Is Complacency Around Mainframe Security a Disaster Waiting to Happen?

Jeff Cherrington

Mainframe

CA Technologies

Sr. Director, Product

Session #: MFT58S

Julie-Ann Williams

millennia…

Managing Director

Steve Hosie

Cyber Security Services

Founder

Steve Garrett

Wells Fargo Bank

VP, Mainframe Security Technical Services

2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type

of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.

For Informational Purposes Only

Terms of this Presentation

3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Abstract

Cyber-attacks damage an organization far beyond the breached

data. The ripple effect is felt on your relations with customers,

investors and employees. This security panel will discuss how

being compliant doesn’t mean you are secure and how

complacency around mainframe security will come back to bite

you! Most IT security departments today struggle to meet

organizational demands, especially with limited resources and

budgets. Yet in todays' interconnected datacenter, we have to ask -

is your team unaware of both malicious and accidental attack

vectors now targeting mainframe data? Gain some insight from

our experts; and come prepared to ask your own questions too!

Jeff CherringtonCA Technologies

Julie-Ann Williams millennia…

Steve Garrett Wells Fargo

Steve HosieCyberSecurity.Services

4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

We have seen multiple Mainframe specific breaches (CSC, Logica, others?) - yet we continually hear that the mainframe has not been breached and that it is the most secure platform available. Please respond…

5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

From the perspective of compliance, should the mainframe be considered out of scope?

In other words, should CIO’s and CISO’s be worried about the mainframe?

6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

What do you see as the greatest threat to the Security of the Mainframe in the future to be:

7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

- The “grey backs” retiring and being replaced by millennials?

- The proliferation of Web Based applications accessing mainframe data?

- Apathy, caused by the belief that the mainframe is inherently secure

- The move towards more open system interfaces

- Or something else or some combination of the above?

8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

In an 2013 article in Dark Reading, Adrian Lane (a Security Strategist), said the following:

“The persons responsible for mainframe database security, don't have a lot to worry about. And if you were worried about these attacks, you can disable FTP to thwart malicious code uploads. Or, firewall off the mainframe from Web access, as seems common. Beyond that most of the flaws must be addressed by IBM through code changes.”

9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Summary

A Few Words to Review

Key Topics

Don’t let complacency and apathy around the mainframe put you in a vulnerable position.

Findings

The mainframe is interconnected and contains mission critical data – don’t let a data breach ruin your business

Experiences

How are you finding and protecting your most critical data?

Q & A

For More Information

To learn more, please visit:

http://cainc.to/Nv2VOe

CA World ’15