Skip to main content

Trend Watch: Security

This is the sixth post in a multi-part series with a focus on trends that are interesting and important, specifically in enterprise computing. In this post, I’ll continue my point-in-time analysis by looking at the interesting and complex topic of security.

z/OS Security

When someone says “mainframe security” you probably think RACF. However, if you read the IBM introduction to z/OS Security*,  you get a fuller view of the scope of the security coverage. z/OS provides many different elements that address different security needs. A z/OS implementation can use user IDs and passwords, user identifiers or UIDs and digital certificates to provide mechanisms to authenticate an identity. z/OS can be a certificate authority, dispensing digital certificate and the accompanying public and private keys for large scale secure infrastructures. With the z Systems platform, hardware and software work together to provide encryption facilities through the Integrated Cryptographic Service Facility and the Open Integrated Cryptographic Service Facility, independent of the underlying cryptographic facilities. Communications can be secured, whether inbound or outbound, through secure sockets from or to any other platform. The common challenge of multiple identities for a single user can be addressed by mapping the constructs together in a single application that can be queried from anywhere in the enterprise. Here is a good primer on Enterprise Identity Mapping.

Additional z Systems Workloads

Now more than ever, mainframes are supporting new workloads from diverse sources like Linux LPARs and VMs, mobile devices and cloud services. How are security disciplines and software changing to handle these new systems? The way you manage security for these newer workloads and the software used to support your security steps depends on the specific implementation. Let’s explore two of these workloads.

Linux LPARs and VMs:

Securing Your Cloud: IBM z/VM Security for IBM z Systems and LinuxONE fully discusses Linux under VM. Modern z/VM security requires an enterprise security manager (ESM), such as the RACF for z/VM feature. This security server functions as a policy decision point and policy enforcement point for all security events in a virtual infrastructure. RACF for z/VM can be configured to handle resource authorization, privileged command access, and logon controls. Takeaway: Extend security for newer technologies, when possible, for an existing ESM like RACF.

Mobile:

Securely Adopting Mobile Technology Innovations for Your Enterprise Using IBM Security Solutions explore topics such as security threats, vulnerabilities and risks, including:
  • Loss or theft of mobile devices
  • Mobile device malware
  • Mobile software vulnerabilities
  • Mobile user behavior vulnerabilities
  • Phishing
  • Bluetooth and Wi-Fi risks
  • Spam
  • Regulatory and compliance risks
To manage mobile devices and enforce corporate security policy, organizations use mobile device management (MDM) platforms. The MDM platform can also perform policy compliance assessments, device wipes, application management and device lockdowns. Takeaway: Extending security for newer technologies could require implementing new security software like a MDM. The two examples above didn’t explore cloud-specific security. If you are interested, please see this article with a cloud security focus.

Next Post

Next week, I’ll continue this point-in-time analysis of trends with a focus on integration with a discussion on service oriented architectures and web services like REST and SOAP.