November 18, 2022

How to Make Mainframes Quantum-Safe?

Mainframe admins know very well that all data communications should be well-secured. You have likely already converted your unsecure FTP traffic into SFTP with SSH Tectia Server for IBM z/OS, or maybe you are considering your options at this point. But now there’s talk about the quantum threat - that quantum computers are going to compromise all current data communications in a few years' time. You start to wonder: how will this impact me and my system? Let’s find out.

Due to their exceptional processing power and reliability, mainframes are a cornerstone of data processing architectures in many large organizations. Having a very robust internal security architecture, they are still vulnerable to unprotected or weakly protected data communications. At the same time, quantum computers are getting more powerful, threatening the security of all modern data infrastructures. The following aspects affect specifically mainframes:

1. Zero Trust mandates

Zero Trust is a popular paradigm that states that you should always verify all access to targets and encrypt all data communications, even in internal networks. Mainframes are no exception. On the contrary, they present a valuable target that should be given the maximum level of protection. The U.S. Federal Government has mandated that all agencies migrate to Zero Trust as soon as possible. 
 
As a mainframe administrator, your critical systems should be ahead of the rest of the organization when it comes to securing your data communications systems against the quantum threat. 

2. Recording attacks

Mainframes process data that is critical for the organization. This data often contains secrets that are valid and potent for a long time, like personal health information or credit card numbers. While data is comfortably safe when in the mainframe storage, it can be easily intercepted from data communications.  
 
With the eventual availability of large-scale quantum computers, the encryption protecting the data can be cracked, leaving the valuable secrets contained within exposed. This means that the quantum threat is already present, for mainframes as well as other systems. 

3. Terminal connection vulnerability

The mainframe is as secure as its least secure data connection. The default TN3270 terminal connection towards a mainframe is unprotected and therefore vulnerable to a session hijack. Such connections should be either disabled or secured, for example, using the tunneling feature of Tectia Server for IBM z/OS. With tunneling, the terminal connection becomes quantum-safe as well!

4. Hardware acceleration 

A mainframe administrator needs to be aware of the costs of CPU processing power and consider solutions that include offloading external cryptographic coprocessors like CEX or zIIP. 

Securing mainframe communications

Securing your mainframe against the quantum threat does not require huge infrastructure investments, and you don’t need dedicated fiber cables.

Tectia Server for IBM z/OS is the only solution on the market with a straightforward FTP-SFTP conversion that does not need massive script rewriting. When coupled with SSH Tectia Quantum-Safe Client/Server or a compatible third-party client/server on the other end, all communications in and out of the mainframe will be quantum-safe.

Learn more in our Guide to Secure Data Communications for IMB z/OS Mainframe by clicking the link below.

Learn more

 

Jussi Rautio

Jussi has recently joined SSH.com to develop the product vision for the company flagship product, Tectia. He has been on the IT business for more than 20 years, researching, developing and managing products.

Other posts you might be interested in