Search Rocket site

Where Do IT Leaders Stand on Securing the Mainframe?

Milan Shetti

November 16, 2023

Intro: The mainframe remains the backbone for countless organizations, as modernization efforts bring new technologies into the fold, business leaders are taking steps to ensure mission-critical systems remain secure.

Mainframes are a critical piece of the technology infrastructure for countless enterprises. They are leveraged by 71% of Fortune 500 companies, which emphasizes just how pivotal they are in large-scale business operations. Whether it’s buying groceries, making a bank transfer, or booking a flight, the mainframe is powering how consumers interact with organizations and is behind millions of transactions that take place every day.

According to a recent survey by Rocket Software, 51% of IT leaders indicated that they run either all or the majority of their core business applications on the mainframe. This means the security of the mainframe is absolutely essential. And as new methodologies like DevOps, the increasing adoption of open source, and the shift to hybrid cloud solutions continue to trend, mainframe security vulnerabilities become a serious threat.

To find out how IT leaders view those changes to the digital landscape and the risks they bring to the mainframe, Rocket Software conducted a survey of 250 global IT directors and vice presidents in companies with more than 1,000 employees. Read on to learn their perspective on mainframe security.

Gauging Mainframe Security Confidence

Mainframe security is a major concern for business leaders as 68% of respondents said it is an area that their organizations take seriously. However, 27% of respondents said they know it’s important, but don’t have the funding or resources to contribute as much as they feel they should. And only 28% of organizations said they felt extremely confident in their proactive response to mainframe vulnerabilities.

With the mainframe holding so much mission-critical data, it’s more important than ever to make sure it is secure. Ensuring the integrity of the mainframe means businesses need to regularly assess where vulnerabilities lie within their organizations. It’s a fact that resonated with some respondents: the survey results showed the frequency of security assessments varies among organizations as 33% conduct compliance assessments for their mainframes every 1-2 years, whereas 56% undertake them on an annual basis.

Preparing a Security Conscious Workforce

Securing the mainframe, especially at large organizations, requires a knowledgeable and trained staff to support operations and monitor for vulnerabilities. But even with that reality, when it comes to bolstering the security consciousness of an organization's workforce, the landscape presents a mixed bag. Just 62% of organizations consistently offer training or educational initiatives aimed at heightening security awareness among their teams, which is standard industry practice. Compare that to others who, 31% of, restrict such endeavors to a one-to-two-year interval. With the rate of change brought by new technologies and solutions, training and education are a must for organizations looking to secure their mainframe operations.

Addressing the Threat of Data Breaches

In the realm of mainframe security, adhering to regulatory and industry standards isn't just a box to check—it's a non-negotiable imperative. The rise in rules and regulations, such as the GDPR, PCI DSS, and DORA, reflects the global push for greater data protection and privacy in the digital age. Organizations are now required to maintain more stringent standards for collecting, processing, and storing personal data, ensuring the rights of individuals are at the forefront of digital interactions. The shift in regulation means transparency, accountability, and proactivity have become critical to safeguarding user data. As critical as those goals are, there’s still a gap among respondents. Rocket Software found that just 27% of respondents believe their organization is extremely effective at ensuring compliance as it pertains to mainframe security.  

Ensuring compliance isn’t just about following regulations, it’s about managing serious risks too. Security breaches are a devastating event for businesses, so where do leaders feel they rank when it comes to preparedness? The answer—it varies. An overwhelming 97% of organizations believe they can isolate workloads, but 39% acknowledge that isolating workloads takes precious resources and lengthy cycles internally – and that can quickly translate into lost dollars and a damaged brand reputation. This data brings forward the pressing need for organizations to not just bolster their mainframe defenses but also equip themselves for rapid, effective responses when breaches occur. 

What’s Next for Mainframe Security

There’s no question that the mainframe is here to stay. And as long as that remains the case business leaders will need to ensure they’re doing everything in their power to keep operations and infrastructure secure. The insights and data generated by Rocket Software’s research make it clear that leaders understand that reality, but there’s still work to be done.

Is your organization ready to handle the security needs of the mainframe? Learn more about how Rocket Software can help.