Navigating Cybersecurity in 2023: From Personal Devices to Enterprise Mainframes

by | Oct 16, 2023

Is Cybersecurity a part of your life?

The last person that I knew who had no concerns about cyber security was Fred Flintstone. But he should have been concerned with his bank and Dinocard.

Fred Flintstone's credit card

Everyone today has some data in services like Google (Gmail, Calendar, Maps), Amazon, your bank, shopping sites, etc. Every one of these vendors has a password, some control of your data, and potentially your money.

With all this software supporting your day-to-day life, are you satisfied with simply assuming that your information is secure? Are the apps and devices that you personally use to access this data secure? What about your workplace data?

US Cybersecurity & Infrastructure Security Agency

October is the 20th anniversary of the US National CyberSecurity Awareness Month. The Cybersecurity & Infrastructure Security Agency (CISA) is a wealth of resources ranging from securing your drone to training employees on spotting suspicious activity at the workplace with the “Power of Hello”.

CISA offers an array of free resources and tools, such as technical assistance, exercises, cybersecurity assessments, free training, and more. CISA also provides cybersecurity advisories (via opt-in email) that track issues at large about emerging threats and related corrective actions.

CISA notes that the most prevalent IT and IoT weaknesses and risks are:

  1. Boundary protection – unauthorized activity in critical systems
  2. Principle of least functionality – opportunity for rogue internal access
  3. Identification and authentication – difficulty in securing accounts due to attrition
  4. Physical access control – unauthorized access to physical equipment
  5. Account management – increased opportunity for unapproved access from shared or system accounts

Cell Phone Security

With the depth that our cell phones have integrated into our lives these days, perhaps we should wonder about the wisdom of giving our children a phone to “keep them safe.” And that in turn should trigger the thought of how safe and secure are your cell phones.

The Washington Post published an article that argued that cell phone providers have a predetermined “death date” for their devices. This date is the date that your device will stop receiving security patches.

As I read the article it surprised me that Samsung (current generation of handsets) had announced an end-of-service policy stating that a newly released phone will only receive updates for 5 years. The past practice has been 4 years (so better), but not as good as Apple or Google devices.

Apple supports iPhones with security patches for iOS 15, and less frequently iOS 12 (but not iOS 13 or 14). Google Pixel devices on the other hand has stated that they will support Pixel 8 devices with security, Android OS, and feature updates through 2030.

Enterprise Mainframe Security

In our professional world, enterprise security systems need to be thought through as a component of our professional lives. It does not matter if you support a mainframe with z/OS, Enterprise Linux, or a Windows server for a Mom & Pop store. We must think of our API as a window for our applications that need to be secured for all end users of our systems.

It seems like every day we read stories about data security breaches or malware attacks, from municipal governments to multinational corporations.

According to IBM, the global average cost for each data breach in 2023 was $4.45 (USD) million.

Our enterprise systems on z/OS are not impervious to data hacks, despite a well-deserved reputation as the most secure platform. When we design APIs that link our COBOL and CICS backend systems to the outside world, the APIs can be made to bypass the RACF or ACF rules that make up the traditional mainframe security.

Thinking about security during the design of these APIs is a part of the critical path to building a doorway into our enterprise systems. We need to develop APIs to make our business function in real-time, which is what many customers want, even with the knowledge that every API can be a security exposure if poorly implemented.

Yet it is precisely these APIs being available that benefit our companies. They allow real-time access to the data consumers are demanding. Rather than stopping real-time access to our business systems transactions and data, mainframe security should focus on controlling how companies expose the mainframe.

Solutions for Mainframe Security

Businesses must look for security solutions that provide visibility and protection across hybrid environments — protecting data even as it moves between apps, services, databases, and clouds.

Adaptive Integration Fabric (Fabric), for example, adds an extra layer of protection between APIs and the mainframe. The software supports inbound and outbound calls and works both on and off a mainframe. Fabric allows you to make security calls to validate user credentials for API usage. Plus, it requires no technical knowledge of applications or data sources. The Fabric server enables you to rapidly develop real-time interfaces with a drop-and-drag solution. Since it sits between the APIs and the mainframe, you can lock down and limit API access.

Mainframe aside, personal security requires being aware of what you need to secure, noticing what is happening in the world around you, and keeping everyone in your life on the safer side of security.

As Fred Flintstone might say just “Yabba-Dabba-Do It!”

Author: Larry Rondot, Manager, Customer Support and Enablement, Adaptigent