Despite its secure heritage, the mainframe is not “off-limits” to data breaches and hacks, warns software innovator TmaxSoft
Although the mainframe has historically been one of the most secure platforms available to businesses, changes in the technology landscape and shortages in legacy skills have opened the door to new risks.
This is according to software innovator TmaxSoft, who argues that this is a blind spot for many mainframe-dependent businesses who have a false sense of security about their IT infrastructure.
Commenting on the potential security risks, Carl Davies, CEO of TmaxSoft UK, said: “Mainframes have been the bedrock of many large businesses for decades. The mainframe rose to prominence not only for its ability to hand enormous amounts of data, but also because it was virtually impenetrable to the outside world, and therefore a natural home for business-critical applications. One of the historical reasons for this was the physical security around the mainframe, with little or no access to the internet, which meant that there were few ways in for cybercriminals. In addition, there was a limited number of people with the skills needed to ‘hack’ the mainframe.
“However, things have changed in recent years, opening the door to new security risks. Firstly, the mainframe is now likely to be connected to the internet and therefore exposed to the ever-growing risk of hacks and cyberattacks.
“Second is the lack of mainframe skills. Recent research suggests that organisations have lost 23 per cent of their skilled mainframe workers in the past five years alone, and this is only going to continue. While this means that there aren’t many people with the ability to ‘hack’ the mainframe, the flip side is that security isn’t as stringently applied as it once was.
“Although the mainframe has a limited number of security weaknesses due to the closed nature of the architecture, best practice security measures still need to be applied to keep data and IT systems safe, and we are seeing that skills shortages are leading to costly mistakes. Many businesses fail to follow good security hygiene practices, like revoking old user IDs and requiring passwords to be updated on a regular basis.
“Businesses need to consider re-hosting as a viable option that could take their security to the next level by opening up an additional layer of protection provided by SQL databases. Additionally, re-hosting enables businesses to lift their existing mainframe assets and move them to open platforms, quickly and with minimal risk. This helps businesses cut unnecessary, expensive mainframe contracts and leverage critical data effectively, while gaining a more flexible and transparent environment that is secure and moving with the times.” concludes Davies.