IBM Boosts Mainframe Security

IBM (NYSE: IBM) today unveiled a new release of its mainframe operating system -- the z/OS -- adding features that increase the software’s already fortress-like security for online commerce as well as the next generation of highly secure business transactions. IBM also announced new mainframe software that automates security administration and audit processes.

“Originally designed to be shared by thousands of users, the IBM mainframe has security built into nearly every level of the computer -- from the processor level, to the operating system to the application level,” said Jim Porell, Distinguished Engineer and System z Chief Architect. “Our security leadership is one of the many reasons why the world’s top banks rely on the IBM mainframe for their financial transactions.”
For companies running “thousands” of transactions that require identity validation and lightning fast communications from countless customers and unknown parties, the new IBM z/OS is designed to deliver the following:

Improved network security policy management -- making it easier to set network security policy across multiple instances of z/OS mainframe operating systems. Administrators only need to define one centralized policy to enforce network encryption rules and intrusion detection for all z/OS systems within an enterprise -- including distributed systems attempting communication with z/OS systems.
Enhanced Public Key Infrastructure (PKI) services to help improve the creation, authentication, renewal, and management of digital certificates for user and device authentication. By managing digital certificates directly through their z/OS mainframe, customers can potentially see substantial savings compared to the cost of third party hosting. This capability is essential in creating the digital certificates for buyers and sellers to conduct secure business transactions online. z/OS’s PKI can be used for many important tasks, such as securing a wireless network infrastructure using WPA security, exploiting smartcard technology on credit and cash cards and securing the end nodes of a Virtual Private Network that might be hosting Point of Sale or ATM communications traffic.
Adoption of the popular security standard, PKCS #11, which specifies an application programming interface for devices that hold cryptographic information and perform cryptographic functions. These functions are now provided on z/OS to help host applications that utilize this standard onto z/OS to take advantage of the centralized key storage provided by z/OS.
Additional enhancements include more robust scalability and availability for clustered environments, improved economics via expanded use of specialty engines, simplified management for network diagnosis, among others. For details, log on to http://www-03.ibm.com/servers/eserver/zseries/zos/.

IBM Tivoli zSecure
IBM also announced today new software that provides additional functionality for the mainframe’s security system while helping reduce processing time. The IBM Tivoli zSecure Manager for RACF z/VM provides automation of security administration and audit processes in the virtual mainframe environment. With the opportunity to define more granular divisions between administration authority levels, senior administrators can divert tasks and workloads to decentralized contacts without compromising security. Tivoli zSecure Manager for RACF z/VM extends auditing capability by reading the RACF database, analyzing SMF records generated by RACF z/VM, and providing user privileges from both RACF and the VM directory.

IBM Tivoli zSecure Manager for RACF z/VM is an addition to the broader IBM Tivoli zSecure suite for managing mainframe security, first made available in July 2007, leveraging technology from IBM’s Consul acquisition in January of this year.

IBM System z Mainframe Security
The IBM mainframe is an incredibly secure server with an abundance of security safeguards and capabilities. These features are designed to protect against hacks, keep private data from getting “in the clear,” and allow for easy management of complex security issues. In today’s world, when every week seemingly brings a new identity theft scandal, multiple industries must conform to stringent security and audit regulations, such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS); security has never been more relevant to more sectors ranging from financial services and retail, to healthcare and government organizations.

On top of this rock-solid foundation, IBM has built powerful technologies that, taken together, form an expansive security envelope. For example, the IBM mainframe provides sophisticated controls that are designed to allow users to gain access to only those applications, data sets, and resources to which they are entitled, keeping unauthorized users out. It also provides multiple layers of intrusion detection and defense.

Working in tandem with these security features is the mainframe’s cryptography function, which scrambles and unscrambles private information. This is a key weapon in the battle against identity theft and a cornerstone of electronic commerce. The IBM mainframe’s operating system, z/OS, in conjunction with the Cryptographic Coprocessor hardware device, helps to prevent access to sensitive information -- such as customers’ credit card information, addresses and social security numbers -- by unauthorized users.

The mainframe also provides extreme scalability and availability -- with up to 54 engines in a single z/OS image and with 32 systems together in a Parallel Sysplex cluster, customers could have up to 1,728 mainframe engines behaving as one single system. But mainframe clustering technology is not limited to providing only scalability, this clustering solution can help provide availability, workload management, reduced planned outages, and disaster recovery as well -- in an environmentally efficient manner.