Search Rocket site

Rocket Software Survey Reveals Only 27% of Organizations are Extremely Confident in Mainframe Security Compliance Amid Stricter Data Protection Standards

24 October 2023
Survey underscores critical nature of mainframe security, particularly as new methodologies and technologies emerge on the market
Press Release

WALTHAM, Mass. — October 24, 2023Rocket Software, Inc. (“Rocket Software”) a global technology leader that develops enterprise software for some of the world’s largest companies, today announced the findings from its 2023 Survey: The State of Mainframe Security. The survey of IT leaders at companies with more than 1,000 employees uncovered that while many organizations run their core business applications on the mainframe, respondents lack confidence in the effectiveness of their mainframe security compliance, signaling a need for more robust security practices.

For decades, mainframe systems have been the cornerstone of enterprise infrastructure, unparalleled in reliability, scalability, and data security, and that remains true to this day. Over half of survey respondents (51%) indicated that they either run all or the majority of core business applications on the mainframe. But, with the digital landscape changing and with the introduction of new methodologies like DevOps, open-source adoption, and the shift towards hybrid cloud solutions, prioritizing mainframe vulnerability management is more important than ever.

Key findings of the survey include:

  • Majority Uncertain About Mainframe and Vendor Compliance
    Organizations now face stricter standards in handling personal data, with the rise in regulations such as the GDPR and PCI DSS. The changing rules highlight the imperative for businesses to operate with transparency, accountability, and foresight in protecting user data in a digital world. However, a mere 27% of survey participants are highly confident in their organization's mainframe security compliance effectiveness. Moreover, businesses must also consider third-party suppliers to ensure compliance, yet, only 31% of respondents are fully convinced of their organization's effectiveness in making certain that vendors stick to rigorous QA benchmarks—highlighting a major gap in security.
  • Proactive Security Measures Adopted by 62% of Organizations for Open Source and Mainframe
    Open source offers numerous advantages, such as community collaboration and transparency, but it also allows for potential vulnerabilities. Encouragingly, organizations are proactive about open source and mainframe security: 62% consistently perform vulnerability assessments and security audits, 58% continuously monitor and update open source for security patches, and 54% train developers on secure coding with open-source components. While open-source communities can quickly apply patches and fixes to critical vulnerabilities and exposures, vendor support is critical to promptly address vulnerabilities, particularly when it comes to languages ported to IBM® z/OS®.
  • Challenges Remain in Integrating Mainframe Security with DevOps
    Integrating security best practices into the DevOps toolchain ensures that security remains an unwavering, collective responsibility throughout software development life cycles. This integration promotes swift and efficient security updates, diminishing potential threats. Nonetheless, the integration of mainframe security with DevOps introduces unique complexities. Survey participants highlighted limited automation and integration capabilities for mainframe security within DevOps pipelines as their primary concern.
  • Respondent Geographies Reveal Differing Perspectives on Mainframe Security
    By far and away, the United Kingdom relies most on the mainframe for security purposes – with 56% of U.K. respondents citing it as the number one ranked reason for the mainframe. Interestingly, when asked about challenges organizations face in ensuring effective mainframe security – respondents in the United States noted a lack of awareness about mainframe security risks – more than any other country.

“Mainframes remain the unwavering foundation of enterprise tech. As organizations embrace new approaches and emerging technologies, we're seeing a shift in digital activity that brings both challenges and opportunities,” said Milan Shetti, CEO of Rocket Software. “This data makes clear the security challenge is paramount, and now is the time for organizations to not only evaluate their current practices, but ensure their business is equipped to keep pace with the rapid evolution of technology.”

To download the full report, click here.

About Rocket Software

Rocket Software partners with the largest enterprises, in all industries, to solve their most complex IT challenges, across infrastructure, data, and applications — with solutions that simplify, not disrupt their modernization journey. Trusted by over 10,000 customers, Rocket Software helps enterprises modernize in place with a hybrid cloud strategy, so they don’t need to re-platform or build from the ground up. The company’s 2,600 global employees work with customers to accelerate and optimize their modernization journey while meeting evolving market needs. Rocket Software is a privately held U.S. corporation headquartered in the Boston area with centers of excellence strategically located throughout North America, Europe, Asia and Australia. Rocket Software is a portfolio company of Bain Capital Private Equity. Follow Rocket Software on LinkedIn and Twitter or visit

“IBM” and “IBM z/OS” are trademarks of International Business Machines Corporation.