A survey of Chief Information Security Officers (CISOs) released by IBM in early December found more than 80% of security leaders believe the challenge posed by external threats is on the rise, while 60% also agree their organizations are outgunned in the cyber war. Even mainframe shops—the zEC12 has received the highest security rating, EAL 5+ —should not get complacent. There are a lot of bad guys gunning for the data center. Just ask Sony.
At least top management is putting resources into security. Three quarters of the CISO respondents expect their security budgets to increase dramatically over the next 3-5 years. IBM is jumping in with a security paper geared specifically for mainframe shops titled Security Intelligence for Mainframe Environments.
So what are the threats keeping CISOs awake at night? Based on the study sophisticated external threats were identified by 40% of security leaders as their top concerns. Expect the extra budget to be thrown at these threats, which will require the most organizational effort over the next three to five years, as much as regulations, new technologies, and internal threats combined, according to the IBM analysts.
Although a majority of the CISOs surveyed appear confident their mature, traditional technologies that focus on network intrusion prevention, advanced malware detection, and network vulnerability scanning will fend off outside threats, nearly half reported that deploying new security technology is the top focus area for their organization. Their top worries: data leakage, cloud security, and mobile/device security.
Some other interesting findings from the survey:
- While concern over cloud security remains strong, still close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, most expect their cloud security budget to increase dramatically over the next three to five years.
- Over 70% of security leaders said real-time security intelligence is increasingly important to their organization. Yet about half found areas such as data classification and discovery and security intelligence analytics have relatively low maturity and require improvement or transformation.
- Not surprisingly, despite the growing mobile workforce, only 45% believe they have an effective mobile device management approach. According to the study, mobile and device security ranked at the bottom of the maturity list.
Although your data center provides a tempting target to attackers, it also can protect you with an effective counter-punch. That counter-punch is delivered through increasingly powerful and fast analytics, especially real-time analytics. The objective is to identify attacks as they are underway. Otherwise, you are left scrambling to close the proverbial barn door after the horses (data) have left.
This will entail systems that identify who did what and when, recognizing what’s normal behavior versus abnormal, and obtaining visibility into subtle connections between millions of data points. This requires a great deal of contextual data and the analytical means to make sense of it. And here is where you come in: your team needs to integrate mainframe data with distributed events to gain insights that apply to the entire enterprise.
In fact, IBM identifies a series of issues that put the mainframe squarely at the heart of the challenge and the solution:
- Complexity: The mainframe is an integral component of multiple, often large and complex business services, making it difficult to identify and analyze threats.
- Visibility: Mainframe processes, procedures and reports are often siloed, impeding cross-enterprise information sharing to combat threats. (But silos also help protect mainframe data—be selective in breaking down the silos.)
- Compliance: Verification of compliance is frequently a manual task—with problem alerts all too often received only after a problem has occurred.
- Cost: Mainframe management requires highly skilled administrators, who often are costly and in short supply.
You already have many of the solutions IBM recommends, like RACF, CA-Top Secret, and CA-ACF2. The mainframe security paper cited above covers the rest. Given what happened to Sony, it’s worth reading the paper closely.
Best wishes for the holidays. DancingDinosaur is Alan Radding. You can follow DancingDinosaur on Twitter, @mainframeblog. Check out more of my IT writing and analysis at Technologywriter.com and here.
Tags: analytics, Big Data, CA-ACF2, CA-Top Secret, Chief Information Security Officer (CISO), Cloud, cloud security, EAL 5+, external threats, IBM, Linux, mainframe, mobile, RACF, real-time analytics, real-time security intelligence, Security Intelligence, security leaders, security paper, System z, technology, zEC12, zEnterprise