IT security is a complex issue facing enterprises today. IT managers are dealing with management of a variety of different systems that require many different security tools and processes. Plus, the external threats are only getting more and more challenging to control, as attacks become more sophisticated and can even be customized to specific targets. An IT security blueprint needs to take into account a constantly evolving threat landscape, where threats are becoming more sophisticated by the day.
On top of the complexity, the stakes are incredibly high. Enterprises of all kinds – from government to healthcare to financial services – are responsible for a wealth of sensitive and private information. With the global cost of a breach averaging $3.86 million, those organizations simply can’t afford a mistake.
Unfortunately, mainframe security is widely overlooked. While it’s true that mainframes are one of the most secure platforms, they still need to be treated like any other platform when it comes to creating a strong security architecture. A comprehensive mainframe security strategy requires protection at every level of the platform, including ongoing vulnerability management and penetration testing at the operating system level.
Far too many businesses take the security of their mainframes for granted. In fact, KRI’s recent survey, conducted by Forrester Consulting, revealed widespread complacency among IT management and security decision makers when it comes to mainframe security. While 85 percent of respondents agreed that mainframe security is a top priority for their company, just 33 percent always or often take the necessary steps to protect the mainframe.
That lack of attention to mainframe security is a major concern, especially in the context of the current mainframe resurgence and move toward mainframe modernization. As mainframe technology – and processes around mainframes – are being modernized and becoming more complex, organizations need to make sure they’re devoting adequate resources to complex mainframe security processes.
That includes everything from designating a mainframe security architect to prioritizing application and operating system code scanning. In a recent webinar, Ray and Forrester Analyst Amy DeMartine talked about what it takes to create a modern security program, explaining the importance of separation of functions, the risks of not including excessive access checking, and the differences between mainframe penetration testing and vulnerability scanning.