温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.ssh.com/blog/the-mainframe-isnt-going-anywhere-how-to-secure
点击访问原文链接

The mainframe isn’t going anywhere – how can we secure it?

进入原网站 导航首页
The mainframe isn’t going anywhere – how can we secure it? About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers August 6, 2022 The mainframe isn’t going anywhere – how can we secure it? Written by: Jani Virkkula

Editor's note: This article was originally published in 2020 and some of the data points in the article have been updated since.

Mainframes are often derided as a relic of a bygone era, but the facts say differently. In fact, IBM – the world’s largest mainframe vendor – recently released a report that showed Z series mainframe sales are up: thecompany’s Z Systems revenue spiked 77% year-on-year. This is mostly because IBM launched the new Z16 mainframe line, so the product is doing great.

There's more:

92 of the world’s top 100 banks, all of the top 10 insurers, 18 of the top 25 retailers, and 71% of Fortune 500 companies
all rely on the mainframe security to protect their core business functions.

Where is this sudden renewed interest in mainframes coming from? In today’s complicated IT landscape, mainframes provide the reliability, scalability, and security enterprises need to thrive. With that in mind, how can mainframes add value to businesses and improve processes, all without losing sight of enterprise security?

Contents Mainframe security solutions: The IT workhorse
File transmission on the mainframe: Secure or not?
Why do businesses need a commercial mainframe SFTP security solution?

Mainframe security solutions: The IT workhorse Mainframes have long been heralded as an IT workhorse, capable of processing approximately 30 billion business transactions per day, from credit card transactions to stock trades, and manufacturing processes to Enterprise Resource Planning (ERP) systems.

But, as the technology landscape and the face of IT have evolved, mainframes have also adapted to keep up with the newest trends. Today, mainframe security solutions are designed to support things like cloud computing and big data and analytics. And, crucially, the advent of Linux on the mainframe has ushered in a new era of mainframe use, injecting new life into the platform. That’s largely because Linux on the mainframe is the same as Linux on any other platform, making it more open and accessible to more developers.

The so-called mainframe renaissance isn’t just hearsay – research by Compuware showed that mainframe workloads are increasing. 57% of enterprises with mainframe security software in place run more than half of their critical applications on the mainframe, and that number is increasing.

Additionally, the survey revealed that 72% of customer-facing applications are dependent on mainframe processing.

File transmission on the mainframe: Secure or not? As reliance on the mainframe increases, how can businesses make sure they’re keeping mainframe processes secure? Let’s take a look at the file transmission process, for example.

Enterprises need fast, reliable, secure data to flow throughout their networks for critical IT processes. Big data isn’t quite the buzzword it used to be, but it doesn’t mean that it’s no longer relevant. Large masses of data are being transferred by big corporations every minute, and they securing mainframes need proper controls.

Historically, enterprises have relied on the commonly used legacy File Transfer Protocol (FTP) for file transmission. But, FTP wasn’t designed to be a secure protocol, so it’s vulnerable to risks like password sniffing and man-in-the-middle attacks. Many mainframes still operate by using unsecured FTP.

Instead, Secure Shell (SSH)-enabled technologies can give enterprises the mainframe security they need, enabling secure use of legacy applications and automated file transfers. The Secure Shell-enabled file transfer protocol, SFTP (Secure File Transfer Protocol) is a far superior file transfer protocol for enterprises today.

SFTP for mainframes offers simplified configuration and flexibility with authentication methods, without any need for additional admin and maintenance. Fast, encrypted SFTP-enabled file transfers can help enterprises save time and money, while also protecting against attacks on user identities and credentials.

Why do businesses need a commercial mainframe SFTP security solution? SFTP has its open source and in-house implementations, and as the inventors of the Secure Shell (SSH) protocol, we certainly encourage its use for a variety of use cases. But mainframes manage mission-critical data, like credit card information, so businesses need the best solutions on the market to protect that data and mainframes.

