Helping CISOs Build a Successful Mainframe Security Strategy

Managing your company’s corporate IT security means that you need to assess enterprise security risk broadly, and develop a strategy to evaluate and address governance, risk and compliance. Today, the growing threat landscape means you have risks to protect across IT systems. The right security tools and instrumentation allows you to trend security effectiveness over time to see more strategically where investments are failing versus where investments are paying off with empiric, repeatable results that can be supplied to a wide range of stakeholders.

The mainframe is one of your least secured systems. According to a 2019 survey conducted by Forrester for Key Resources, an astounding 85% of companies say that mainframe security is a top priority. Additionally, 95% cite the most concerning ramification of mainframe security as a breach of customer data. But,even though companies cite mainframe security as a high priority and data breaches as a top concern, companies are not taking actions that reflect those priorities. A shocking 67% of companies say they make mainframe decisions based on security only either sometimes or rarely. The thing is, mainframes aren’t immune to breaches; potentially devastating vulnerabilities can exist at every level of your enterprise.

That security strategy needs to keep everyone happy, by building consensus on risk mitigation strategies and buy-in from system SMEs all the way up to the CIO and above. Invest in security solutions that secure your mainframe at all levels. It’s time to make OS-level integrity scanning a part of your overall security strategy.

5 Common Mainframe Vulnerabilities

Trap Door

A Trap Door vulnerability is the most severe vulnerability found in z/OS integrity programs. That’s because trap door vulnerabilities enable a hacker to make changes directly to the environment.

Storage Alteration

Storage Alteration vulnerabilities are less direct than trap door vulnerabilities as they don’t directly grant hackers total control of the environment. They do, however, provide non-authorized users with the ability to alter some or all virtual memory.

System Instability

System instability vulnerabilities can cause z/OS service issues, the most severe being a system crash. These issues occur when authorized programs are not invoked properly as designed, and the program isn’t able to protect itself.


Storage Reference

Storage reference vulnerabilities enable unauthorized users to exfiltrate sensitive data from fetch protected storage. Some aspects of the SPECTORE MELTDOWN vulnerability would be classified as STORAGE REFERENCE. Fetch protected storage is where PASSWORDS and other types of sensitive data (such as encryption keys in clear text or sensitive messages) would be kept.

User Key Common Storage

Recently KRI started tracking the usage of User Key Common Storage. IBM is discontinuing support for this type of virtual storage after z/OS release 2.3. As a result, programs that allocate this storage may no longer function properly. Businesses need to locate any use of User Key Common Storage.

Questions to Ask to Determine Gaps

Question 1

Excessive access is the number one challenge for security administrators. Are you able to track excessive access across your enterprise?


Question 2

Is the mainframe environment part of your IT risk assessment methodology, and do you include assessments for inherent risk, change risk, control impact and residual risk?

Question 3

Third-parties create risk. How secure are your vendors, and are they contractually obligated to scan for vulnerabilities before delivering software to the public or your organization?


Question 4

Many states now require that you have a Vulnerability Management Program, along with your Penetration Testing Programs. Do you know the difference between a PenTest and a Vulnerability scan?

Question 5

Do you have an ethical hacking team available to help your security team test your systems for vulnerabilities?