September 25, 2020

The mainframe isn’t going anywhere – how can we secure it?

Mainframes are often derided as a relic of a bygone era, but the facts say differently. In fact, IBM – the world’s largest mainframe vendor – recently released a report that showed Z series mainframe sales are up: the revenue grew 61 percent in Q1 this year. Last year IBM reported an increase of 70 percent year over year. The list just goes on:

  • Ninety-two of the world’s top 100 banks
  • all of the top 10 insurers
  • 18 of the top 25 retailers, 70% of the Fortune 500
  • and 71 percent of Fortune 500 companies

all rely on the mainframe to host their core business functions.

Where is this sudden renewed interest in mainframes coming from? In today’s complicated IT landscape, mainframes provide the reliability, scalability and security enterprises need to thrive. With that in mind, how can mainframes add value to businesses and improve processes, all without losing sight of enterprise security.

The IT workhorse

Mainframes have long been heralded as an IT workhorse, capable of processing approximately 30 billion business transactions per day, from credit card transactions to stock trades, and manufacturing processes to Enterprise Resource Planning (ERP) systems.

But, as the technology landscape and the face of IT have evolved, mainframes have also adapted to keep up with the newest trends. Today, they’re designed to support things like cloud computing and big data and analytics. And, crucially, the advent of Linux on the mainframe has ushered in a new era of mainframe use, injecting new life into the platform. That’s largely because Linux on the mainframe is the same as Linux on any other platform, making it more open and accessible to more developers.

The so-called mainframe renaissance isn’t just hearsay – recent research by Compuware showed that mainframe workloads are increasing. Right now, 57 percent of enterprises with a mainframe run more than half of their critical applications on the mainframe, and that number is expected to rise to 64 percent by next year.

Additionally, the survey revealed that 72 percent of customer-facing applications are dependent on mainframe processing.

File transmission on the mainframe

As reliance on the mainframe increases, how can businesses make sure they’re keeping processes secure? Let’s take a look at the file transmission process, for example.

Enterprises need fast, reliable, secure data to flow throughout their networks for critical IT processes. Big data isn’t quite the buzzword it used to be, but it doesn’t mean that it’s no longer relevant. Large masses of data are being transferred by big corporations every minute.

Historically, enterprises have relied on the commonly used legacy File Transfer Protocol (FTP) for file transmission. But, FTP wasn’t designed to be a secure protocol, so it’s vulnerable to risks like password sniffing and man-in-the-middle attacks.

SFTP transmission

Instead, Secure Shell (SSH)-enabled technologies can give enterprises the security they need, enabling secure use of legacy applications and secure automated file transfers. The Secure Shell-enabled file transfer protocol, SFTP (Secure File Transfer Protocol) is the far superior file transfer protocol for enterprises today.

SFTP offers simplified configuration and flexibility with authentication methods, without any need for additional admin and maintenance. Fast, encrypted SFTP-enabled file transfers can help enterprises save time and money, while also protecting against attacks on user identities and credentials.

Why serious businesses need a commercial mainframe SFTP solution

SFTP has its open source and in-house implementations, and as the inventors of the Secure Shell (SSH) protocol, we certainly encourage its use for a variety of use cases. But mainframes manage mission-critical data, like credit card information, so the businesses need the best solutions on the market to protect that data.

1. Fast transmissions, fast recovery with commercial mainframe SFTP

The pace of business velocity is ever-increasing, so the production environments need to be faster than ever. When it comes to file transmission, businesses don’t have the time to wait for large files and backups to transfer to the cloud or worry about interruptions to the data flow. Top-tier commercial SFTP solutions are rigorously tested and can continue file transmissions from the point of interruption if they happen.

2. Shortage of mainframe experts makes in-house or Open Source projects challenging

There are fewer mainframe experts around. Business are also dealing with rising admin costs, so they need secure and scalable infrastructure that doesn’t require high overheads. z/OS mainframes are a special beast: the experts in the field tend to be old-school IT gurus and their numbers are dwindling every year as they retire.

Let’s talk tech for a bit. Sure, your mainframe masters can make manual changes to Job Control Language (JCL) scripts at their will. But manual tasks take time and require a deep level of expertise. They also know how to stage Multiple Virtual Storage (MVS) data sets to Hierarchical File System (HFS). Again, this is an extra step in the process. And when your mainframe maestro retires, who will know how to run your file transfers?

3. You mitigate business continuity and compliance risks with an expert product

With an Open Source or in-house solution, your company takes on the burden of ensuring that your file transfers are safe and working. This is an extra risk, especially when considering how a specific area of expertise z/OS mainframes is.

Regulations and compliance

Compliance is always a major concern, especially in highly regulated industries. In-house solutions are great for many purposes, but can regulated businesses rely on non-commercial solutions, when they’re dealing with Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), or other sector-specific regulations?

If you choose a product developed, tested and updated by an expert company, you can always contact them if you need help. 24/7 business support from industry experts is popular for a reason.

4. Automate manual tasks

We believe that it is better to rely on a commercial solution that ensures seamless migration from FTP or in-house SFTP to commercial SFTP without breaking your existing file transfers or requiring manual changes to scripts.

We also think your admin should have direct access to the operating system data sets without having to stage them. Just like z/OS does heavy-lift data processing, we’ve believe in a solution that does all the hard work for your IT staff – whether or not they are mainframe gurus.

5. Seamless communication with distributed platforms

Commercial SFTP tools offer the fast, reliable, secure data flows businesses need and more, with support for integration with multiple platforms, including Linux, Unix, Windows and IBM z/OS mainframes.

Again, let's look at a technical example that has a practical impact on operations: ensuring that your mainframe speaks the same language with different flavours of Windows and UNIX.

This means that you can send a JCL scripts from Windows or Linux to the commercial SFTP solution which in turn puts them into processing in job entry subsystems (JES) without hiccups. Alternatively, z/OS can send datasets to Windows and Linux - and all the character and newline conversions are automatically correct. 


If you’re running processes and databases on z/OS, it’s time to replace FTP and critically evaluate your in-house SFTP to ensure that your mainframe operations run smoothly also in the future.

Take advantage of the security, speed, adherence to compliance and the peace of mind that only the best solutions on the market can offer.

Check out our Tectia® SSH Server for z/OS for your mainframe SFTP needs. We are an IBM Registered Business Partner and happy to talk to you about how to keep you mainframe file transfers secure.

CASE STUDY Global bank secures mainframe comms with Tectia z/OS

Tag(s): Tectia SSH , SSH

Jani Virkkula

Currently employed by SSH.COM as Product Marketing Manager, Jani is a mixed-marketing artist with a strong background in operator and cybersecurity businesses. His career path of translator->-tech writer -> marketer allows him to draw inspiration from different sources and gives him a unique perspective on all types...

Other posts you might be interested in