Search Rocket site

Where Do Reluctant Attitudes Toward Mainframe Security Come From?

Heidi Losee

March 27, 2019

The security threats we’re dealing with today are worlds apart from what was common decades ago. External hacking threats are constantly evolving and becoming more sophisticated, and as mainframers implement frequent updates to applications and the infrastructure, the number of potential vulnerabilities will continue to multiply.

As threats evolve, security tools have evolved to meet them. Yet, mainframers aren’t always taking advantage of these emerging tools and strategies. It’s no secret that those of us within the mainframe industry can be resistant to change. When processes and tools have worked well, for so long, why mess with them? When it comes to mainframe security, however, this kind of attitude puts businesses at risk.

For example, I read a recent article about reluctance within the mainframe industry to incorporate multi-factor authentication (MFA), which would help protect mainframe passwords. Research shows that only one in five mainframers are already using, or are planning to use, multi-factor authentication to protect access to data and applications.

The most important question is why – why are mainframers so reluctant to adopt simple strategies, like MFA, that would improve the security of their most critical IT systems? The answer goes beyond merely resistance to change.

For one thing, it can be challenging to change old code. Many mainframe applications have been around for a very long time, and companies are wary of messing with their code. That’s partly due to a lack of familiarity with new technologies, as well as resistance from end users.

New technologies also aren’t being adopted because there’s a lack of mainframe skills, or IT security skills more broadly. It’s a two-pronged issue. There aren’t enough new people joining the mainframe industry. This issue isn’t going away any time soon. In fact, we’re approach a tipping point as skilled mainframers near retirement. By some estimates, there may be as many as 84,000 open mainframe jobs by 2020.

Often, resistance to change can come from the business side, especially when decision makers are considering the costs involved and challenges of implementing something new. Here’s the bottom line: Implementing a new technology will present some challenges, but the benefits of new security technologies far outweigh the potential disruption of a tricky adjustment period. Some products may also be expensive upfront, but again, they’ll be a worthy investment in the long run.

By taking advantage of enhanced security tools, mainframe professionals have the potential to improve their security posture and better protect their company’s – and customers’ – sensitive data.