By Julie Bergh, IBM Lead World Wide z Systems Security Champion
Once upon a time, it was easy to secure a z/OS (e.g., MVS) system. Users were defined, passwords created, and datasets protected. Users accessed the mainframe from terminals connected directly to the mainframe. Now, consider today’s environment. Users access the mainframe from different places and even via mobile devices. Are yesterday’s security practices today’s security exposures? Have you updated your security practices for today’s environment?
Since 1976, RACF has been a key component of mainframe security, integrating with the IBM z/OS operating system to control system access. From identifying and verifying users to logging and reporting unauthorized attempts at access, RACF has been critical to keeping mainframe environments secure.
Have your processes kept place in taking advantage of these items? If not, you could be at risk for security exposures.
The first step in improving mainframe security is to recognize the potential for problems. Security administrators and enterprise management often assume mainframes with RACF are inherently secure. But a security system is constantly being updated with new definitions to address the security needs of the business—and forces are constantly at work that can cause vulnerabilities if those definitions are not cleaned up.
Have you removed the entitlements and privileges of employees who left the organization? How about updating user profiles of employees who changed roles? And are you creating work for auditors—and risking a failed audit—by making them wade through information that’s no longer relevant or too complicated to understand?
But just like regular maintenance on your car or spring cleaning at your house, cleaning up your RACF databases is a necessary and ongoing task. A dirty database that is filled, for example, with out-of-date access permissions for employees who no longer work at the organization or security definitions for a decommissioned software package can be the cause of a failed security audit. More importantly, a dirty database can allow these same former employees— or hackers and malicious users who gain their IDs and access privileges—to commit fraud or theft.
For more than 50 years, IBM mainframes have been industry leaders in providing a secure base for critical business operations—right up to today’s IBM z Systems. Security capabilities are actually built into the entire z Systems stack.
About the author:
Julie is IBM’s Lead World Wide z Systems Security Champion, has worked for IBM for the past 15 years and has many more years prior to that in the private sector. Julie is a certified IT specialist and has a Master’s Degree in Information Systems management. Prior to joining IBM, Julie worked at a variety of large companies (e. g., GMAC, MasterCard) where her roles ranged from programming and system programming to Director of IT Auditing and IT Management. In recent years, Julie’s efforts have been related to z System Security Migrations and Security Product Technical Sales, and as a result has broad experience engaging all levels of the customer organization from the C-Suite, to Security Management and to front line Security Analysts. Julie has experience in both customer and provider aspects of IBM’s z Systems Security, and possesses deep skills in z/OS, RACF, ACF2 and Top Secret administration.