Do Mainframes Need Cybersecurity?

by | Jan 28, 2020

Cybersecurity in 2020 is a pervasive issue that affects most everyone. Often, the issues pertain to data privacy, such as hacks, breaches or phishing scams, keeping us constantly on guard for incidents that can affect our daily lives. The California Consumer Protection Act, which we have blogged about in the past, is the landmark consumer privacy law that went into effect on January 1, and is likely to usher in a new era of privacy regulation.

While we often think of security in relation to our personal devices, we spend the majority of our time on our company’s computers, servers and email accounts. This makes it extremely important to be aware of security in our places of work. According to the FBI, we are experiencing an increase in ransomware attacks across many sectors, particularly state and local governments, industrial organizations, and healthcare organizations. One thing that those industries all have in common is that their organizations often use mainframes as their systems of record. Does this mean that mainframes are not as secure as we think?

Actually, mainframes themselves are extremely stable. On average, they have less than one minute of unplanned downtime per server per year. That equates to less than 7.6 seconds per month of unintended downtime. One of the reasons that mainframes are secure is because it is easy to encrypt data on these systems. But if that is the case, how are these data breaches occurring? To put it simply, because they are so secure, companies with information that resides on the mainframe may not be adding additional requirements to ensure their safety. In fact, a recent survey showed that while 95% of companies are concerned about potential customer data breaches on the mainframe, only 33% always or often factor security into mainframe decisions. This is an important reminder that just because the company uses the mainframe, it cannot blindly count on the mainframe alone to protect against data breaches.

Companies with mainframes need to create a mainframe security strategy that will protect them against cybersecurity threats. First, they should implement third-party tools that will allow them to establish authentication and authorization, providing a front line in fighting cybersecurity.

Additionally, they should increase testing. They must initiate vulnerability management and risk management programs, mainframe penetration testing, and have systems in place to manage vulnerability of the mainframe. By running these tests, companies can pinpoint possible cybersecurity threats before they become true risks.

Finally, organizations with mainframes need to have general security initiatives in place in order to keep cybersecurity issues at bay. All employees should log in through a two-factor authentication system and employees must be extremely vigilant about preventing data breaches. They should never open unusual documents or emails and should be quick to contact IT if anything seems awry. Simply being aware of possible data breaches can go a long way.

Mainframes are extremely secure and stable on their own, but taking a few extra steps on the front-end can help keep cybersecurity threats at bay.

If your company is looking for a mainframe modernization solution, contact us to learn how GT Software can elevate your legacy systems to leading edge.


-Amanda Bierfeld Williams, Marketing Coordinator