The Mainframe and IDM
Identity Management Projects always result in lower costs and Streamlined Security Administration.
Where have you heard that one before?
Since the mid 1990's there has been a talent drain in the Mainframe Security Administration field. Concerned IT Management, looking for ways of filling the void basically figured that automating User Provisioning and Credentials could fill the void. To meet the Customers needs Large Software Companies developed centralized Identity and Access management tools. In terms of the Mainframe it meant putting a common Windows GUI in front of ACF-2 Top secret and RACF for inexperienced Administrators to drag and drop ID's and rules.
One Problem. It didn't work.
These tools required clean databases, up to date HR Systems and at least basic knowledge of how Mainframe security works. What's the old saying? If you put a GUI on a pile of you know what, you end up with a bigger pile of you know what (My kid may be reading this blog hence the G rating).
There is today however a renewed effort to actually solve actual BUSINESS PROBLEMs with the new generation of IDM software. What a concept actually listening to The Business.
SSH's Universal Key Manager (UKM) actually provides technology that for the first time controls the proliferation and abuse of SSH Keys on the Mainframe and the Enterprise. For the first time these stealthy credentials can be controlled via Centralization. Keys that are NOT Managed by the three z/OS Security packages in any way.
As the Mainframe is rapidly being rolled out as a major Open Systems services provider it will be comforting to have Enterprise class controls of your keys.
Until next time. Keep those keys in mind.