Mainframe Security: When Shifting to Mainframe in the Cloud

By: David Stokes - Leave a comment


Governments around the world institute regulations to safeguard the use of personally identifiable information (PII) and penalize organizations that fail to comply.

Despite some countries attempting to deregulate, this doesn’t seem to have affected PII. Whether it’s the Payment Card Industry Data Security Standard (PCI DSS), the U.S. Gramm–Leach–Bliley Act or the EU General Data Protection Regulation (GDPR), failing to adhere to regulations can result in wasted time, costly fines and even career loss. Organizations need to treat privacy as both a compliance and business-risk issue, and that’s why the topic keeps coming up.

Many companies feel PII is better handled on a mainframe, where encryption and security are more pervasive. As clients transition to an off-premises cloud-based operational model, they often ask me why their sensitive data is more secure in the cloud than where it’s currently located on-premises.

Don’t Be Left in the Dark

This conversation often centers on the status of clients’ data. We ask if they can account for where their data is on the mainframe, how that data is used and whether they are compliant with industry regulations. I’ve labeled this talk the “dark discussion,” because more than 50 percent of enterprise data is dark or untagged, unclassified and contains an unknown amount of regulated or sensitive data, according to Veritas.

Often, chief information security officers (CISOs) simply assume that mainframe data is secure and that the data has always been well-handled. However, in reality, the data is often just dark.

As companies transition to our mainframe-as-a-service, we seek to shine light on data. IBM always reexamines security controls during a transition to our cloud. Whether in-house or in the cloud, it’s always worthwhile to provide additional security focus, especially as over 55 percent of enterprise applications touch the mainframe, reports CloudTech.

The Light at the End of the Tunnel

As organizations transition to the cloud, the role of mainframe software vendors increasingly comes into play as clients look to move on-premises workloads and applications to the cloud. I recently sat down with IBM Global Offering Manager Steven Dickens to discuss this topic and how the recent partnership between IBM and CA Technologies, a key player in this space, fits in.

CNBC reports that the average cost of a data breach is $4 million and growing. We’ve all heard of data breach incidents that have wreaked serious havoc on the finances and reputations of some of the world’s top-performing companies. According to Dickens, organizations must treat privacy as both a compliance and business risk issue.

That’s what we have heard from our clients, and that’s why the IBM–CA partnership has produced the CA Data Content Discovery (DCD) solution for IBM z Systems. It helps IBM to provide our clients a level of confidence in their transition to the cloud, and in their compliance posture as we take our mutual clients to IBM Managed Services on z Systems.

Dickens went on to say that “both IBM and CA Technologies agree that to mitigate the risk of a data breach, organizations must think and act upon mainframe security holistically, especially when considering a shift to mainframe in the cloud.”

From my discussion with Dickens, three areas became evident for anyone looking to make the transition to the cloud, particularly the CISO:

  • Find mission-critical data to quickly gain insights about the potential and magnitude of data exposure.
  • Classify data to prove that controls are checked by types to satisfy compliance regulations.
  • Protect critical resources by eliminating the risky off-loading of mainframe data.

By scanning the data infrastructure on the mainframe, the DCD solution equips businesses to make the appropriate decisions to manage risks. Indeed, CA explains that this tool “finds sensitive and regulated data on z Systems, classifies the data based on sensitivity level and provides users with the option to archive or delete the data to prevent its misuse or duplication elsewhere.”

CA and IBM are partnering to help clients move seamlessly to the cloud. By leveraging the DCD solution, IBM can easily carry clients through cloud migration. This solution empowers clients to find, classify and protect their data — including dark PII data. DCD will help organizations become more compliant and secure as they operate their mainframe workloads in the cloud.

Topics: , , , , , ,

About The Author

David Stokes

Vice President & Business Unit Executive, CA Mainframe

David Stokes is Vice President & Business Unit Executive for CA's Mainframe business unit. David leads CA's Platform & Common Services team that includes CA Common Services (CCS), Mainframe Software Manager (MSM), Value Portfolio, and z Systems platform business & technology initiatives for CA.