{"id":9660,"date":"2020-09-14T06:31:04","date_gmt":"2020-09-14T06:31:04","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/?p=9660"},"modified":"2023-11-07T12:52:05","modified_gmt":"2023-11-07T12:52:05","slug":"the-last-part-of-the-mainframe-to-modernize","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/software-ux-ui\/the-last-part-of-the-mainframe-to-modernize\/","title":{"rendered":"The last part of the mainframe to modernize"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

You\u2019ve seen it in the press that somebody is running something on a mainframe, and that mainframe is 50 years old! Or maybe they say that the technology is 50 years old \u2013 as if cars, aeroplanes, and mainframes haven\u2019t improved in any way since the 1960s. You remember the fuss this summer about New Jersey\u2019s old COBOL programs and how hardly anyone could claim unemployment benefits.<\/p>\n\n\n\n

We know mainframes are light-years ahead of other computing platforms in terms of just about everything. And, I was told that the problem with people claiming unemployment wasn\u2019t the COBOL programs, but the newer systems (REST-based) interfacing with them. However, there is still one area where I think mainframes aren\u2019t as good as distributed systems \u2013 and that\u2019s with alerts.<\/p>\n\n\n\n

I can\u2019t believe that I actually ever wrote that last sentence, but I think it\u2019s true. Distributed systems have been using Security Information and Event Management (SIEM) software for a number of years. Applications can send all their reporting data to the SIEM, which can then use software to identify any kind of unusual behaviour including any breaches. And then it can issue alerts to security staff to take appropriate action. Example SIEM systems you may have come across include IBM QRadar, Splunk, LogRhythm NextGen SIEM, AlienVault, ArcSight, and there are others.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

On a mainframe, lots of events happen during the day and messages about these events are recorded, so there\u2019s no problem with going back through, say, SMF records and finding out exactly what happened. But this, as I say, is where mainframes are still living in the past. Any event that looks in any way suspect, won\u2019t be detected until some time overnight. Whereas on a distributed system, the event will have been flagged in near real-time and appropriate measures can be taken immediately rather than nearly 24 hours later. If the event took place in IMS, the IMS logs are even harder to make sense of, and identifying the necessary information can be hugely time consuming.<\/span><\/p>\n

<\/p>\n

<\/p>\n

IBM\u2019s\u00a0Cost of a Data Breach Report 2020<\/a>\u00a0says that the global average total cost of a data breach in 2020 is $3.86million. The USA has the highest country average cost at $8.64million. It also reports that 52 percent of data breaches were caused by malicious attacks, and 13 percent of malicious breaches are caused by nation state attackers. The other worrying statistic is that the average time to identify and contain a data breach is 280 days. Going back to costs, the report found that the average share of data breach costs incurred more than a year after the data breach is 39 percent. Another interesting statistic is that $3.58m is the savings in the average total cost of a data breach for organizations with fully-deployed security automation compared to those with no automation deployed.<\/p>\n

<\/p>\n

<\/p>\n

So, I was saying nearly 24 hours to spot a problem, and the report is saying 280 days! Clearly, the mainframe needs something much closer to real-time reporting in order to alert people to a breach occurring. It needs to be much sooner than currently available. And if that can be automated (whatever the automation costs), the savings average out at $3.58m.<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

And it\u2019s no good mainframers hiding behind the security by obscurity thinking. We know that in 2008, Luxottica, the parent company of LensCrafters, suffered a mainframe breach exposing nearly 60,000 employees\u2019 records from its US headquarters. And we know that the mainframes of Logica and the Swedish Nordea Bank were hacked in 2013. And we know with the Zowe project mainframes can be accessed and controlled by open source tools. And we know that the attack surface (as they call it) for mainframes has been hugely increased by the introduction of cloud, mobiles, and other newer forms of computing linking to it. The truth is that the mainframe is very vulnerable. And what’s so worrying is how long it takes for mainframe sites to realize they have been hacked.<\/p>\n\n\n\n

And if 52 percent of data breaches were caused by malicious attacks, where did the other 38 percent come from? The even more worrying answer to that is insiders. Nearly half the breaches are caused by people who are inside the usual security defences used by an organization. These could be people who have lost\/shared their login credentials \u2013 bear in mind the number of phishing (and spear phishing) attacks is increasing all the time. It could be disgruntled employees. It could be employees with gambling debts or drug habits or whose sexual proclivities have been discovered by gangs. Whatever the reason, that person is coerced into performing a criminal act on the mainframe\u2019s data. Lastly, it could simply be a person making some kind of mistake. Whatever the reason, the data on your mainframe has been corrupted or copied or deleted \u2013 and you need to know as soon as possible.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

That\u2019s where automated software, hopefully that can learn to ignore false positive alarms, comes in. It can identify an unusual activity by an individual or logical terminal and send out near real-time alerts for remedial action to be taken. What\u2019s needed is some kind of file integrity monitoring software to identify unauthorized changes to the mainframe and reduce service outages. Software that can identify threats from insiders as well as outside threats, possibly from nation state attackers.<\/p>\n\n\n\n

With security such a major concern these days, and with organizations trying to save as much money as they can in order to stay in business, no-one can afford to be at the wrong end of a data breach. And, no-one can afford to be caught not complying with the various regulations and laws like GDPR and PCI DSS. And no-one can afford to wait 280 days to discover a breach and lose $8.64million (if they are based in the USA) over a number of years. Think of getting mainframe file integrity monitoring software as an insurance policy. Or think of it as the last part of your mainframe technology to come into the 21st<\/sup>\u00a0century.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

We know mainframes are light-years ahead of other computing platforms in terms of just about everything. However, there is still one area where I think mainframes aren\u2019t as good as distributed systems \u2013 and that\u2019s with alerts. <\/p>\n","protected":false},"author":696,"featured_media":9661,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[200],"tags":[621,622],"ppma_author":[3497],"class_list":["post-9660","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-ux-ui","tag-mainframe","tag-modernize"],"authors":[{"term_id":3497,"user_id":696,"is_guest":0,"slug":"trevor-eddolls","display_name":"Trevor Eddolls","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_c0bcd8d5-35e9-492d-8082-c20fbfbd588a-150x150.jpg","user_url":"https:\/\/itech-ed.com\/%20","last_name":"Eddolls","first_name":"Trevor","job_title":"","description":"Trevor Eddolls is Head at the iTech-Ed Group, which comprises the mainframe and IT consultancy. A popular speaker and blogger, he is also clinical director at iTech-Ed Hypnotherapy, head of IT for the AfSFH Exec., and director of training for SFH+. He is also editorial director for the Arcati Mainframe Yearbook, and published three mainframe-related books and six books on hypnotherapy."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=9660"}],"version-history":[{"count":4,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9660\/revisions"}],"predecessor-version":[{"id":33956,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9660\/revisions\/33956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/9661"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=9660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=9660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=9660"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=9660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}