Think Back-end Security from an Enterprise Perspective
As I travel and talk to our existing and expanding customer base I am noticing something that I did not see before. In my meetings and with technical staff and management I am noticing an exciting trend of more and more distributed network and server staff becoming interested in System z. The replace the mainframe crowd seems to realize that these “dinosaurs” cannot be replaced anytime soon and are starting to try to understand, integrate and embrace what was a dying technology. This presents a challenge to us System Z folk in how we open up our once vaulted systems.
[the] "replace mainframe crowd" seems to realize that these “dinosaurs” cannot be replaced anytime soon.
Mainframers can no longer depend on security by isolation to protect our data. RACF, ACF-2 and Top Secret alone cannot protect Unix Systems Services and zLinux. The open and services common these OS’s provide also bring the same vulnerabilities that have existed in the distributed world for decades. Now insider and outside threats expose System z data in ways that the external Security packages were never developed to protect.
Conversely decisions z/OS staff make on z can now affect the entire Enterprise infrastructure in password, User ID, x.509 certificate and Unix UID standards. File transfer Security, User ID provisioning and Authentication methods can have a ripple up impact on distributed platforms.
At SSH Communications Security we have not left the Mainframe behind. On the contrary, we will continue to invest in it. It may would be worth your time to do a little research in some of our new products to see how we can help you enhance your security posture. Universal Key Manager for z/OS can help manage Secure Shell keys that can bypass RACF authentication. CryptoAuditor can monitor Secure Shell, RDP and SFTP traffic coming and going to the Mainframe while providing forensics that can be used as a tool in a court of law.