DESPITE ITS REPUTATION AS THE IMPENETRABLE FORTRESS OF THE IT WORLD , THE MAINFRAME IS JUST AS MUCH A TARGET FOR INSIDE AND OUTSIDE THREATS AS ANY OTHER SYSTEM .
Ray Overby , CTO and co-founder of Key Resources
How automation makes mainframe security and compliance easier for CIOs and CISOs
Ray Overby , CTO and Cofounder of Key Resources , tells Intelligent CIO that CIOs and CISOs who surround themselves with the right support can make up for their own gaps in mainframe knowledge while building a more automated and effective mainframe security estate .
Several years ago , the CIO at a major insurance company based in North America and Europe came to me with dire news : his company had suffered a data breach .
An independent audit revealed that a rogue employee exploited another user ’ s account to steal data . The user account that was exploited had been given more access than was necessary to do his job ( excessive access ). This vulnerability was only present because the company ’ s mainframe authorization settings had deviated from its corporate IT security policy . To remedy the vulnerability , the auditor advised that the company routinely check all its mainframe configuration settings against the stated policy from that point on . They were given a very short deadline to update their systems to meet compliance .
The problem ? The policy was written on paper . It ’ s not very practical or reliable for a global enterprise to manually check every IT system for policy drift .
He asked for my team ’ s help , so we digitized the documented policy and automated the security compliance check process . Now , the CIO and his team receive regular reports notifying them when settings have drifted from policy . As a result , the team can identify , classify , and fix misconfigurations , reducing the risk of more data breaches .