1. Fast transmissions & fast recovery with commercial mainframe SFTP solution Think beyond mainframe security. The pace of business velocity is ever-increasing, so the production environments need to be faster than ever. When it comes to file transmission, businesses don’t have the time to wait for large files and backups to transfer to the cloud or worry about interruptions to the data flow. Top-tier commercial SFTP solutions are rigorously tested and can continue file transmissions from the point of interruption if they happen.

2. Shortage of mainframe security experts makes in-house or Open Source projects challenging There are fewer mainframe experts around. Businesses are also dealing with rising admin costs, so they need secure and scalable infrastructure that doesn’t require high overheads. z/OS mainframes are a special beast: the experts in the field tend to be old-school IT gurus and their numbers are dwindling every year as they retire.

Let’s talk tech for a bit. Sure, your mainframe masters can make manual changes to Job Control Language (JCL) scripts at their will. But manual tasks take time and require a deep level of expertise. They also know how to stage Multiple Virtual Storage (MVS) data sets to Hierarchical File System (HFS). Again, this is an extra step in the process. And when your mainframe maestro retires, who will know how to run your file transfers?

3. Mitigate business continuity and compliance risks with an expert mainframe security solution With an Open Source or in-house solution, your company takes on the burden of ensuring that your file transfers are safe and working. This is extra risk, especially when considering how a specific area of expertise z/OS mainframes is. Not to mention securing them.

Compliance is always a major concern, especially in highly regulated industries. In-house solutions are great for many purposes, but can regulated businesses rely on non-commercial solutions, when they’re dealing with Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), or other sector-specific regulations?

If you choose a product developed, tested, and updated by an expert company, you can always contact them if you need help. 24/7 business support from cybersecurity experts is popular for a reason.

4. Secure mainframes better by automating manual tasks We believe that it is better to rely on a commercial solution that ensures seamless migration from FTP or in-house SFTP to commercial mainframe SFTP without breaking your existing file transfers or requiring manual changes to scripts.

We also think your admin should have direct access to the operating system data sets without having to stage them. Just like z/OS does heavy-lift data processing, we believe in a solution that does all the hard work for your IT staff – whether or not they are mainframe gurus.

5. Seamless and secure mainframe communication with distributed platforms Commercial SFTP tools offer the fast, reliable, secure data flow businesses need and more, with support for integration with multiple platforms, including Linux, Unix, Windows, and IBM z/OS mainframes.

Again, let's look at a technical example that has a practical impact on operations: ensuring that your mainframe speaks the same language with different flavors of Windows and UNIX.

This means that you can send JCL scripts from Windows or Linux to the commercial SFTP solution which in turn puts them into processing in job entry subsystems (JES) without hiccups. Alternatively, z/OS can send datasets to Windows and Linux - and all the character and newline conversions are automatically correct. 

Conclusions If you’re running processes and databases on z/OS, it’s time to replace FTP and critically evaluate your in-house SFTP to ensure that your mainframe operations run smoothly and securely also in the future.

Take advantage of the security, speed, adherence to compliance, and peace of mind that only the best secure mainframe solutions on the market can offer.

Check out our Tectia® SSH Server for z/OSfor your mainframe SFTP needs. We are an IBM Registered Business Partner and are happy to talk to you about how to keep your mainframe file transfers secure.

While you are at it, check out our case study on how our customer secured their mainframe communications.

Tag(s): mainframe security , Tectia z/OS Jani Virkkula Currently employed by SSH.COM as Product Marketing Manager, Jani is a mixed-marketing artist with a strong background in operator and cybersecurity businesses. His career path of translator->-tech writer -> marketer allows him to draw inspiration from different sources and gives him a unique perspective on all types...

Connect with the author Other posts you might be interested in Operational Technology 31 min read | February 16, 2022 Full-scale Secure Access Management for OT/ IIoT Assets with PrivX OT Read More secure communications 11 min read | September 30, 2024 What We Learned at Matrix Conference 2024: SalaX Secure Messaging Team Insights Read More Tectia SSH 4 min read | September 17, 2020 10 reasons to choose commercial secure file transfer (SFTP) over Open Source Read More Subscribe to email updates SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal

智能索引记录