Setting the Stage: Mainframe Data Security

by Joe Sturonas,
Jeff Cherrington

February 1, 2010

2. Resource Access Control includes z/OS resource control and the three security servers. Appropriately granting and restricting the rights of users to mainframe resources (i.e., applications, storage, and data) was once the bulk of all mainframe data security activities. However, today there’s an essential need for identity and resource access management on the mainframe to mitigate inappropriate use of applications and data. This includes comparing and contrasting how such management is implemented by the three security servers: IBM RACF, CA Top Secret, and CA ACF2. It also includes understanding how the three security servers are evolving to serve X.509 digital certificates for identity authentication and other uses supporting their role in an enterprise Public Key Infrastructure (PKI).

3. Data authenticity and endpoint security are essential for defending the pervasively connected mainframe. Mainframe modernization, via Service-Oriented architecture (SOA), has greatly impacted risks to the quality and accuracy of data. Even though the mainframe has the most durable protections in the industry, the necessary integration with user productivity interfaces has opened the door to man-in-the-middle attacks and other threats that must be addressed.

4. Data integrity requires maintaining consistency throughout the data lifecycle. Data integrity risks for the mainframe data center range from internal user negligence to potential attacks by organized criminals. Information data lifecycle management from structured data sources expanding out to unstructured data sources, as well as the policies for the governance of enterprise security, plays a large role in ensuring protection from these risks.

5. Security and business continuity extends beyond protecting against natural and manmade disasters. Staying a step ahead of disaster also includes protecting against vulnerabilities in hardware and software components, both at the perimeter and from insider threats. This requires positioning application availability and business continuity management in the larger framework of mainframe data centers and information security.

6. Ex-perimeter security encompasses data exchange across operating systems. Organizations must adopt a means for mitigating the external risks of data breach and compromise to the same degree as they would apply to internal risks. Certain requirements must be taken into account when exchanging data across operating systems, including the diversity of your own infrastructure and the unknown infrastructures of your customers, partners, and vendors.

7. Security optimization means enhancing performance while reducing CPU and elapsed time. With increasing requirements for data security and encryption, organizations must satisfy data security and privacy requirements and also look at how data security can be efficient and cost-effective. Common ways of optimizing data security and encryption for best performance include reducing CPU and elapsed time.




More info about the authors:

Joe Sturonas
Jeff Cherrington (no biography detail available)