While many organizations run their core business applications on the mainframe, IT leaders lack confidence in the effectiveness of their mainframe security compliance, signaling a need for more robust security practices, according to Rocket Software.
For decades, mainframe systems have been the cornerstone of enterprise infrastructure, unparalleled in reliability, scalability, and data security, and that remains true to this day. 51% of survey respondents indicated that they either run all or the majority of core business applications on the mainframe.
But, with the digital landscape changing and with the introduction of new methodologies like DevOps, open-source adoption, and the shift towards hybrid cloud solutions, prioritizing mainframe vulnerability management is more important than ever.
Stricter data regulations pose challenge for organizations
Organizations now face stricter standards in handling personal data, with the rise in regulations such as the GDPR and PCI DSS. The changing rules highlight the imperative for businesses to operate with transparency, accountability, and foresight in protecting user data in a digital world.
However, a mere 27% of survey participants are highly confident in their organization’s mainframe security compliance effectiveness.
Moreover, businesses must also consider third-party suppliers to ensure compliance, yet only 31% of respondents are fully convinced of their organization’s effectiveness in ensuring that vendors stick to rigorous QA benchmarks—highlighting a major gap in security.
Open source offers numerous advantages, such as community collaboration and transparency, but it also allows for potential vulnerabilities. Encouragingly, organizations are proactive about open source and mainframe security: 62% consistently perform vulnerability assessments and security audits, 58% continuously monitor and update open source for security patches, and 54% train developers on secure coding with open-source components.
While open-source communities can quickly apply patches and fixes to critical vulnerabilities and exposures, vendor support is critical to promptly address vulnerabilities, particularly in languages ported to IBM z/OS.
Challenges remain in integrating mainframe security with DevOps
Integrating security best practices into the DevOps toolchain ensures that security remains an unwavering, collective responsibility throughout software development life cycles. This integration promotes swift and efficient security updates, diminishing potential threats.
Nonetheless, the integration of mainframe security with DevOps introduces unique complexities. Survey participants highlighted limited automation and integration capabilities for mainframe security within DevOps pipelines as their primary concern.
By far and away, the United Kingdom relies most on the mainframe for security purposes – with 56% of U.K. respondents citing it as the number one ranked reason for the mainframe. Interestingly, when asked about challenges organizations face in ensuring effective mainframe security – respondents in the United States noted a lack of awareness about mainframe security risks – more than any other country.
“Mainframes remain the unwavering foundation of enterprise tech. As organizations embrace new approaches and emerging technologies, we’re seeing a shift in digital activity that brings both challenges and opportunities,” said Milan Shetti, CEO of Rocket Software. “This data makes clear the security challenge is paramount, and now is the time for organizations to not only evaluate their current practices, but ensure their business is equipped to keep pace with the rapid evolution of technology.”