With our data and applications moving to the cloud, security has become even more relevant and critical. Here are two quotes about security from senior managers in large organizations:
One typically tends to think of security as protecting from outside threats. However, in addition to threats from the outside, organizations also need to manage internal threats arising from careless and malicious insider behavior. Organizations also need to adhere to various compliance mandates depending on the industry they are in. Complying with the Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and other regulations can limit or even prohibit the use of clouds for some applications.
Here are three ways to secure your cloud:
People and identity management
Let’s focus on tackling insider threats for just a moment. This tackling requires organizations to enforce access on a need-to-know basis. There are couple approaches to do so:
One way is for security to be built into the application. Such an approach is costly to change and is more reactive in nature to address malicious insider threats.
Another way is to externalize security from the application. Such an approach requires more up-front work but is less expensive to change and more pro-active in nature to address malicious insider threats.
Organizations are similarly faced with multiple approaches to manage privileged users. Either provide each administer with a user ID on every system they administer or have them share user IDs. There is also need to monitor and report both internal and external user activities.
Organizations need to combine the best features of the different approaches outlined above to provide access on a need-to-know basis and privilege identity management without the disadvantages. An IBM customer in the retail industry simplified identity and access management for 150,000 associates and 10,000 vendors in North America. The customer used several IBM offerings including IBM Security zSecure suite and was able to:
Demonstrate compliance for privacy and regulations
Manage and enforce user identity and access lifecycle consistently
Establish trust and federated access for vendors and business partners
Moving on to another aspect of security in cloud, the 2012 Data Breach Investigations Report (from Verizon Business) says “Although much angst and security funding is given to offline data, mobile devices, and user systems, these assets are simply not a major point of compromise.” Instead, a staggering 94 percent of data breaches occur in the database . It remains the target of hackers, fraudsters, and, in some cases, employees because this is where highly personal, financial, and account information is stored. The main concerns of customers when protecting data are:
Reducing the ever increasing costs of regulatory compliance and reporting
Preventing data breaches (security and privacy)
Ensuring the integrity of data
The EAL5 ranking for the IBM mainframe provides customers the assurance and confidence that they can run many different applications containing confidential data on one mainframe which is divided into partitions that keep each application’s data secure and distinct from the others.
A large financial institution needed an enterprise-wide data security solution to fulfill emerging compliance requirements. They also required immediate focus on SOX for critical financial application databases in both mainframe and distributed environments. They rolled out over 200 appliances of IBM InfoSphere Guardium. Among several benefits, they were able to ensure data governance by preventing unauthorized changes to critical database values or structures. They also simplified the audit with pre-configured reports and automated oversight workflows (electronic sign-offs, escalations, and so on).
The IBM mainframe was a critical component of the solutions I have described. It is like the Fort Knox of cloud computing. Self-protection is a key element in a total defense strategy. The IBM mainframe provides several capabilities around security including:
Network security to protect the system from network intrusions
Highly secure internal networking between virtual servers limits external attacks
A defense manager enabling rapid response to attacks
Hardware and software encryption
Extensive logging and reporting of security events
I hope my thoughts have piqued your interest in learning more about the security capabilities that a mainframe can bring to help secure your cloud environment. To learn more, click on any or all of the following figures: