August 6, 2022

The mainframe isn’t going anywhere – how can we secure it?

Editor's note: This article was originally published in 2020 and some of the data points in the article have been updated since.

Mainframes are often derided as a relic of a bygone era, but the facts say differently. In fact, IBM – the world’s largest mainframe vendor – recently released a report that showed Z series mainframe sales are up: the company’s Z Systems revenue spiked 77% year-on-year. This is mostly because IBM launched the new Z16 mainframe line, so the product is doing great.

There's more:

  • 92 of the world’s top 100 banks,
  • all of the top 10 insurers,
  • 18 of the top 25 retailers,
  • and 71% of Fortune 500 companies

all rely on the mainframe security to protect their core business functions.

Where is this sudden renewed interest in mainframes coming from? In today’s complicated IT landscape, mainframes provide the reliability, scalability, and security enterprises need to thrive. With that in mind, how can mainframes add value to businesses and improve processes, all without losing sight of enterprise security?

Contents

Mainframe security solutions: The IT workhorse
File transmission on the mainframe: Secure or not?
Why do businesses need a commercial mainframe SFTP security solution?

Mainframe security solutions: The IT workhorse

Mainframes have long been heralded as an IT workhorse, capable of processing approximately 30 billion business transactions per day, from credit card transactions to stock trades, and manufacturing processes to Enterprise Resource Planning (ERP) systems.

But, as the technology landscape and the face of IT have evolved, mainframes have also adapted to keep up with the newest trends. Today, mainframe security solutions are designed to support things like cloud computing and big data and analytics. And, crucially, the advent of Linux on the mainframe has ushered in a new era of mainframe use, injecting new life into the platform. That’s largely because Linux on the mainframe is the same as Linux on any other platform, making it more open and accessible to more developers.

The so-called mainframe renaissance isn’t just hearsay – research by Compuware showed that mainframe workloads are increasing. 57% of enterprises with mainframe security software in place run more than half of their critical applications on the mainframe, and that number is increasing.

Additionally, the survey revealed that 72% of customer-facing applications are dependent on mainframe processing.

File transmission on the mainframe: Secure or not?

As reliance on the mainframe increases, how can businesses make sure they’re keeping mainframe processes secure? Let’s take a look at the file transmission process, for example.

Enterprises need fast, reliable, secure data to flow throughout their networks for critical IT processes. Big data isn’t quite the buzzword it used to be, but it doesn’t mean that it’s no longer relevant. Large masses of data are being transferred by big corporations every minute, and they securing mainframes need proper controls.

Historically, enterprises have relied on the commonly used legacy File Transfer Protocol (FTP) for file transmission. But, FTP wasn’t designed to be a secure protocol, so it’s vulnerable to risks like password sniffing and man-in-the-middle attacks. Many mainframes still operate by using unsecured FTP.

Instead, Secure Shell (SSH)-enabled technologies can give enterprises the mainframe security they need, enabling secure use of legacy applications and automated file transfers. The Secure Shell-enabled file transfer protocol, SFTP (Secure File Transfer Protocol) is a far superior file transfer protocol for enterprises today.

SFTP for mainframes offers simplified configuration and flexibility with authentication methods, without any need for additional admin and maintenance. Fast, encrypted SFTP-enabled file transfers can help enterprises save time and money, while also protecting against attacks on user identities and credentials.

Why do businesses need a commercial mainframe SFTP security solution?

SFTP has its open source and in-house implementations, and as the inventors of the Secure Shell (SSH) protocol, we certainly encourage its use for a variety of use cases. But mainframes manage mission-critical data, like credit card information, so businesses need the best solutions on the market to protect that data and mainframes.

1. Fast transmissions & fast recovery with commercial mainframe SFTP solution

Think beyond mainframe security. The pace of business velocity is ever-increasing, so the production environments need to be faster than ever. When it comes to file transmission, businesses don’t have the time to wait for large files and backups to transfer to the cloud or worry about interruptions to the data flow. Top-tier commercial SFTP solutions are rigorously tested and can continue file transmissions from the point of interruption if they happen.

2. Shortage of mainframe security experts makes in-house or Open Source projects challenging

There are fewer mainframe experts around. Businesses are also dealing with rising admin costs, so they need secure and scalable infrastructure that doesn’t require high overheads. z/OS mainframes are a special beast: the experts in the field tend to be old-school IT gurus and their numbers are dwindling every year as they retire.

Let’s talk tech for a bit. Sure, your mainframe masters can make manual changes to Job Control Language (JCL) scripts at their will. But manual tasks take time and require a deep level of expertise. They also know how to stage Multiple Virtual Storage (MVS) data sets to Hierarchical File System (HFS). Again, this is an extra step in the process. And when your mainframe maestro retires, who will know how to run your file transfers?

3. Mitigate business continuity and compliance risks with an expert mainframe security solution

With an Open Source or in-house solution, your company takes on the burden of ensuring that your file transfers are safe and working. This is extra risk, especially when considering how a specific area of expertise z/OS mainframes is. Not to mention securing them.

Compliance is always a major concern, especially in highly regulated industries. In-house solutions are great for many purposes, but can regulated businesses rely on non-commercial solutions, when they’re dealing with Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), or other sector-specific regulations?

If you choose a product developed, tested, and updated by an expert company, you can always contact them if you need help. 24/7 business support from cybersecurity experts is popular for a reason.

4. Secure mainframes better by automating manual tasks

We believe that it is better to rely on a commercial solution that ensures seamless migration from FTP or in-house SFTP to commercial mainframe SFTP without breaking your existing file transfers or requiring manual changes to scripts.

We also think your admin should have direct access to the operating system data sets without having to stage them. Just like z/OS does heavy-lift data processing, we believe in a solution that does all the hard work for your IT staff – whether or not they are mainframe gurus.

5. Seamless and secure mainframe communication with distributed platforms

Commercial SFTP tools offer the fast, reliable, secure data flow businesses need and more, with support for integration with multiple platforms, including Linux, Unix, Windows, and IBM z/OS mainframes.

Again, let's look at a technical example that has a practical impact on operations: ensuring that your mainframe speaks the same language with different flavors of Windows and UNIX.

This means that you can send JCL scripts from Windows or Linux to the commercial SFTP solution which in turn puts them into processing in job entry subsystems (JES) without hiccups. Alternatively, z/OS can send datasets to Windows and Linux - and all the character and newline conversions are automatically correct. 

Conclusions

If you’re running processes and databases on z/OS, it’s time to replace FTP and critically evaluate your in-house SFTP to ensure that your mainframe operations run smoothly and securely also in the future.

Take advantage of the security, speed, adherence to compliance, and peace of mind that only the best secure mainframe solutions on the market can offer.

Check out our Tectia® SSH Server for z/OS for your mainframe SFTP needs. We are an IBM Registered Business Partner and are happy to talk to you about how to keep your mainframe file transfers secure.

While you are at it, check out our case study on how our customer secured their mainframe communications.

Tag(s): mainframe , Tectia SSH , SSH

Jani Virkkula

Currently employed by SSH.COM as Product Marketing Manager, Jani is a mixed-marketing artist with a strong background in operator and cybersecurity businesses. His career path of translator->-tech writer -> marketer allows him to draw inspiration from different sources and gives him a unique perspective on all types...

Other posts you might be interested in