Simply put, Zero Trust is a cybersecurity strategy built on the belief that you should Never Trust and Always Verify. But how do you secure infrastructure, applications and services, and data that, as part of your cloud strategy, are connected broadly and accessible by anyone, at any time, from any location on your network and off? Zero Trust makes it simple to improve your security posture.
The first design principle of Zero Trust is focusing on business objectives, and then identifying the crucial assets that enable these objectives. Those assets are then treated as a Protect Surface, shielding them with greater efficiency and effectiveness than trying to protect or shrink the entire attack surface.
When a Mainframe is part of your hybrid cloud infrastructure, your most crucial assets are typically the client, transactional, and institutional data residing on your Mainframe.
Mainframes have an excellent, well-deserved reputation for high security. Yet Mainframes are not automatically secure to a Zero Trust standard. It’s important to treat them like your Cloud, on-prem or other servers; all Zero Trust principles and processes apply equally to the Mainframe in the context of cybersecurity.
Broadcom’s Mainframe security software solution is in line with the guiding principles of Zero Trust. Starting with ACF2, the first Mainframe ESM, and built on the Principle of Least Privilege, Broadcom lets you start where you are and add strategic security layers incrementally for immediate and ongoing risk reduction. For example, add Multi-factor Authentication (MFA) quickly, without the disruption of a complete security redesign to improve access control.
The evolution of the Protect Surface concept is a solid foundation for an incremental approach toward a Zero Trust model, covering crucial assets in a Protect Surface as prioritized by the organization.
When it comes to security, it is critically important to always be prepared and a step ahead of change. Why? Change introduces risk. Change is often unpredictable as we’ve seen in recent months with an instantaneous shift to full-time remote knowledge workers! This is why we always need to be prepared. But how do we get to a state of prepared bliss when day-to-day tasks keep us busy?
Mainframe security has passed the test of time with its multi-layered approach proving repeatedly that it is highly securable. It continues to offer sophisticated controls that keep pace with threat evolution and enable you to continue relying on the most securable platform in your enterprise. Zero Trust is a strategy, a way of thinking about security on your journey to Zero Trust.
As always, ‘rings of security’ and layered defenses are important in security architecture and the same works for implementation of Zero Trust. Advanced authentication at boundary or entry points and contextual granular just-in-time authorization drives layered security checks in a series. Zero Trust is simply implemented with a combination of additional tools and following best practices with existing tools.
Zero Trust is both a way of thinking, as well as a way of behaving as a security organization. The key benefit is preparation. Zero Trust suggests that one should ‘be prepared’ for breaches: assume there will be a breach, and you can plan for it, work to avoid it, and recover from it if it happens. It comes down to mindset. The most secure organizations live every day assuming they have been or will be breached and their security controls are not good enough. Preparation is the foundation for a Zero Trust model, or stated differently, verify before you trust model.
Zero Trust seems like an initiative that is more appropriate for a new system or application, but not something one would hope to achieve on a system that has been in use for decades. But, in fact, one could argue that Mainframe was an original ‘Zero Trust’ platform. You see, originally, when the mainframe system was developed, everyone had access to everything. After all, only the experts were on the system and “regular user” access was very limited.
Zero Trust is an approach to security that can and should be applied to the Mainframe. Yet too often, Mainframe is overlooked as a security concern, as many assume that it is naturally secure, because, well, it's a Mainframe. Now, this is certainly flattering for the platform, and to be honest, the Mainframe’s reputation for security is well deserved. But it is not invulnerable, and nothing about it is ‘naturally’ secure.