Most Mainframe Users Lag in GDPR Readiness

Most Mainframe Users Lag in GDPR Readiness

Businesses are readying for the incoming General Data Protection Regulation (GDPR), but some sectors are lagging: Only one in four IBM mainframe customers questioned in a UK survey are confident that their system security complies.

Within the 75% that aren’t confident about it, 31% think they’re not compliant, while 40% aren’t sure. Around 4% are unsure what the GDPR is in the first place.

That’s according to a poll of 55 mainframe users conducted by Macro 4, at the annual GSE UK Conference for IBM mainframe users in November 2017.

While IBM Z systems have long been respected for their security, most of the users surveyed recognize that mainframe security needs more attention. Only around 7% feel there is no need for improvement.

A full 86% cited tougher regulations such as the GDPR among the main reasons for making access to mainframes more secure. Other key drivers are the increasing sophistication of cyber-criminals (mentioned by 80%) and the fact that mainframes are now more connected to the outside world, and therefore more vulnerable (67%).

“Far from being a closed off environment, today’s mainframe is typically connected to the internet, because it runs important business applications that need to be accessed by millions of enterprise users and customers across the globe,” explained Keith Banham, mainframe research and development manager at Macro 4. “Anyone who has ever booked a flight, purchased insurance online or used internet banking is likely to have interacted with a mainframe somewhere along the line.”

He added, “Growing web and mobile access to the mainframe, combined with hackers getting smarter—and tougher rules and sanctions around data breaches—makes mainframe security a priority.”

Mainframe security is handled by software products such as RACF that tightly control user access to resources such as applications and data. However, the majority of the survey sample agree that security can be improved by adopting additional methods that IBM and other vendors are currently championing.

Almost all—96%—of respondents agreed that data encryption is an important way of securing the mainframe, in line with IBM’s increased focus on this method following the launch of pervasive encryption for its new z14 model.

Similarly, with IBM now supporting multi-factor authentication as a more secure alternative to traditional password-only access, 67% agree it is an important additional security measure.

About 58% of the sample recognize the importance of data minimization, which involves strictly limiting the personal data that is collected and stored to the minimum necessary to accomplish a specific purpose.

“None of us in the mainframe community can afford to be complacent and it is encouraging to see the growing uptake of new security technologies,” said Banham. “The new z14 [is] leading the way with its ‘encrypt everything’ approach. Multi-factor authentication is another area that’s attracting a great deal of interest and the good news is you can implement it relatively easily if you use a session manager, which is a message that went down well at the GSE conference.”

Source: Information Security Magazine