Firms simply cannot stop mainframes.
Whereas cloud infrastructure hogs the highlight, mainframe techniques proceed to dominate main segments of the financial system, particularly those who require high-performance and high-reliability purposes, such because the processing of monetary transactions — mainframe techniques deal with an estimated 90% of bank card transactions, for instance. In response to a Deloitte research, 71% of Fortune 500 firms proceed to depend on mainframes, and 90% of executives anticipate to increase their mainframe footprint.
Securing mainframes stays prime of thoughts, with 61% of mainframe and IT professionals rating safety as the highest downside they’re going through, in response to an annual survey of mainframe customers. Whereas mainframe {hardware} is frequently up to date, the software program structure usually contains an agglomeration of added options and parts which can be arduous to safe, says Jeff Emerson, built-in mainframe service lead at Accenture.
“Regardless of the screaming efficiency of many mainframe purposes, they’re more and more brittle because of a long time of ‘simply add this’ code modifications that drive exponential will increase in software program complexity,” Emerson says. Inheriting software program architectures from two to a few a long time in the past, he provides, has additionally led designers “in the direction of extremely shared information constructions on a single, monolithic platform — which has develop into extremely tough to tear aside.”
The issues will solely worsen, as a result of removed from dying out, mainframe techniques proceed to energy a lot of the infrastructure that underpins the knowledge financial system. This poses a problem to software program improvement and safety due to mainframes’ monolithic nature and the rising shortage of mainframe technical experience.
Safety Is Prime Concern for Mainframe Customers
Beginning within the Fifties, the mainframe structure was synonymous with computing. Whereas many mainframe customers are on the lookout for methods to maneuver some workloads to the cloud, the overwhelming majority of enterprise and IT executives (94%) have a constructive view of the way forward for mainframes. A sizeable share (62%) foresee their use of mainframes rising with new workloads, in response to the 2023 BMC Mainframe Survey report.
The market continues to develop. IBM Z Methods, Fujitsu’s GS sequence, and Unisys’ Libra servers are the most well-liked mainframe ecosystems. Z Methods alone noticed 21% year-over-year income development in 2022, in response to IBM’s monetary statements.
Nevertheless, sustainable development can solely occur if mainframe customers determine methods of constructing their infrastructure simpler to safe and extra agile, says Linda Betz, appearing CISO and insurance coverage sector lead for the Monetary Companies Info Sharing and Evaluation Middle (FS-ISAC). As a result of mainframes are constructed to final, the software program portfolio related to mainframe techniques is usually complicated and arduous to handle.
“There may be a side of ‘if it ain’t broke, do not repair it’ to the cloud migration debate,” she says. “Monetary establishments who use mainframes should weigh the price of upending their present mainframe system for one thing else, and so they might not see sufficient profit in doing so, or they might achieve this for sure features and techniques however not for others.”
The system has a plethora of safety controls — corresponding to consumer authentication and entry controls, decentralized safety administration, discretionary and necessary entry controls, logging to the techniques administration facility (SMF), useful resource management, and auditability and accountability — however the software program is tough to safe, says Accenture’s Emerson.
“The mainframe platform gives safety, audit, and monitoring capabilities almost ‘out of the field’ offering nice assurances for the information held inside,” he says. “That is each a blessing and a curse, because the mainframe platform is extremely strong, however software program that has been developed over 4 and even 5 a long time is more and more complicated, but below ever-increasing demand for flexibility and agility to fulfill rising enterprise wants.”
The obscurity helps in some methods, as attackers usually have no idea entry the techniques, even when they might run the gauntlet of safety measures thrown as much as shield mainframes. Nevertheless, no firm ought to depend on a security-through-obscurity strategy, says Kevin Stoodley, chief expertise officer for IBM Z, the corporate’s mainframe division.
“That is the previous philosophy, truthfully, and anyone who’s counting on that, I feel, is on skinny ice,” Stoodley says. “With trendy methods round protection in depth, corresponding to community segmentation, even when there are breaches, which there inevitably will probably be in a company, mainframes are in all probability not the primary place they will get to.”
Mainframe, Cloud, or Hybrid
Many firms are transitioning workloads from their mainframe techniques to cloud infrastructure. Within the subsequent 5 years, two-thirds of banks (67%) will transfer no less than half of their mainframe workloads to the cloud, up from 31%, in response to a 2022 Accenture report. The obstacles of migration are vital, nonetheless. Practically half of all monetary corporations apprehensive about enterprise disruption and the complexity of coping with their important purposes throughout any try to maneuver away from mainframes.
Furthermore, whereas mainframe techniques can run Linux and purposes written in trendy languages, many utility are written in COBOL, which is extra susceptible to SQL Injection assaults that may compromise the underlying information, in response to Accenture’s Emerson.
“Cleansing up this code in place or placing acceptable protections in place as it’s modernized is paramount to defending the world’s important information,” he says.
Whereas most firms are contemplating rearchitecting mainframe software program to extend developer agility and scale back prices, improved safety is one other profit. Shifting to a hybrid cloud might assist, says Cynthia Overby, director safety for buyer options engineering at Rocket Software program.
“Mainframes are such an intrinsic a part of a company, housing a lot important information, that the method to utterly rip and exchange would take an excessive amount of money and time,” she says. “For that reason, we’re seeing an increase in demand for hybrid cloud infrastructure, which presents customers the very best of each worlds.”
AI May Sub for Disappearing Mainframe Specialists
Modernizing mainframe infrastructure to safer architectures will probably be tough with out the proper folks. Extremely specialised mainframe operators and engineers are a quickly disappearing demographic within the trendy office, with 90% of enterprise leaders discovering it reasonably or extraordinarily tough to seek out the proper folks to take care of mainframes, in response to a Deloitte report.
“Particularly given the dearth of expert staff out there, discovering folks to take care of these techniques — or worse, reply within the case of an outage — might develop into very costly,” the report said.
As a result of the mainframe expertise stack will not be usually taught in colleges, specialists should be taught the structure and its vagaries on the job, and safety groups should learn to defend them on their very own. This downside is one which AI could possibly assist firms remedy by mapping mainframe code to extra trendy languages, FS-ISAC’s Betz says.
“With the continued cybersecurity expertise scarcity, establishments might not have the manpower and experience to transition to a special infrastructure,” she says. “Nevertheless, AI really poses a chance for translating between mainframe languages and newer ones to assist youthful engineers in sustaining mainframes.”
