The staggering average cost of a data breach in 2023, totalling USD4.45 million, has brought into sharp focus the critical importance of robust security measures, particularly concerning mainframe infrastructure.
In an exclusive interview with BusinessToday recently, Rocket Software Vice President for Asia Pacific Praveen Kumar said despite IT leaders’ continued trust in mainframes for their security and reliability, the financial ramifications of data breaches highlight the pressing need for enhanced security strategies.
A mainframe is a high-performance computer used for large-scale, compute-intensive purposes and tasks that require greater availability and security than smaller-scale machines.
Rocket Software, a software development firm conducted its State Of The Mainframe Security Survey which underscored this urgency, emphasising the imperative for regular mainframe security assessments and improved workforce training.
Moreover, businesses are increasingly aware of these challenges and are taking proactive steps to bolster their security posture.
For instance, IBM reports that 51% of organizations have plans to increase their security investments following a breach, while Verizon anticipates continued growth in security spending in 2023. These trends reflect a broader industry acknowledgment of the critical need to safeguard data and mitigate the potential financial losses associated with breaches, Praveen said.
Complexities of Mainframe Security
In today’s digital world, mainframes play a vital role in powering essential global operations, managing large financial transactions, and protecting customer data for telecommunications companies. Despite their reputation for reliability, mainframes harbour vulnerabilities such as misconfigurations and unauthorised access, posing significant risks to organisations.
Alarming reports from Malaysia’s Personal Data Protection Department and CyberSecurity Malaysia highlight a fourfold increase in data breaches within six months, underlining the urgent need to fortify mainframe security. Sectors like telecommunications, government, logistics, transportation, and banking face heightened risks, making robust security measures imperative.
Delving into the intricate world of mainframe security, Praveen said, as the custodian of some of the world’s most critical operations, mainframes are the backbone of countless organisations, facilitating transactions, managing databases, and running vital applications. However, despite their reputation for security and reliability, mainframes are not impervious to risks.
He underscored the importance of prioritising mainframe security due to the vast amounts of mission-critical data they store. “Any breach or unauthorised access to mainframes can result in severe consequences, including financial loss, reputational damage, and legal implications. If compromised, mainframes can disrupt business operations, leading to downtime and revenue loss.”
Navigating Mainframe Security Challenges
Praveen’s role at Rocket Software aligns closely with addressing the security challenges associated with mainframes. He highlighted the need for organisations to evolve their security measures to meet the dynamic challenges of today’s hybrid IT environments.
Through collaboration with highly skilled professionals, Praveen helps organisations strategise and manage their mainframes, ensuring data security and operational stability. “I help to demonstrate how modernisation without disruption can help organisations in the region to not just safeguard data, but also their reputations and operational stability.” he said.
Discussing notable trends in mainframe security, Praveen emphasised the growing complexity and sophistication of cyberattacks. He debunked common misconceptions about mainframe security, emphasising that their reputation for security does not make them immune to emerging threats.
Key Focus Areas for Organisations to Ensure Strong Mainframe Security
Discussing the critical aspects organisations need to focus on to ensure the security strength of their mainframe infrastructure, Praveen highlighted the importance of blending multiple security methods, “Many organisations are banking on singular methods as a defense mechanism. Instead, the key is to blend multiple methods to withstand both internal and external threats.”
He also addressed common challenges organisations face according to Rocket Software “State of the Mainframe” survey, stating, “If we look at the findings, close to a third of organisations said funding and resources were inadequate.”
The increasing adoption of open-source technologies was another topic of discussion. Praveen highlighted the risks associated with open-source code and the importance of managing it properly to prevent security gaps and ensure compliance.
“There’s two risks here. The first and more obvious one is that potential attackers can simply examine code to pick out vulnerabilities and break into an organisation’s systems. The other risk is that, if open-source components embedded within mainframe applications are not managed properly, fixes and updates could end up not actually making their way into the mainframe. This, then, could result in severe security and integrity gaps.” he said.
The potential ramifications of a mainframe breach were not overlooked where the vice president emphasised the significant financial implications, as well as the reputational damage and operational disruption organisations could face. He stressed the importance of prioritising compliance and transparency to mitigate these risks.
Talking about the alarming statistics from Malaysia’s Personal Data Protection Department and CyberSecurity Malaysia’s report, Praveen underscored the need for organisations across sectors to employ holistic security approaches and adopt a hybrid strategy to strengthen regulatory agility and lighten workloads.
“These figures are concerning, for sure, and they underscore that industries using mainframe systems must step up and employ holistic security approaches.” he said.
He offered key strategies and best practices for fortifying mainframe security in the face of evolving cyber threats, emphasising the importance of strong data management and governance operations, proactive isolation of workloads, and continuous monitoring in application development.
Praveen added it’s evident that mainframe security is a multifaceted issue requiring careful consideration and proactive measures from organisations. His expert insights provide a roadmap for navigating the intricate terrain of mainframe security in today’s digital era. As businesses confront the evolving threat landscape, Praveen’s guidance serves as a path towards fortified mainframe security and resilience in the face of emerging challenges.
