Mainframers need better tools, training and education, writes Ray Overby, co-founder and president of Key Resources
In today’s world, mainframes play a critical role in the daily functioning of most of the largest corporations and in many cases are the backbones of data centres. They keep daily operations up and running in industries ranging from banking to insurance to government, to name a few. In fact, 71 percent of global Fortune 500 companies use mainframes, as mainframes handle 68 percent of the world’s production IT workloads.
Mainframes are mission-critical, but they’re often taken for granted – especially when it comes to mainframe security. Despite the mainframe’s well-earned reputation for being the most securable platform, mainframes still need to be given as much attention as any other computing system when it comes to security.
Perhaps because of this misconception, there’s an issue in the mainframe world with complacency around security. And, in today’s cloud-first mentality, many organisations are actively working to secure their new cloud infrastructure, but they’re not necessarily working to ensure the security of mainframes, which also increasingly interact with the cloud.
A recent Forrester Consulting study put some context around this issue. The survey found that while 85 percent agree that mainframe security is a top priority for their company, just 33 percent always or often take the necessary steps to protect the mainframe.
Security isn’t being factored into decisions about mainframe security. The unfortunate truth is that complacency around mainframe security is putting countless mainframes – and the mission-critical data they hold – at risk.
What’s the risk?
The same study found that 95 percent of companies are worried about the potential of customer data breaches on the mainframe. That’s with good reason, since data breaches are incredibly costly and becoming more and more prevalent. All it takes is one data breach to seriously damage an organisation.
In the US, the average data breach could cost a company $7.9 million (6.24 million), and the cost for each lost or stolen record containing sensitive information averages $148 (£116).