Search Rocket site

Don’t Forget Security in Conversations Around Mainframe Modernization

Heidi Losee

July 18, 2019

Enterprises today are facing an important dilemma: modernize their mainframe environment or move off the platform altogether. Though rewarding, mainframe modernization can be a difficult, expensive process. How do you determine whether mainframe modernization is right for your company?

According to a recent Forrester report, “Tackling the Unsexy Challenge of Mainframe Modernization,” the most important factor to consider is the size of your mainframe footprint. Companies with smaller footprints – under 2,500 transactions per second – tend to skip modernization, opting instead to move off the mainframe. Companies that rely more heavily on the mainframe, however, are more likely to remain on the platform, with efforts put towards modernizing mainframe applications and processes.

Another influential factor: what industry you’re in. Interestingly, the report notes that while companies in the finance vertical are doubling down on mainframe investment, those involved with government and retail are “desperately” trying to move off the mainframe. But, is that really the right call for two industries where security is so important?

If anything, companies in the government and retail sectors should be reinvesting in the mainframe. Not only does it have the power to process modern transactions, but if best practices are followed, it can offer the highest degree of security of any platform.

When government organizations, retailers, and companies in other industries look to modernize their mainframe technology, they must modernize their security processes, too. Because of the mainframe’s reputation for being secure, the importance of ongoing mainframe security management is often overlooked. Mainframe security testing should be part of regular security and risk management processes.

KRI discussed mainframe modernization, mainframe security and more in a recent webinar, “Mainframe modernization isn’t just a technology change – it’s all about process change, too.” Alongside our guest speaker, Forrester analyst Amy DeMartine, we talked about why companies need to modernize their mainframe security, along with tips on how to get started.

We also covered:

  • Why having a Mainframe Security Architect is essential, and what their role entails
  • Why excessive access checking is important
  • The role Mainframe Operations should have in maintaining security processes and parameters
  • Why understanding vulnerability management starts with the code
  • The differences between penetration testing and vulnerability scanning, and why you should be doing both

Related posts


Understanding PCI DSS 4.0 and DORA: A Roadmap for Scalable Risk Management

Mainframe Vulnerability Management: Navigating the Demands of DORA and PCI 4.0

6 Lessons to Learn From the 60-Year History of the Modern Mainframe