mainframe security software

Secure mainframe communications

Tectia SSH Server for IBM z/OS is the most trusted remote access and secure FTP server software in the industry. It's easy to set up and combines enterprise-grade reliability with high performance and a light toll on cryptographic processing.

Request pricing Mainframe Security Guide


Data communications – (often) the weakest link in mainframe security

  • Mainframes are an integral component of large IT infrastructure, handling 68% of the world's production IT workloads. One reason for their popularity is their built-in advanced security features.

  • Despite the internal robustness of mainframes, failing to properly secure data communications will create an obvious vulnerability in the mainframe security architecture. The FTP protocol, still commonly in use, transmits data in plain text format – easily readable by anyone who can intercept the communications.

  • The TN3270 protocol, also commonly in use, transmits user passwords in plain text format - risking that an intruder could log in to the mainframe.

  • Exposures increase the risk of breaches, rising Total Cost of Ownership (TCO), potential outages, and compliance issues.

  • Without dedicated solutions, secure file transfers are not only difficult to set up but also inefficient - using costly CPU cycles, increasing the operating and administration costs, complexity, time delays, and potential errors.

How does Tectia help you with mainframe security?


Seamless transition to secure data transfers

Safeguard your data with the latest encryption algorithms and enable transition from File Transfer Protocol (FTP) to SSH File Transfer Protocol (SFTP). The set up is easy without Job Control Language (JCL) modifications, breaking your existing file transfers or requiring manual changes to scripts.


Eliminate manual steps

Get direct access to MVS datasets. This is convenient since there is no need to stage your files to Hierarchical File System (HFS) – an extra step in the process that increases the risk of manual error and requires expertise.


Stay compliant & ensure business continuity

A great number of regulations require that your critical data transfers are protected, such as PCI-DSS, SOX, HIPAA, FISMA, FIPS.

We want to make sure that you stay compliant and enjoy uninterrupted operations. We provide 24/7 support and professional services for large-scale setups.


Encryption beyond the norm

We have a proven, 25-year-long track record as pioneers and innovators in encryption. SSH is a leading player in post-quantum cryptography (PQC): we develop it together with other leading companies and authorities in Finland.


Monitor access to your mainframes

No amount of encryption will make your mainframes secure if you are not monitoring your access control. With our new Zero Trust features, you can easily manage who gets access to your mainframes with role-based access, grant temporary access, get a full audit trail of mainframe usage, and reduce password-related risks and inconveniences.

Ease of use

  • ISPF application for installation and configuration
  • Configurable FTP fallback option for controlled and phased deployment
  • System-wide and user-specific file transfer profiles
  • Listing of MVS data sets as files and folders for easy interactive command line

User and server authentication

  • Authentication and access control through SAF calls to RACF, ACF2, and TSS
  • User authentication with passwords
  • User and server authentication with X.509 certificates
  • User and server authentication with public keys
  • Logging and auditing using SMF records and Syslogd facilities

Secure File Transfer Protocol (SFTP)

  • Transparent, automatic FTP-SFTP conversion
  • Transparent FTP tunneling
  • Multi-terabyte file size support
  • Strong encryption of data
  • Strong packet-by-packet file integrity checking
  • SFTP and SCP command-line tools for interactive and unattended use
  • Transparent, automatic FTP-SFTP conversion
  • Transparent FTP tunneling
  • Multi-terabyte file size support
  • Strong encryption of data
  • Strong packet-by-packet file integrity checking
  • SFTP and SCP command-line tools for interactive and unattended use
  • Secure against the quantum threat, with Quantum-Safe Algorithms

Mainframe security

  • Automatic transparent encryption of data-in-transit, including user ID and password
  • Hardware acceleration of cryptographic operations
  • Support for U.S. NIST FIPS 140-2 Certified hardware acceleration
  • Configurable re-keying policies
  • Multi-channel support - multiple secure sessions are multiplexed to a single TCP/IP connection
  • Compliance with the IETF Secure Shell standards

Remote access

  • Secure tunneling for TN3270 connections
  • Transparent tunneling for TN3270


Zero Trust access control

  • Role-based access control (RBAC) - grant and revoke access for multiple mainframe systems at once
  • Support for temporary access
  • Full audit trail with SIEM integration support
  • No passwords - no stolen or leaked passwords, no password rotation
  • Optional browser client for TN3270

Who is Tectia for?


Organizations that get the most out of Tectia SSH Server for IBM z/OS, generally:

  • Need to comply with regulations, such as PCI-DSS or FIPS. For example, US Federal agencies, large financial institutions, credit card companies, retailers, insurance companies, etc.
  • Require massive file transfers 
  • Need mainframe security controls to mitigate risk from unauthorized use
  • Need seamless transition from FTP to SFTP


Read how a major banking and finance institution secured their critical mainframe communications with Tectia >

Learn more about Tectia customers

Tectia is trusted by some of the world's leading enterprises.

Tectia references

Try Tectia SSH Server for z/OS for free!

Download the trial to get started on your Tectia journey. Try it for free for 60 days!

Start Tectia z/OS trial!