In-Depth

Mainframe Proponents Talk Up Platform’s Security Strengths

There’s a growing consensus -- among IBM users, at least -- that Big Iron’s biggest selling point might well be its proven security model.

• By Stephen Swoyer
• 09/04/2007

IBM officials like to point out the mainframe’s all-in-one power and refrigeration model as a great solution for rising data-center power and cooling costs. That’s a given. Now there’s a growing consensus among IBM users that Big Iron’s biggest selling point might well be its proven security model.

"We’ve heard from a lot of customers who are interested in [the mainframe’s all-in-one power and cooling footprint], and we’ve also had success with [customers attracted by] virtualization and other [mainframe] features. We’re also increasingly hearing from customers interested in using the mainframe as a sort of security hub," says Mary Moore, System z security initiative leader with Big Blue.

To a degree, Moore maintains, the mainframe has comprised a kind of de facto security hub for many years. "Our customers for 40 years have been positioning their mainframes as their security hubs, and security and availability have been the two most important features that we continue to invest in and ensure that we’re leading the industry."

The mainframe’s role as security hub doesn’t just mean it’s the last line of defense against outside attacks. The Big Iron security hubs that Moore and others talk up are more than just information citadels; instead, Moore says, they’re designed to function as coordination, automation, and response centers for enterprise-wide information access.

Consider the z/OS 1.9 updates Big Blue announced last month: a number of these improvements—new support for network security policy management, enhancements to z/OS’ Public Key Infrastructure (PKI) services, and an update that lets the z/OS Integrated Cryptographic Facility (ICSF) support the popular PKCS #11 security standard—boost System z security and enhance Big Iron’s cross-platform security credentials, too. It is—as Burt Reynolds’ Jack Horner once put it in the film Boogie Nights—an important part of the process.

After all, Moore says, customers aren’t just centralizing key pieces of their security infrastructures—their security policy enforcement, encryption, and PKI implementations—on Big Iron. In addition, she maintains, many are moving data (and in a growing number of cases, data processing workloads) back to the mainframe. "Some [customers] are looking at aggressively rearchitecting [their information access infrastructures] to minimize data distribution across their enterprises, and to have [System] z [be] much more directly accessed."

The idea, Moore says, is that by moving data back to the mainframe, customers can take advantage of Big Iron security, Big Iron virtualization, and inexpensive Big Iron data processing (courtesy of Big Blue’s zSeries Integrated Information Processor, or zIIP) and reposition their mainframes as secure data hubs

"There’s this general trend [among customers] toward having the mainframe take on a more pivotal role—in a lot of cases, as a secure data hub. This concept [of the secure data hub] is becoming much more critical due to the growing fear of data breaches. We have seen customers who said maybe a year ago that the mainframe is no longer strategic for new applications now and they are changing that view, and in a lot of cases, it’s the security that’s being provided."

That’s the long view, of course. At this point, Moore concedes, only the most ambitious shops are taking this approach.

All the same, says Pam Taylor, vice president and head of Strategic Development for SHARE, security—Linux, WebSphere-on-z/OS, zIIP, and an all-in-one power and cooling proposition—has emerged as a significant Big Iron bonus.

"I can tell you just from conversations I’ve had or overheard [at SHARE] that a lot of [customers] are realizing that [the mainframe] is their most secure [platform] investment, and they’re asking about how can they take more advantage of that," said Taylor, in an interview at last month’s SHARE conference. Although she didn’t address the idea of Big-Iron-as-secure-data-hub, Taylor did stress that mainframe security is best-in-class—and will likely remain so for the foreseeable future.

"Again, there’s this feeling that [the mainframe] has always been their most secure platform [investment], and really the things [customers are] doing with it they can’t really do on any other platform," says Taylor, a Certified Information Systems Security Professional (CISSP), who cites Big Iron’s integrated PKI and encryption facilities as exemplary cases-in-point.

In disaster recovery scenarios, for example, Big Iron’s integrated PKI and encryption feature sets have emerged as crucial differentiators, Taylor points out. "I definitely have heard from people who say they’re going to expand [their mainframe investments] so they can take advantage of the mainframe’s superior security."