The mainframe is most secure but the insider threat looms

Compuware Corporation, the mainframe-dedicated software company, has released a survey of large company CIOs showing that while most (78%) say their mainframe is more secure than other systems, the majority (84%) say they are still exposed to a significant risk of insider threats due to blind-spots in internal data access and controls.

The survey was conducted by independent research company Vanson Bourne, and administered in April to 400 CIOs at large companies covering a cross-section of vertical markets in France, Germany, Italy, Spain, the UK and the U.S.

>See also: Interconnection Oriented Architecture: the changing role of the data centre

It found that 64% of organisations use the mainframe as a core repository of their most sensitive data, storing either more or equal amounts of customers’ Personally Identifiable Information (PII) there as they do on other systems. At the same time, 84% also found it difficult to track who has accessed data stored on the mainframe, exposing them to an increased risk of insider threats.

“The mainframe has always been the most securable platform in the enterprise; which is why organisations continue to entrust their most sensitive data to it,” said John Crossno, product manager, Compuware.

“However, businesses still face the risk that privileged employees, or those who have acquired access illegally, will misuse mainframe data. Organisations must take steps to gain more visibility over who is accessing data and how they are using it.”

>See also: Solving the problem of identity verification for millennials

The research further revealed that the most common measures being used to overcome insider security risks include:

• Saving security log files for future reference (74%).
• Regularly scanning security logs for inconsistencies (68%).
• Using a SIEM system to perform security analytics using mainframe data (67%).
• Using a SIEM system to combine mainframe data with security data from other systems (58%).
• However, just 1% of organisations monitor user and database activity to tackle insider threats on the mainframe.

>See also: 62% of businesses at high risk of non-compliance

“Most enterprises rely solely on disparate logs and SMF data from security products such as RACF to piece together user behaviour,” added Crossno. “Even those who are integrating that data into their SIEM aren’t getting the level of insight needed to identify a malicious insider. Organisations need deep insight into what data was viewed, by whom and which applications were used to access it. This can only be achieved by directly capturing complete, start-to- finish user session activity data in real time, and integrating it into a SIEM platform such as Splunk for deep analysis.”


The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Insider Threats