The mainframe offers unparalleled data security capabilities. In fact, the architecture of the platform is designed to prevent cyber attacks. However, true security requires more than just secure hardware. How you put the software into play makes a difference. Broadcom maximizes the value of the mainframe with advanced cybersecurity solutions and a layered approach to protecting critical business data.
Regardless of your industry, data security is critical to the success of your business. Organizations that cannot protect information will not survive. There are so many stories of data breaches that it's hard to keep track. Identity theft on an unprecedented scale is now possible due to high-profile breaches by retail stores, credit bureaus, and social media. It is clear that the lack of protection of private data constitutes a significant risk for individuals, companies and society.
The Zero Trust Approach
Protecting large hybrid IT environments can seem daunting. A great way to break through the fog of possibility and proceed with clarity is Zero Trust, an approach that stands in stark contrast to the more limited and insufficient perimeter defense paradigm that has been the norm for decades. The problem with this standard is that once people log in, they have access to almost everything.
In today's world, a more intelligent approach is needed based on the assumption that no one can be trusted, even when inside the proverbial castle. Zero Trust requires users to prove their identity at every step of an interaction. Even when this is done, users are only granted access to the specific resources requested and only after verifying that they have the appropriate access rights and business needs. Another essential aspect of Zero Trust is that it grants just-in-time access to resources for a limited period of time.
Create a winning cybersecurity strategy
Security requires a strategy. You must dedicate a limited amount of money, staff, and time to a variety of business priorities. During this time, the bad guys can "all-in" their attacks. In this environment, IT organizations must figure out how to use a limited set of resources and protect their most critical data and applications. Trying to protect everything is unrealistic for most organizations. It is not affordable or feasible. So for Zero Trust, it's all about strategically identifying and prioritizing the most important assets.
You can never be completely sure, but there are several ways to reduce your risk. Think of security like an onion. Add layers like identity authentication, privileged access management, data classification, security event management, and automatic credential cleanup. Only then grant access to the system, data and resources. This will give you the protection you need where you need it most.
Encryption for today... and tomorrow
Another key element of digital security is encryption. Current algorithms used in data encryption provide protection against many common security breach problems, but leave some risk factors open. To address this remaining risk, the new z16 incorporates Quantum Safe Computing, a next-generation approach to encryption on the mainframe.
Many popular encryption algorithms, such as public-key RSA or DSA systems, provide adequate protection against traditional computers. However, they are built using techniques that quantum computers can break. The risk is that malicious actors could steal data today and store it in hopes of breaking its encryption protection, with the help of Quantum computers, later. Current Quantum secure cryptography algorithms such as AES-256 are designed in such a way that both traditional and Quantum computers have a hard time cracking them. Integrating Quantum Safe Computing into the mainframe ensures strong data protection today and tomorrow.
Remember that encryption in any form is only good if the keys are protected by humans, so it's not a panacea. Humans can be compromised by phishing attacks, or malicious insiders can go rogue. That's why it's critical to implement a layered security approach that combines encryption with other techniques.
Beyond the algorithm
Data security and privacy are two of the most important issues facing businesses today. Institutions that fail to protect data can face regulatory penalties and fines, legal consequences, and costly civil settlements. Failed businesses can even endanger their existence. Therefore, today's IT administrators must think beyond traditional approaches to security and apply a much broader range of solutions to keep information private.
Broadcom's comprehensive approach addresses this challenge, protecting valuable corporate identities and information. The first layer of defense is an external security manager (ESM), such as ACF2 or Top Secret, which enforces the principle of least access and uses Quantum Safe encryption. Further amplifying its value, Broadcom's security portfolio is IBM RACF compliant and therefore compatible with all ESMs on the market.
Successive layers of protection allow companies to manage user access through multi-factor authentication. They manage privileged users by elevating and lowering privileges as needed. Going further, enterprises can classify, locate, and protect sensitive mainframe data, continuously monitor and alert on suspicious activity, and automate cleanup of unused credentials and entitlements. Broadcom's solution even provides self-service audit reports for compliance processes.
As the threat landscape continues to escalate, companies can confidently continue to use a layered security strategy that combines mission-critical software capabilities with proven best practices.
Learn more about mainframe security and Broadcom Mainframe Software's security policy.
Copyright © 2022 IDG Communications, Inc.