Zero Trust Security Model

Everything you need to know about Zero Trust and how to get started.

Get Security Assessment

What is Zero Trust?

Simply put, Zero Trust is a cybersecurity strategy built on the belief that you should Never Trust and Always Verify. But how do you secure infrastructure, applications and services, and data that, as part of your cloud strategy, are connected broadly and accessible by anyone, at any time, from any location on your network and off? Zero Trust makes it simple to improve your security posture.


Manageable Steps to Achieve Zero Trust Mainframe Security

The first design principle of Zero Trust is focusing on business objectives, and then identifying the crucial assets that enable these objectives. Those assets are then treated as a Protect Surface, shielding them with greater efficiency and effectiveness than trying to protect or shrink the entire attack surface.

When a Mainframe is part of your hybrid cloud infrastructure, your most crucial assets are typically the client, transactional, and institutional data residing on your Mainframe. 

Mainframes have an excellent, well-deserved reputation for high security. Yet Mainframes are not automatically secure to a Zero Trust standard. It’s important to treat them like your Cloud, on-prem or other servers; all Zero Trust principles and processes apply equally to the Mainframe in the context of cybersecurity.

Broadcom’s Mainframe security software solution is in line with the guiding principles of Zero Trust. Starting with ACF2, the first Mainframe ESM, and built on the Principle of Least Privilege, Broadcom lets you start where you are and add strategic security layers incrementally for immediate and ongoing risk reduction. For example, add Multi-factor Authentication (MFA) quickly, without the disruption of a complete security redesign to improve access control.

The evolution of the Protect Surface concept is a solid foundation for an incremental approach toward a Zero Trust model, covering crucial assets in a Protect Surface as prioritized by the organization.





Learn About the Protect Surface Strategy

Using the Protect Surface methodology, you can enhance protection around these crucial assets that are the lifeblood of the organization, such as data, applications, and system-critical infrastructure. Protect Surface helps you accomplish Zero Trust by systematically identifying critical assets, prioritizing them, and deploying a series of controls along the path to and within the Mainframe. These controls include:

  • Zero Trust network access solutions
  • Access enforcement at the gateway
  • Multi-factor authentication
  • Privileged user management

As risks grow, your security strategy should too. Broadcom’s ‘start anywhere’ approach lets you effectively modernize Mainframe security one strategic layer at a time, using the Protect Surface methodology to implement Zero Trust.


Zero Trust - John Kindervag shares methodology

Zero Trust: A Fireside Chat with John Kindervag

Learn what Zero Trust expert John Kindervag says about the Protect Surface methodology. Watch Video
Put together your organization's security jigsaw puzzle

Making Sense of Security, Today’s Most Complicated Jigsaw Puzzle

IT environments come in varied architectures, sizes and complexities and may seem just as daunting as the most complex jigsaw puzzle at first glance. Read Blog
Protect critical data... simplify your path to Zero Trust on the Mainframe

Protect Surface Infographic

Harden against privileged credential abuse, protect your most critical data, and simplify your path to Zero Trust on the mainframe. View Infographic

Why is Zero Trust Important?

Zero Trust ensures that only the right people have the right access, for the right amount of time, and under the right circumstances. It is the security strategy built to deal with today’s security threats and it is ideal for Mainframe data center security as both build on the Principle of Least Privilege.


Reduce Risk through Continuous Authentication

Taking a Protect Surface approach to Zero Trust is a simple way to continue security innovation on the otherwise “assumed-impenetrable” Mainframe. Define your Protect Surface by focusing on privileged users, crucial applications with corresponding data, and system-critical infrastructure. Broadcom’s Mainframe External Security Manager delivers granular authorizations to blend with Zero Trust companion models such as Principle of Least Privilege, all granting access only once requests are verified in depth. The following steps all combine to prevent unauthorized access from the network onto the Mainframe Protect Surface.

  • Segmentation gateway as a next-generation firewall
  • Access enforcement at the gateway
  • Multi-factor authentication


Research Finding: The Role of the Mainframe in a Hybrid-Cloud World

A 2021 survey conducted by Enterprise Management Associates demonstrates the value of the mainframe as a core part of today’s hybrid IT strategy and reveals why 87% of execs view the platform as a competitive advantage. Read the Report

The Benefits of Zero Trust

Zero Trust: trust no one. It seems basic, but also seems somewhat unachievable. Read Blog

Securing Your Business with Zero Trust

See Why Zero Trust is everywhere, in the cloud and on-premise including the mainframe. View On-Demand

How You Can Achieve Zero Trust

Achieving Zero Trust is a journey, and the first step is to pinpoint your mainframe’s strengths and vulnerabilities. How do you do this? That’s where we come in. Broadcom has brought years of security experience and best practices from helping customers to bear to create this no-cost Mainframe Security Health Assessment that allows you to quickly identify and prioritize security steps required to align with Zero Trust and the Protect Surface methodology.


