The Myth of Mainframe Security
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
SHARE in Anaheim 2014,
2014
There are many who combatively hold the belief that the mainframe z/OS system is inherently secure. More recently, we hear the pundits changing the tune saying that it is the "most securable" platform. This change recognizes that z/OS customers may undermine the z/OS security capabilities through their system and sub-system configurations, and how they implement their external security manager.
From the time we believed wrongly that the mainframe was going away, the system has suffered a serious lack of attention, skill, and budget. In outsourcing relationships, gaps can occur in the implementation of new security features and capabilities that can enhance mainframe security and reduce reliance on exits under the control of system programmers. From simple and obvious failures to those that are more technically sophisticated, the mainframe is more and more at risk. It is becoming more and more Internet connected, and its vulnerabilities are getting published and distributed "in the wild."
The speaker, who has successfully compromised a number of mainframe systems in minutes during white-hat testing, will identify and describe the kinds of failures and vulnerabilities that he and other professionals see and work to remedy on a regular basis, and current exploits that have already compromised mainframe systems. z/OS is, indeed, the most securable computing platform, but users of the platform have generally not done their part to keep up.
If your mainframe z/OS system remains your core processing platform, this is a can't-miss presentation with takeaways that will be of immediate use to level-set your z/OS security.-Glinda G. Cummings; Mark Wilson-IBM Corporation
Back to Proceedings File Library