Is your mainframe security GDPR compliant?
Only one in four IBM mainframe customers questioned in a new UK survey are confident that their system security complies with the incoming General Data Protection Regulation (GDPR). 31 percent think they are not compliant, while 40 percent do not know. Around four percent are unsure what the GDPR is.
The poll of 55 mainframe users was conducted by Macro 4, a division of UNICOM Global, at the annual GSE UK Conference for IBM mainframe users in November 2017.
While IBM Z systems have long been respected for their security, most of the users surveyed recognize that mainframe security needs more attention. Only around seven percent feel there is no need for improvement.
86 percent cited tougher regulations such as the GDPR among the main reasons for making access to mainframes more secure. Other key drivers are the increasing sophistication of cybercriminals (mentioned by 80 percent) and the fact that mainframes are now more connected to the outside world, and therefore more vulnerable (67 percent).
“Far from being a closed off environment, today’s mainframe is typically connected to the internet, because it runs important business applications that need to be accessed by millions of enterprise users and customers across the globe,” explained Keith Banham, Mainframe Research and Development Manager at Macro 4. “Anyone who has ever booked a flight, purchased insurance online or used internet banking is likely to have interacted with a mainframe somewhere along the line.”
Mainframe security is handled by software products such as RACF that tightly control user access to resources such as applications and data. However, the majority of the survey sample agree that security can be improved by adopting additional methods that IBM and other vendors are currently championing.
96 percent of respondents agreed that data encryption is an important way of securing the mainframe, in line with IBM’s increased focus on this method following the launch of pervasive encryption for its new z14 model.
Similarly, with IBM now supporting multi-factor authentication as a more secure alternative to traditional password-only access, 67 percent agree it is an important additional security measure.
58 percent of the sample recognize the importance of data minimization, which involves strictly limiting the personal data that is collected and stored to the minimum necessary to accomplish a specific purpose.
“None of us in the mainframe community can afford to be complacent and it is encouraging to see the growing uptake of new security technologies,” added Keith Banham.