframe have access to nothing until that access is explicitly granted. Is it because users (their employees) are not trusted? No, not exactly. But actions are not always trusted. Too many mistakes are made. In fact, the majority of breaches occur because of employee mistakes. Mistakes can take the form of an accidental change or falling prey to a phishing scheme. Any mainframe credentials pose the possibility to inflict damage to the platform and thereby the business. Unless we take advantage of modern mainframe security controls, the mainframe, and the business that relies on it, is at risk in the face of changing threats.

Broadcom is committed, maybe even obsessed – in a good way – with security. Mainframe security has passed the test of time with its multi-layered approach proving repeatedly that it is highly securable. It continues to offer sophisticated controls that keep pace with threat evolution and enable you to continue relying on the most securable platform in your enterprise. We know, and continually advise our customers, that staying current and adopting these controls is essential. For example, taking advantage of mainframe multifactor authentication provides good guarantees that the true owner of the credentials is the only user. Now, imagine that authenticated user happens to be a privileged user – an employee that has extensive access to mainframe resources. Privileged users are essential to your businesses but they also have the potential to cause significant damage. We work with our customers to ensure that mainframe privileged access management (PAM) controls are in place to mitigate the risks that can be incurred. I advise all enterprises to do this. With modern PAM controls you can even ensure that users are only in a privileged state temporarily (supporting the principles of least access) and will be subject to very granular monitoring.

Just as security monitoring is a critical function in any enterprise regardless of how much you trust your employees, using security event monitoring should be an important part of your mainframe security program. And it’s an essential part of a Zero Trust model for security, enabling you to continuously look for violations of your policies and any anomalies to normal behavior or configuration changes. And, by sending these monitored events to your favorite SIEM platform, you’re ensuring that you’re providing enterprise-wide security excellence.

I reassure our customers as they contemplate their next security moves – Zero Trust isn’t a part number or software package that they purchase. It’s a strategy, a way of thinking about security, and they can implement it on the Mainframe from wherever they’re at today. Adding incremental controls is often simpler, and each new control reduces risk on your journey to Zero Trust.

Learn more about Zero Trust on the Mainframe and secure your future today.

Like what you read? Join our Mainframe Insights group to collaborate and ideate with us as we grow our Mainframe ecosystem together:


Tag(s): Security, Mainframe