Simply put, Zero Trust is a cybersecurity strategy built on the belief that you should Never Trust and Always Verify. But how do you secure infrastructure, applications and services, and data that, as part of your cloud strategy, are connected broadly and accessible by anyone, at any time, from any location on your network and off? Zero Trust makes it simple to improve your security posture.
The first design principle of Zero Trust is focusing on business objectives, and then identifying the crucial assets that enable these objectives. Those assets are then treated as a Protect Surface, shielding them with greater efficiency and effectiveness than trying to protect or shrink the entire attack surface.
When a Mainframe is part of your hybrid cloud infrastructure, your most crucial assets are typically the client, transactional, and institutional data residing on your Mainframe.
Mainframes have an excellent, well-deserved reputation for high security. Yet Mainframes are not automatically secure to a Zero Trust standard. It’s important to treat them like your Cloud, on-prem or other servers; all Zero Trust principles and processes apply equally to the Mainframe in the context of cybersecurity.
Broadcom’s Mainframe security software solution is in line with the guiding principles of Zero Trust. Starting with ACF2, the first Mainframe ESM, and built on the Principle of Least Privilege, Broadcom lets you start where you are and add strategic security layers incrementally for immediate and ongoing risk reduction. For example, add Multi-factor Authentication (MFA) quickly, without the disruption of a complete security redesign to improve access control.
The evolution of the Protect Surface concept is a solid foundation for an incremental approach toward a Zero Trust model, covering crucial assets in a Protect Surface as prioritized by the organization.
Using the Protect Surface methodology, you can enhance protection around these crucial assets that are the lifeblood of the organization, such as data, applications, and system-critical infrastructure. Protect Surface helps you accomplish Zero Trust by systematically identifying critical assets, prioritizing them, and deploying a series of controls along the path to and within the Mainframe. These controls include:
As risks grow, your security strategy should too. Broadcom’s ‘start anywhere’ approach lets you effectively modernize Mainframe security one strategic layer at a time, using the Protect Surface methodology to implement Zero Trust.
Zero Trust ensures that only the right people have the right access, for the right amount of time, and under the right circumstances. It is the security strategy built to deal with today’s security threats and it is ideal for Mainframe data center security as both build on the Principle of Least Privilege.
Taking a Protect Surface approach to Zero Trust is a simple way to continue security innovation on the otherwise “assumed-impenetrable” Mainframe. Define your Protect Surface by focusing on privileged users, crucial applications with corresponding data, and system-critical infrastructure. Broadcom’s Mainframe External Security Manager delivers granular authorizations to blend with Zero Trust companion models such as Principle of Least Privilege, all granting access only once requests are verified in depth. The following steps all combine to prevent unauthorized access from the network onto the Mainframe Protect Surface.
Achieving Zero Trust is a journey, and the first step is to pinpoint your mainframe’s strengths and vulnerabilities. How do you do this? That’s where we come in. Broadcom has brought years of security experience and best practices from helping customers to bear to create this no-cost Mainframe Security Health Assessment that allows you to quickly identify and prioritize security steps required to align with Zero Trust and the Protect Surface methodology.
Pinpoint your Mainframe’s strengths and vulnerabilities with Broadcom’s Security Assessment. Built by our world-class Mainframe experts, this assessment quickly identifies and prioritizes security steps required to align with Zero Trust and the Protect Surface methodology. Ensure your high-value assets are secure. Get started today with your no cost, no commitment Security Health Assessment.
When it comes to security, it is critically important to always be prepared and a step ahead of change. Why? Change introduces risk. Change is often unpredictable as we’ve seen in recent months with an instantaneous shift to full-time remote knowledge workers! This is why we always need to be prepared. But how do we get to a state of prepared bliss when day-to-day tasks keep us busy?
Mainframe security has passed the test of time with its multi-layered approach proving repeatedly that it is highly securable. It continues to offer sophisticated controls that keep pace with threat evolution and enable you to continue relying on the most securable platform in your enterprise. Zero Trust is a strategy, a way of thinking about security on your journey to Zero Trust.
As always, ‘rings of security’ and layered defenses are important in security architecture and the same works for implementation of Zero Trust. Advanced authentication at boundary or entry points and contextual granular just-in-time authorization drives layered security checks in a series. Zero Trust is simply implemented with a combination of additional tools and following best practices with existing tools.
Zero Trust is both a way of thinking, as well as a way of behaving as a security organization. The key benefit is preparation. Zero Trust suggests that one should ‘be prepared’ for breaches: assume there will be a breach, and you can plan for it, work to avoid it, and recover from it if it happens. It comes down to mindset. The most secure organizations live every day assuming they have been or will be breached and their security controls are not good enough. Preparation is the foundation for a Zero Trust model, or stated differently, verify before you trust model.
Zero Trust seems like an initiative that is more appropriate for a new system or application, but not something one would hope to achieve on a system that has been in use for decades. But, in fact, one could argue that Mainframe was an original ‘Zero Trust’ platform. You see, originally, when the mainframe system was developed, everyone had access to everything. After all, only the experts were on the system and “regular user” access was very limited.
Zero Trust is an approach to security that can and should be applied to the Mainframe. Yet too often, Mainframe is overlooked as a security concern, as many assume that it is naturally secure, because, well, it's a Mainframe. Now, this is certainly flattering for the platform, and to be honest, the Mainframe’s reputation for security is well deserved. But it is not invulnerable, and nothing about it is ‘naturally’ secure.