Mainframe Security Health Assessment

Pinpoint your Mainframe’s strengths and vulnerabilities with Broadcom’s Security Assessment. Built by our world-class Mainframe experts, this assessment quickly identifies and prioritizes security steps required to align with Zero Trust and the Protect Surface methodology. Ensure your high-value assets are secure. Get started today with your no cost, no commitment Security Health Assessment.


Get started with a Mainframe Security Health Assessment

Beginning Your Zero Trust Journey

Ensure your high-value assets are secure - get started with a Mainframe Security Health Assessment. Mainframe Health Assessment
Accelerate your security and compliance journey.

Mainframe Cybersecurity Workshops

Accelerate your security and compliance journey through complimentary workshops. Explore available workshops and schedule yours today. Explore Workshops

Read the Blogs

Take control of your mainframe's security using the Zero Trust Methodology
Stop the Firefighting & Take Back Control
November 22, 2022

Security keeping you busy? Stop the Firefighting & Take Back Control

When it comes to security, it is critically important to always be prepared and a step ahead of change. Why? Change introduces risk. Change is often unpredictable as we’ve seen in recent months with an instantaneous shift to full-time remote knowledge workers! This is why we always need to be prepared. But how do we get to a state of prepared bliss when day-to-day tasks keep us busy?

Mainframe Security with Zero Trust
April 14, 2021

Zero Trust for Mainframe Security

Mainframe security has passed the test of time with its multi-layered approach proving repeatedly that it is highly securable. It continues to offer sophisticated controls that keep pace with threat evolution and enable you to continue relying on the most securable platform in your enterprise. Zero Trust is a strategy, a way of thinking about security on your journey to Zero Trust.

The benefits of Zero Trust for your mainframe
Read Blog: Making sense of security using Zero Trust privileges
April 20, 2021

Zero Trust, Part 1: Making sense of security, today's most complicated jigsaw puzzle

As always, ‘rings of security’ and layered defenses are important in security architecture and the same works for implementation of Zero Trust. Advanced authentication at boundary or entry points and contextual granular just-in-time authorization drives layered security checks in a series. Zero Trust is simply implemented with a combination of additional tools and following best practices with existing tools.

Benefits of Zero Trust
The benefits of a Zero Trust Model
May 3, 2021

Zero Trust, Part 2: The Benefits of Zero Trust

Zero Trust is both a way of thinking, as well as a way of behaving as a security organization. The key benefit is preparation. Zero Trust suggests that one should ‘be prepared’ for breaches: assume there will be a breach, and you can plan for it, work to avoid it, and recover from it if it happens. It comes down to mindset. The most secure organizations live every day assuming they have been or will be breached and their security controls are not good enough. Preparation is the foundation for a Zero Trust model, or stated differently, verify before you trust model.

Have you adopted the Zero Trust methodology for your mainframe's security?
Read Blog: Is Zero Trust challenging to adopt?
June 3, 2021

Zero Trust, Part 3: Is Zero Trust Challenging to Adopt?

Zero Trust seems like an initiative that is more appropriate for a new system or application, but not something one would hope to achieve on a system that has been in use for decades. But, in fact, one could argue that Mainframe was an original ‘Zero Trust’ platform. You see, originally, when the mainframe system was developed, everyone had access to everything. After all, only the experts were on the system and “regular user” access was very limited.

Zero Trust - an approach to cyber security that should be applied to the Mainframe
Blog: How to adapt Zero Trust for Mainframe
June 30, 2021

Zero Trust, Part 4: How to Adopt Zero Trust for Mainframe

Zero Trust is an approach to security that can and should be applied to the Mainframe. Yet too often, Mainframe is overlooked as a security concern, as many assume that it is naturally secure, because, well, it's a Mainframe. Now, this is certainly flattering for the platform, and to be honest, the Mainframe’s reputation for security is well deserved. But it is not invulnerable, and nothing about it is ‘naturally’ secure.

User authentication is a key element in mainframe security
Adopt a ZeroTrust module for mainframe security
August 26, 2021

Zero Trust, Part 5: Deeper Trust in Each and Every Identity

Trust in identity is a key element in the digital world. Static credentials can be stolen leaving ambiguity in the digital identity signing on to our systems. Proactive preventive actions can drive a deeper trust in the identity authenticating to your environment. Advanced authentication methods can thwart a tragedy for an organization by driving a deeper trust in an identity prior to granting the identity access to enterprise-critical and data rich environments.