defense in depth! protecting your mainframe data from risk and loss

Defense In Depth! Protecting Your Mainframe Data from Risk and Loss Julie-Ann Williams Mitch Rozonkiewiecz

MFT13S #CAWorld

Managing Director Advisor, Product Management millennia… CA Technologies

Mainframe

2 © 2014 CA. ALL RIGHTS RESERVED.

Abstract

The security threat landscape is changing at a rapid pace. Understanding the importance of having scrupulous policies to monitor system access, identify sensitive data and building a strong enterprise security program is more important than ever. This session will help you identify possible exposure areas on the mainframe and help you develop the foundation of your enterprise security program.

Julie-Ann Williamsmillennia…

Mitchell RozonkiewieczCA Technologies


Agenda

THE PAST

THE PRESENT

THE FUTURE

1

2

3


The Past

Mainframes represented “islands of computing.”– Proprietary protocol, mostly hardwired networking

– The Internet hadn’t been invented yet!

– Hackers existed but spent most of their time monkeying around with telephony

IT Security policies were thin on the ground.

No one had ever lost data.

1960s thru 1980s

ESTABLISHMENT OF MAINFRAME USE


The Past

What we cared about was making sure the RIGHT PEOPLE could CHANGE data.

SIMPLE, when you recognize the face of everyone who can access the mainframe!

1960s thru 1980s continued



The Past

Businesses had 20 years to get “hooked” on mainframes.

IT press decided that 20 years was long enough and the mainframe would soon be dead.

1960s thru 1980s continued


CICS


The Past

Lots of newcomers to the IT field in both hardware and software.

Mainframe starts to be seen as “legacy” in terms of IT strategy driven by:– Rumors of the death of the mainframe now long established

– Knowledge that “We only run one legacy application.”

– Mainframe stability means it isn’t talked about in problem meetings.

1980s thru 2000s

CONSOLIDATION OF MAINFRAME USE


The Past

Interestingly, this is the only industry that views the word legacy as negative!

1980s thru 2000s

CONSOLIDATION OF MAINFRAME USE


The Present

Global Banking Crisis!

Hacking is front page news.– Personal credentials taken

– Mainframe sites compromised through other platforms

Presentations on hacking mainframes at the last two Black Hat conferences

CHANGING THREAT LANDSCAPE


The Present

Businesses start to realize that they are targets even on the mainframe.– Also start to realize that the one legacy application is BUSINESS

CRITICAL

– Leading to significant investment in mainframe technology increasing

CHANGING THREAT LANDSCAPE

Also …


The Present

One ‘Hacking Group’ (April – August 2012)– A government agency

– A multi-national bank

– A police agency

MAINFRAMES COMPROMISED PURELY THROUGH THE MAINFRAME

Also …


The Present

A government agency– 10,000+ files downloaded including highly personal data

– 120,000 ESM userids + passwords

– RSA certificates modified


Also …


The Present

A multi-national bank– Attempted theft via eight bank transfers totalling

US$900,000

One was successful.

– Bank accounts hit across countries.


Also …


The Present

A police agency– Four million Social Security numbers exposed

– Shared mainframe

Other government departments may have been breached.


Also …


Capture security events independent of security logging

Capture environment changes that could affect security

Join security data and event data

Enterprise view versus LPAR

Supports CA ACF2™, CA Top Secret® and IBM RACF

CA Chorus™ for Security and Compliance Management

FIRST STEP IN MAINFRAME CONSOLIDATION

The Present


The Future

ENTERPRISE VIEWED AS A SINGLE SECURITY ENTITY?

Policy Driven Security

Revisit your security requirements– Do it now if you haven’t already started!

Identify:Data ContentData OwnershipApplication OwnershipApplicable Legislation


Data Security on z/OS

Historically, z/OS data has been protected

through the dataset (file) name

However, data is regulated by the content of

the data:

– Health Data

– Personally Identifiable Information

– Credit Card Numbers, etc.

Dataset names may not reflect the true content

– Consider how many times production data is

copied for test purposes

PROD.DATACredit CardData

TEST.DATA


Data Content Discovery for z/OS

The solution will crawl through data on your z/OS systems, identifying sensitive data

You initiate/control the process

The results will be coordinated and recorded, allowing them to merge with an enterprise view

All controlled by a GUI


The Past is still relevant and might cause

Future issues

The Present will become the Past in 24 hours

The Future will dictate the success of

your business

Are you prepared with an Enterprise Security plan?

Come talk to us after the session!

Don’t miss FBI Agent Watkins tomorrow

@ 9:45am


Polling Question

YES, WE HAVE A PROGRAM IN PLACE AND TOOLS TO MONITOR

YES, WE HAVE A PROGRAM – BUT NO TOOLS (ALL MANUAL)

NO, WE DON’T HAVE A PROGRAM OR TOOLS

NOT SURE – WILL HAVE TO CHECK

1

2

3

4

Do you have a program and tools in place to address vulnerabilities on the mainframe that could lead to data loss?


For More Information

To learn more about Mainframe, please visit:

http://bit.ly/1wbiPkl

Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;

ensure it links to correct pageMainframe






For Informational Purposes Only

© 2014 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary.

Terms of this Presentation

defense in depth! protecting your mainframe data from risk and loss

Technology

mainframe data

data security

security join security

zos data

sensitive data

personal data

health data

mainframe consolidation