Firms simply cannot give up mainframes.
Whereas cloud infrastructure hogs the highlight, mainframe techniques proceed to dominate main segments of the economic system, particularly people who require high-performance and high-reliability purposes, such because the processing of monetary transactions — mainframe techniques deal with an estimated 90% of bank card transactions, for instance. Based on a Deloitte research, 71% of Fortune 500 firms proceed to depend on mainframes, and 90% of executives anticipate to broaden their mainframe footprint.
Securing mainframes stays high of thoughts, with 61% of mainframe and IT professionals rating safety as the highest downside they’re dealing with, in keeping with an annual survey of mainframe customers. Whereas mainframe {hardware} is often up to date, the software program structure usually consists of an agglomeration of added options and elements which are arduous to safe, says Jeff Emerson, built-in mainframe service lead at Accenture.
“Regardless of the screaming efficiency of many mainframe purposes, they’re more and more brittle because of many years of ‘simply add this’ code modifications that drive exponential will increase in software program complexity,” Emerson says. Inheriting software program architectures from two to a few many years in the past, he provides, has additionally led designers “in the direction of extremely shared knowledge buildings on a single, monolithic platform — which has change into extremely troublesome to tear aside.”
The issues will solely worsen, as a result of removed from dying out, mainframe techniques proceed to energy a lot of the infrastructure that underpins the knowledge economic system. This poses a problem to software program growth and safety due to mainframes’ monolithic nature and the rising shortage of mainframe technical experience.
Safety Is High Concern for Mainframe Customers
Beginning within the Fifties, the mainframe structure was synonymous with computing. Whereas many mainframe customers are in search of methods to maneuver some workloads to the cloud, the overwhelming majority of enterprise and IT executives (94%) have a optimistic view of the way forward for mainframes. A sizeable share (62%) foresee their use of mainframes rising with new workloads, in keeping with the 2023 BMC Mainframe Survey report.
The market continues to develop. IBM Z Methods, Fujitsu’s GS sequence, and Unisys’ Libra servers are the preferred mainframe ecosystems. Z Methods alone noticed 21% year-over-year income progress in 2022, in keeping with IBM’s monetary statements.
Nevertheless, sustainable progress can solely occur if mainframe customers determine methods of creating their infrastructure simpler to safe and extra agile, says Linda Betz, performing CISO and insurance coverage sector lead for the Monetary Providers Info Sharing and Evaluation Middle (FS-ISAC). As a result of mainframes are constructed to final, the software program portfolio related to mainframe techniques is usually advanced and arduous to handle.
“There’s a facet of ‘if it ain’t broke, do not repair it’ to the cloud migration debate,” she says. “Monetary establishments who use mainframes should weigh the price of upending their present mainframe system for one thing else, they usually could not see sufficient profit in doing so, or they could achieve this for sure capabilities and techniques however not for others.”
The system has a plethora of safety controls — reminiscent of consumer authentication and entry controls, decentralized safety administration, discretionary and necessary entry controls, logging to the techniques administration facility (SMF), useful resource management, and auditability and accountability — however the software program is difficult to safe, says Accenture’s Emerson.
“The mainframe platform offers safety, audit, and monitoring capabilities practically ‘out of the field’ offering nice assurances for the info held inside,” he says. “That is each a blessing and a curse, because the mainframe platform is extremely strong, however software program that has been developed over 4 and even 5 many years is more and more advanced, but below ever-increasing demand for flexibility and agility to satisfy rising enterprise wants.”
The obscurity helps in some methods, as attackers usually have no idea methods to entry the techniques, even when they may run the gauntlet of safety measures thrown as much as defend mainframes. Nevertheless, no firm ought to depend on a security-through-obscurity strategy, says Kevin Stoodley, chief expertise officer for IBM Z, the corporate’s mainframe division.
“That is the previous philosophy, actually, and anyone who’s counting on that, I feel, is on skinny ice,” Stoodley says. “With fashionable strategies round protection in depth, reminiscent of community segmentation, even when there are breaches, which there inevitably will probably be in a company, mainframes are most likely not the primary place they will get to.”
Mainframe, Cloud, or Hybrid
Many firms are transitioning workloads from their mainframe techniques to cloud infrastructure. Within the subsequent 5 years, two-thirds of banks (67%) will transfer no less than half of their mainframe workloads to the cloud, up from 31%, in keeping with a 2022 Accenture report. The limitations of migration are important, nevertheless. Practically half of all monetary companies fearful about enterprise disruption and the complexity of coping with their crucial purposes throughout any try to maneuver away from mainframes.
Furthermore, whereas mainframe techniques can run Linux and purposes written in fashionable languages, many software are written in COBOL, which is extra liable to SQL Injection assaults that may compromise the underlying knowledge, in keeping with Accenture’s Emerson.
“Cleansing up this code in place or placing applicable protections in place as it’s modernized is paramount to defending the world’s crucial knowledge,” he says.
Whereas most firms are contemplating rearchitecting mainframe software program to extend developer agility and scale back prices, improved safety is one other profit. Transferring to a hybrid cloud might assist, says Cynthia Overby, director safety for buyer options engineering at Rocket Software program.
“Mainframes are such an intrinsic a part of a company, housing a lot crucial knowledge, that the method to utterly rip and change would take an excessive amount of money and time,” she says. “Because of this, we’re seeing an increase in demand for hybrid cloud infrastructure, which affords customers the perfect of each worlds.”
AI Might Sub for Disappearing Mainframe Specialists
Modernizing mainframe infrastructure to safer architectures will probably be troublesome with out the best individuals. Extremely specialised mainframe operators and engineers are a quickly disappearing demographic within the fashionable office, with 90% of enterprise leaders discovering it reasonably or extraordinarily troublesome to search out the best individuals to keep up mainframes, in keeping with a Deloitte report.
“Particularly given the dearth of expert staff obtainable, discovering individuals to keep up these techniques — or worse, reply within the case of an outage — might change into very costly,” the report said.
As a result of the mainframe expertise stack is just not usually taught in faculties, specialists must be taught the structure and its vagaries on the job, and safety groups must learn to defend them on their very own. This downside is one which AI could possibly assist firms clear up by mapping mainframe code to extra fashionable languages, FS-ISAC’s Betz says.
“With the continuing cybersecurity expertise scarcity, establishments could not have the manpower and experience to transition to a unique infrastructure,” she says. “Nevertheless, AI really poses a chance for translating between mainframe languages and newer ones to assist youthful engineers in sustaining mainframes.”
