Bill Johnson wrote:
>Mainframes have security built into them from the ground up.
>Through cryptographic hardware acceleration and secure operating
>system, mainframes fulfill the critical requirement of keeping
>the user and internal data protected.
There are many excellent security attributes included with and available
for IBM mainframes, true, agreed. Moreover, the architectural patterns that
mainframes uniquely facilitate can be quite helpful in raising and
enforcing enterprise security levels. More highly centralized, well
managed, richer information services offer certain inherent
security-related advantages.
That said, I'm quite concerned (paranoid, even) because these wonderful
security features so frequently either aren't implemented at all or are
implemented badly, inconsistently. Also, unfortunately, there are far too
many organizations running unsupported technologies with known security
vulnerabilities, and there are even more that do not have reasonable,
timely preventive maintenance programs that they execute consistently and
well.
I was probably working on helping a government get SSL (then, now evolved
into TLS) encryption turned on for ALL their mainframe network connections
("internal" and "external"), and with certificate authentications (client
and server), literally 20 years ago today. SSL significantly predates z/OS.
Yet here we are, 20 years later, and so many organizations haven't even
done that much. It's upsetting.
I agree with the comment that there's always room for improvement, often
ample improvement. I assert that if you aren't concerned (or more) then you
aren't even awake.
Be careful out there, always. I don't think there was ever a time to rest
easy, and this era certainly isn't such a time.
--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z & LinuxONE
E-Mail: sipp...@sg.ibm.com
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
