Mitigating Data Exposure Risks on z Systems
|Richard Harris in Security Friday, February 19, 2016|
We visited with Ashok Reddy, CA Technologies’ General Manager – Mainframe, to discuss how the CA Data Content Discovery helps identify data exposure risks on z Systems and reduces these risks by scanning through the mainframe data infrastructure so that the right business decisions can be made to secure, encrypt, archive, or delete the data identified based on its sensitivity.
Ashok is General Manager of Mainframe at CA Technologies where he's responsible for the P&L, strategy and development of CA’s full portfolio of Mainframe products and solutions. He has 25 years of experience in the software industry with his most recent role prior to joining CA at IBM as Vice President, Offering Management, API Economy & Hybrid Cloud Integration.
ADM: What new capabilities does CA Data Content Discovery bring?
Reddy: CA Data Content Discovery helps identify data exposure risks on z Systems by automatically scanning through the mainframe data infrastructure for regulated or sensitive data. By discovering where the data is located, classifying the data to determine sensitivity level and providing comprehensive reporting on the scan results, data can be protected and exposure risks can be mitigated.
ADM: What’s unique about CA Data Content Discovery?
Reddy: CA Data Content Discovery is the only data security discovery and classification offering solely on and for the mainframe, hereby completely eliminating any risky offloading of data. CA Data Content Discovery integrates with leading enterprise security management and access control products – such as CA ACF2, IBM RACF and CA Top Secret for z/OS; revealing not just which data is exposed but who has access to such data – without increases in general CPU capacity.
ADM: Why is the mainframe important to a company in the application economy?
Reddy: In the application economy and today’s modern datacenter it is important to realize that the mainframe is no longer an isolated black box. The mainframe is the crucial online, real-time, high speed, completely reliable backbone for transaction processing worldwide – banking & payments, healthcare, travel & hospitality, and more. In fact, over 70% of mission-critical data passes through the mainframe constantly, resulting in huge aggregations of regulated data.
Collections of this data can become lost, abandoned, orphaned, even maliciously hidden by internal fraudsters, subjecting enterprises to unknown degrees of risk. CA Data Content Discovery empowers customer to find, classify, and protect discovered data, before it is accidentally or maliciously exits the mainframe in a data breach.
ADM: What new capabilities does CA’s Unified Infrastructure Management for z Systems bring?
Reddy: CA Unified Infrastructure Management for z Systems extends CA’s unified infrastructure management solution (UIM) to the mainframe – making it the only UIM to provide a comprehensive visibility of services that span mobile-to-mainframe systems in a single view.
With this expanded visibility and single view, customers can now manage z Systems as part of the overall IT infrastructure, reducing the need for specialized tools and expertise. IT operators can use the rich functionality of CA UIM to easily monitor mainframe system performance, enabling organizations to react more quickly when thresholds are exceeded - to increase customer satisfaction, reduce MTTR and lower overall costs.
ADM: Why is this important to a company going through a digital transformation?
Reddy: Having a holistic view of the entire environment is critical for organizations that compete in the application economy. As organizations go through digital transformation, with more and more devices accessing mainframe backend ‘systems of record’, it grows increasingly challenging for IT teams to ensure critical applications deliver the reliability and responsiveness users and the business demand.
Extending UIM to the mainframe accelerates problem resolution by enabling users to quickly identify issues and hone in on the root cause – no matter where it occurs. It provides customers seamless visibility across the growing number of mobile-to-mainframe apps, organizations can in turn deliver improved end-user experiences and reduce down time of revenue generating systems.
ADM: What about Mainframe security?
Reddy: What some people might not realize is that hundreds of mainframes across the world are connected to the internet and accessible to anyone with a TCPIP login. While important, traditional access control used in mainframe security is no longer sufficient against today’s sophisticated threats – be it social engineering; threaded attacks, where a vulnerability is inadvertently caused by insufficient controls; training; or even routine IT tasks such as replication.
Simply put - the probability of mainframe data exposure is now higher than ever before. Special data security controls must be implemented in addition to access-control.
ADM: How is the Mainframe security problem currently being solved?
Reddy: In some cases, the problem isn’t being solved at all and mainframe data security is being addressed indirectly through ESM technologies. In other cases, mainframe data is extracted off the mainframe platform for data discovery, classification and audit purposes.
While well-intentioned, there are inherent problems in this approach. First, multiple copies of sensitive production data proliferate. Second, data could be sent to third-parties without effective controls, and third, the security characteristics of the target don’t always match the source data structure.
In order to prepare for an audit, organizations must be in control of their data at all times. CA Data Content Discovery gives their teams what is needed to ensure they can attest that all the regulated data on the mainframe is known, found, and addressed to prevent data breach. In the absence of control, C-level executives and boards of directors will be held directly accountable for the privacy of customers’ data in the event of a breach.
ADM: How are all of these changes affecting mainframe migration strategies?
Reddy: The mainframe continues to run critical systems of record and remains the most cost-efficient platform for such workloads. Capabilities provided by CA Data Content Discovery and Unified Infrastructure Management for z Systems provide the confidence and peace of mind to the IT Operations leader about the integrity and availability of business services relying on the mainframe.
ADM: How do you see the mainframe delivering innovation to businesses in the application economy and how is CA meeting that vision?
Reddy: Innovation has two parts – Integration and Agility. With regard to integration of mobile to mainframe, on the application development side, we help customers pull data on the mainframe, such as account status, into mobile banking apps where consumers can access this information. This enables traditional companies to leverage the IP they have to provide new and innovative services to customers.
But it’s not just about integration, it’s also about agility. Our customers can leverage our tools such as CA Endevor SCM to move into an agile, continuous delivery of application code on the mainframe. And as a leader in IT Operations Management software, we’ve continued to pioneer cross-enterprise performance monitoring and management with products such as CA Cross-Enterprise APM and CA Unified Infrastructure Monitoring for z Systems, so that the same IT shop can administer all platforms.
Read more: http://www.ca.com/us/securecenter/ca-data-content-...