Prioritizing Mainframe Security in the Era of IT Modernization

Mainframes aren’t going away. Research shows 46% of companies plan to increase their mainframe use over the next two years. What’s the best way to keep mainframe data safe while you modernize your environment? In a recent webinar, KRI CTO and Co-Founder Ray Overby and Forrester Analyst Amy DeMartine share mainframe modernization and security best practices.

Mainframe security webinar with Ray Overby of Key Resources Inc and Amy Demartine of Forrester

For Executives

Rising IT threats create significant financial and reputational risk for your business. Just one major breach can be devasting to your bottom line, and the mainframe is a prime target for bad actors. Empower your team with the tools they need to protect your organization.

For IT Risk Officers

Broad IT stewardship means IT risk officers face direct pressure from upper management to protect the organization while staying in budget. Still, with so much on your plate, you may lack full visibility into mainframe security. We make it easy to protect your most important IT system.

For CISO's

Although 85% of corporations say mainframe security is a top priority for their business, only 33% always or often make decisions based on mainframe security. Protect your mainframe like any other IT system by bringing OS-level integrity scanning into your overall security strategy.

For Operations

RACF®, CA ACF2®, and CA Top Secret® are essential for permissions and access control, but they’re not a complete security solution. z/Assure VAP is the only product that identifies vulnerabilities in mainframe OS layer code and automatically scans for compromises to mainframe integrity.

Check Out Our Services

You need more than tools; you need our seasoned security risk mitigation professionals.

Our team is comprised of individuals who know z/OS internals. We are technologists with years of experience in mainframe operating system internals, enterprise architecture, and we have extensive experience with mainframe ESMs such as RACF, CA ACF2, and CA Top Secret. The Key Resources Team understands how hackers think, we understand the security risks that threaten z Systems, and we know how to mitigate those risks at in-depth levels of the operating system.

Integrity Assessments

Whether your organization has one mainframe or dozens, their is a common truth that affects you – zero day software vulnerabilities reside in the operating system layer – and you need to find them and mitigate them in order to maintain the integrity of the systems and your data. KRI has the tools to find them, document them, and get them mitigated quickly by the offending vendor. Our scanning service is the cornerstone of a secure mainframe environment.  We strive to integrate mainframe risk, compliance, and security with your other platforms in order to provide you with a cohesive security policy.

Configuration Assessments

KRI provides traditional information security audits, PCI compliance and NIST audits, and a range of special purpose SECURITY assessments for defined projects and engagements.  Our audits allow you to enforce security configuration policies, reporting on configuration settings against company-specific policies, or industry-recognized security configuration assessment templates used for auditing and security hardening. These audits focus on requirements specific to z/OS, but some also address network components, applications, databases and virtual infrastructures.


Key Resources has self-paced online training for developers.  The majority of organizations don’t have the budget to send team members to a day of Cyber security software development training.  Developers often lack the skills necessary to write integrity-based code.  We’ll teach you how to minimize mainframe code based security risks using proactive techniques that include developing an operating system layer Secure Architecture and diagnostic techniques that can be applied during software development.


Key Resources has 30+ years of experience optimizing security migrations and database merges using demonstrated, intelligent software and reporting. Our process has proven over time to be the most cost-effective methodology and our tool sets automatically optimize the database structures. No after the fact clean-up is ever required. The z/Assure® Security Conversion Utility (SCU4DB2)™ provides a proven methodology for converting from native DB2 security to RACF®.

Mainframe Vunerability Scans

Your key to security

KRI has proprietary technology that scans the z/OS operating system, as well as 3rd Party software and home-grown exits, to find and report on zero-day vulnerabilities. This patent pending Vulnerability Management software is offered as a client-licensed or KRI managed service.

Security Gap Analysis

Keep Your Data Safe

KRI has security and compliance audit software, which allows an organization to baseline all of the security and systems configuration parameters against their compliance and security policies. This software automates the entire assessment and reporting process across all ESM's.

Third-Party Security

Validate your Security

z/Assure VAP testing reduces the risk associated with third-party software. With the KRI z/Assured™ program, we manage the entire third-party vulnerability testing and work directly with vendors in your software supply chain to ensure they’re compliant with your corporate security policies.