Q&A: Mainframe security

David Hodgson is a Senior Vice President of Development at CA within the Mainframe Business Unit, responsible for the company’s security management and database management products. In this interview he discusses mainframe security.

How important are mainframes in enterprises today?
Mainframes are critical to large private and public-sector organizations worldwide. More than 70% of the world’s business-critical data resides on mainframes. Worldwide mainframe MIPS have quadrupled over the past eight years to reach more than 14 million in 2008. Mainframes are becoming especially important in today’s global information-based economy because of their reliability, scalability, performance, security, and overall cost-efficiency.

What are the biggest challenges involved in designing the security for a modern mainframe?
Mainframes are inherently an extremely secure platform. The main challenge with mainframes is simply to make sure that mainframe administrators properly utilize the platform’s various access control and account management features – and, of course, to make sure that no administrator does anything either accidentally or maliciously to compromise the environment from the inside.

What can a large organization do in order to tackle the security risks involved in running mainframes?
The best safeguard against internal threats – both accidental and malicious – is the design and implementation of a comprehensive enterprise security policy using established mainframe security technology, combined with policy-based compliance tools that can alert individuals in real time when an operational policy has been violated. Such violations can range from the failure to remove the account of a terminated employee to the execution of a change in a piece of software without first completing a prescribed change authorization process.

How does CA keep up with new technology trends and work around the needs of their mainframe customers to address evolving threats?
CA maintains very close and interactive relationships with its customers worldwide. This allows us to quickly discover emerging threats. For example, we saw very early on that enterprise IT organizations were becoming concerned about the impending retirement of their oldest and most experienced mainframe professionals – and the resulting need to transfer mainframe security management responsibilities to a younger, less experienced generation of IT staffers. We have responded to this issue ahead of the rest of the market by delivering security and compliance management solutions that are specifically designed to make it easier for this new generation of mainframe managers to do their jobs effectively and efficiently.

How do mainframe security offerings from CA differ from the competition? What are your advantages in the marketplace?
CA is maintaining its position as the leading independent provider of mainframe security solutions for several reasons. First, we have the broadest range of security solutions for the mainframe platform. Second, we provide the richest range of security functionality for the mainframe – including the ability to alert operators in real time about exceptions and violations of any custom-defined operational policies, as well as the ability to build unified logs of security- and compliance-related events for analysis and forensics. Third, CA uniquely makes its security solutions easy to acquire, install, and manage over time under our acclaimed “Mainframe 2.0” initiative.

This initiative combines installation management tools, enhanced electronic software delivery mechanisms, a common software “stack,” and other deliverables to simplify and standardize implementation of CA security solutions for the mainframe – as well as the rest of our mainframe management portfolio, which is the broadest in the industry.