Cyberattacks and ransomware incidents are at an all-time high, and enterprises are very focused on ensuring protection for their data and that of their customers. The 2021 BMC Mainframe Survey found that for the second consecutive year security was considered a top priority. This year 61% of mainframe professionals ranked among their top priorities. Among those surveyed, 86% had conducted an internal security audit in the last two years that revealed an unaddressed vulnerability, and 41% of those vulnerabilities were related to the mainframe operating system, while 40% were related to configuration. With 72% of extra-large mainframe shops (enterprises with more than 50,000 million instructions per second) having more than half of their data on the mainframe, these audits are integral to cybersecurity. Alan Warhurst, senior manager of product management at BMC, says that looking at those enterprises that have embraced the mainframe, firms can see that investing in people, processes, and technology can lead to continued success and security.
Mainframe Can Be a Safe Harbor
The mainframe, Warhurst says, has become a "safe harbor" for many businesses during this highly disruptive time, especially with many businesses embracing remote work in such a short time. "In turning to the mainframe, these enterprises found it was ideal to help drive forward their digital transformation toward becoming an autonomous digital enterprise," he explains. These enterprises are leveraging artificial intelligence for operations to automate manual tasks and reduce the need for the specialized skills necessary for successful mainframe management. Warhurst points out that these enterprises are innovating how they manage their mainframes by integrating their applications and management.
"The traditional network perimeter," the survey report says, "is dead." Warhurst clarifies, "It has been known for a long while that even if you have an incredibly strong perimeter, it will be breached. Systems are too connected and too human in nature, such that it is easy to manipulate." He adds that these perimeters have, for the most part, "been replaced by multi-layered security and many organizations are now seriously looking at zero-trust type architectures to minimize the risk."
It has been known for a long while that even if you have an incredibly strong perimeter, it will be breached.
According to the survey, the mainframe must be proactively secured, with "real-time visibility and security information and event management (SIEM) integration to enable fast detection and response by security operations center teams." Moreover, security integration enables enterprises to automatically detect anomalies, which enables faster mean time to repair. Integrating mainframe management across the enterprise allows mainframe personnel to work cross-functionally.
Cybersecurity and Future of Mainframe Growth
As enterprises integrate mainframe and DevOps with other teams, security teams will face a number of challenges. Warhurst says, "I think the most notable thing is the speed of change, so understanding normal will be really key." The survey, he says, demonstrates how a DevOps approach can improve not only infrastructure stability but also increase security. Change, Warhurst says, "is something to be embraced." However, he advises that the security team must be engaged early on in the design and development stages, and robust security testing is key to the success of the DevOps life cycle.
Tip: Engage your security team early on in the design and development stages when implementing DevOps.
Warhurst indicates that enterprises can be poised for success if they invest in tools and use them in the most efficient way possible, invest and embed the expertise necessary to ensure those tools are correctly configured, and reach out to experts in the field to ensure the platform is secure and effective. Experts can particularly help enterprises minimize risks and ensure system security, while artificial intelligence can help enterprises identify trends and different usage patterns to "catch bad actors" ahead of time. Warhurst shares that one of the main takeaways of the survey is that the mainframe remains a strong platform for enterprise growth, and many firms continue to feel confident that their assets are secure. Security needs to be top of mind at any organization, even as it moves to the hybrid cloud environment or scales up mainframe capabilities.