mainframe security software

Secure mainframe communications

Tectia SSH Server for IBM z/OS is the most trusted remote access and secure FTP server software in the industry. It's easy to set up and combines enterprise-grade reliability with high performance and a light toll on cryptographic processing.

Request pricing Mainframe Security Guide

Tectia_zOS_background_square_03-01

Data communications – (often) the weakest link in mainframe security

  • Mainframes are an integral component of large IT infrastructure, handling 68% of the world's production IT workloads. One reason for their popularity is their built-in advanced security features.

  • Despite the internal robustness of mainframes, failing to properly secure data communications will create an obvious vulnerability in the mainframe security architecture. The FTP protocol, still commonly in use, transmits data in plain text format – easily readable by anyone who can intercept the communications.

  • The TN3270 protocol, also commonly in use, transmits user passwords in plain text format - risking that an intruder could log in to the mainframe.

  • Exposures increase the risk of breaches, rising Total Cost of Ownership (TCO), potential outages, and compliance issues.

  • Without dedicated solutions, secure file transfers are not only difficult to set up but also inefficient - using costly CPU cycles, increasing the operating and administration costs, complexity, time delays, and potential errors.

How does Tectia help you with mainframe security?

Secure-file-transfer

Seamless transition to secure data transfers

Safeguard your data with the latest encryption algorithms and enable transition from File Transfer Protocol (FTP) to SSH File Transfer Protocol (SFTP). The set up is easy without Job Control Language (JCL) modifications, breaking your existing file transfers or requiring manual changes to scripts.

Shield

Eliminate manual steps

Get direct access to MVS datasets. This is convenient since there is no need to stage your files to Hierarchical File System (HFS) – an extra step in the process that increases the risk of manual error and requires expertise.

Checklist

Stay compliant & ensure business continuity

A great number of regulations require that your critical data transfers are protected, such as PCI-DSS, SOX, HIPAA, FISMA, FIPS.

We want to make sure that you stay compliant and enjoy uninterrupted operations. We provide 24/7 support and professional services for large-scale setups.

Success

Encryption beyond the norm

We have a proven, 25-year-long track record as pioneers and innovators in encryption. SSH is a leading player in post-quantum cryptography (PQC): we develop it together with other leading companies and authorities in Finland.

Users

Monitor access to your mainframes

No amount of encryption will make your mainframes secure if you are not monitoring your access control. With our new Zero Trust features, you can easily manage who gets access to your mainframes with role-based access, grant temporary access, get a full audit trail of mainframe usage, and reduce password-related risks and inconveniences.

Ease of use

  • ISPF application for installation and configuration
  • Configurable FTP fallback option for controlled and phased deployment
  • System-wide and user-specific file transfer profiles
  • Listing of MVS data sets as files and folders for easy interactive command line

User and server authentication

  • Authentication and access control through SAF calls to RACF, ACF2, and TSS
  • User authentication with passwords
  • User and server authentication with X.509 certificates
  • User and server authentication with public keys
  • Logging and auditing using SMF records and Syslogd facilities

Secure File Transfer Protocol (SFTP)

  • Transparent, automatic FTP-SFTP conversion
  • Transparent FTP tunneling
  • Multi-terabyte file size support
  • Strong encryption of data
  • Strong packet-by-packet file integrity checking
  • SFTP and SCP command-line tools for interactive and unattended use
  • Transparent, automatic FTP-SFTP conversion
  • Transparent FTP tunneling
  • Multi-terabyte file size support
  • Strong encryption of data
  • Strong packet-by-packet file integrity checking
  • SFTP and SCP command-line tools for interactive and unattended use
  • Secure against the quantum threat, with Quantum-Safe Algorithms

Mainframe security

  • Automatic transparent encryption of data-in-transit, including user ID and password
  • Hardware acceleration of cryptographic operations
  • Support for U.S. NIST FIPS 140-2 Certified hardware acceleration
  • Configurable re-keying policies
  • Multi-channel support - multiple secure sessions are multiplexed to a single TCP/IP connection
  • Compliance with the IETF Secure Shell standards

Remote access

  • Secure tunneling for TN3270 connections
  • Transparent tunneling for TN3270

 

Zero Trust access control

  • Role-based access control (RBAC) - grant and revoke access for multiple mainframe systems at once
  • Support for temporary access
  • Full audit trail with SIEM integration support
  • No passwords - no stolen or leaked passwords, no password rotation
  • Optional browser client for TN3270
Tectia_zOS_background_square_06-01

Who is Tectia for?

 

Organizations that get the most out of Tectia SSH Server for IBM z/OS, generally:

  • Need to comply with regulations, such as PCI-DSS or FIPS. For example, US Federal agencies, large financial institutions, credit card companies, retailers, insurance companies, etc.
  • Require massive file transfers 
  • Need mainframe security controls to mitigate risk from unauthorized use
  • Need seamless transition from FTP to SFTP

 

Read how a major banking and finance institution secured their critical mainframe communications with Tectia >

Learn more about Tectia customers

Tectia is trusted by some of the world's leading enterprises.

Tectia references

Mainframe security resources

 

Tectia_zOS_dat_sheet_mockup
mainframe security solution tectia

Tectia SSH Server for IBM z/OS Datasheet

Find more technical details about mainframe security software Tectia. In-depth information about the technical specifications of Tectia.

Read the datasheet >

mainframe_comms_casestudy

case study: secure mainframe file transfer

Banking & Finance Institute Secure Mainframe Communications

Learn how one of our customers, an Australian bank and financial services provider with +10k employees, secured their mainframe communications by migrating from FTP to SFTP with Tectia.

Read the case study >

Tectia-zOS-buyers-guide

buyer's guide

Secure Data Communications for IBM z/OS Mainframe

Learn about the challenges of mainframe security, how to solve them, and understand how to select a mainframe security solution that is the right fit for your organization.

Read the guide >

Blog post

The mainframe isn’t going anywhere – how can we secure it?

Mainframes are still a crucial component of IT infrastructures. Without proper mainframe security and mainframe security software, organizations are at risk.

Read the blog post >

Blog post

How to make mainframes quantum-safe?

Quantum computers are getting more powerful, threatening the security of all modern data infrastructures. And mainframes are no exception to this threat.

Read the blog post >

Try Tectia SSH Server for z/OS for free!

Download the trial to get started on your Tectia journey. Try it for free for 60 days!

Start Tectia z/OS trial!