Only 25% of mainframe customers confident their security is GDPR compliant, new survey suggests
November 2017 by Macro 4, a division of UNICOM® Global
Improve mainframe security, say users – because data privacy rules are getting tougher, cyber criminals are getting smarter and mainframes are more connected to the outside world.
Only one in four IBM mainframe customers questioned in a new UK survey are confident that their system security complies with the incoming General Data Protection Regulation (GDPR). 31 per cent think they are not compliant, while 40 per cent do not know. Around four per cent are unsure what the GDPR is.
The poll of 55 mainframe users was conducted by Macro 4, a division of UNICOM® Global, at the annual GSE UK Conference for IBM mainframe users in November 2017.
While IBM Z systems have long been respected for their security, most of the users surveyed recognize that mainframe security needs more attention. Only around seven per cent feel there is no need for improvement.
86 per cent cited tougher regulations such as the GDPR among the main reasons for making access to mainframes more secure. Other key drivers are the increasing sophistication of cyber criminals (mentioned by 80 per cent) and the fact that mainframes are now more connected to the outside world, and therefore more vulnerable (67 per cent).
“Far from being a closed off environment, today’s mainframe is typically connected to the internet, because it runs important business applications that need to be accessed by millions of enterprise users and customers across the globe,” explained Keith Banham, Mainframe Research and Development Manager at Macro 4. “Anyone who has ever booked a flight, purchased insurance online or used internet banking is likely to have interacted with a mainframe somewhere along the line.
“Growing web and mobile access to the mainframe, combined with hackers getting smarter – and tougher rules and sanctions around data breaches – makes mainframe security a priority.”
Mainframe security is handled by software products such as RACF that tightly control user access to resources such as applications and data. However, the majority of the survey sample agree that security can be improved by adopting additional methods that IBM and other vendors are currently championing.
96 per cent of respondents agreed that data encryption is an important way of securing the mainframe, in line with IBM’s increased focus on this method following the launch of pervasive encryption for its new z14 model.
Similarly, with IBM now supporting multi-factor authentication as a more secure alternative to traditional password-only access, 67 per cent agree it is an important additional security measure.
58 per cent of the sample recognize the importance of data minimization, which involves strictly limiting the personal data that is collected and stored to the minimum necessary to accomplish a specific purpose.
“None of us in the mainframe community can afford to be complacent and it is encouraging to see the growing uptake of new security technologies,” added Keith Banham. “Our parent company, UNICOM Global, recently acquired the new z14, which is leading the way with its ‘encrypt everything’ approach. Multi-factor authentication is another area that’s attracting a great deal of interest and the good news is you can implement it relatively easily if you use a session manager, which is a message that went down well at the GSE conference.”