validate files

Validating your files

Mainframe files/datasets are liable to change quite often. After all, people are using those files so they are likely to be modified/updated. So how could you tell whether there had been a legitimate change to the file or it had been hacked? How can you verify that your z/OS files have remained intact and your data is secure?

Read More

Is your business affected by GDPR?

What GDPR Means for Mainframe Storage, Archive and Backup

On April 27, 2016, the European Union passed regulation 2016/679, more popularly known as the General Data Protection Regulation (GDPR). On May 25, 2018, GDPR implementation began, and enforcement activities started. So which organizations are affected by GDPR regulation, and what are the most difficult IT hurdles to overcome?

Read More

Multi-Factor Authentication Has Arrived – The Mainframes Are Ready

Retinal scans. Face recognition. Fingerprint scanners. Spoken phrases. Randomized pins. Those cool full-body laser scanners from the movies. Science fiction has correctly predicted many aspects of how we live in the digital age, including the rise of security practices involving more than one sort of security test or “factor,” called Multi-Factor Authentication (MFA). And while those full-body scanners are still a few years away (and honestly more cool than they are efficient) even our mobile phones now integrate fingerprint scanners and require more than one means of logging in. As criminals get more creative, security must compensate, and soon everything from online games to mobile banking will depend on MFA to ensure even a baseline level of protection.

Read More

Q: Meltdown, Spectre (and new variants) – how best to cope?

A: Become a Grandmaster at Whack-a-mole!

“…used with reference to a situation in which attempts to solve a problem are piecemeal or superficial, resulting only in temporary or minor improvement…”

Much (very much!) has been written regarding the security threats posed by the discovery of system processors being exposed to the Spectre and Meltdown vulnerabilities.  And as if these vulnerabilities weren’t already serious enough a quick Google search yields headlines like: “Meltdown-Spectre flaws: We’ve found new attack variants, say researchers – Intel and AMD may need to revisit their microcode fixes for Meltdown and Spectre.”

Read More
Security Information and Event Management

Mainframes don’t need SIEMs, do they?

Mainframes come with plenty of security – why should they use a Security Information and Event Management (SIEM), when it doesn’t even run on the mainframe? This is pretty much the opening argument from most mainframers when talking about SIEMs, and, at first glance, it seems pretty reasonable, but is it?

SIEM software products and services combine Security Information Management (SIM) and Security Event Management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. SIEM products that you may have come across include: ArcSight and IBM QRadar, Splunk, LogRhythm, McAfee Enterprise Security Manager, Dell RSA Security Analytics, or Dell SecureWorks.

Read More

Mainframers are starting to ask questions about security – and that’s a good thing

IT security crises are forever making business headlines. In 2017 it was the high profile ransomware attacks and huge data breaches such as Equifax. Barely a week into 2018 and we had the revelations surrounding the Meltdown and Spectre vulnerabilities affecting computer chips around the world.

Traditionally, the mainframe community has been a little smug about security, generally believing our platform to be immune from many of the risks faced in distributed environments. Isn’t that one reason why the big banks and credit card companies continue to rely on mainframes to process transactions?

Read More