The Mainframe vs. Distributed Platforms: 10 Key Security Questions to Help Determine the Most Secure Platform
When you’re allocating resources between the mainframe and distributed platforms, and when deciding which platform to use for new applications, security will be one of several key factors in your evaluation. This article lists 10 key questions to ask about security on any platform, and describes how the mainframe (usually with the z/OS system software) ranks on each one. Because basic management controls of a well-run data center are interrelated, some of the questions will transcend security, addressing areas such as cost reduction, capacity planning, and problem management.
This article will provide a good framework against which to do your evaluation. On most measures, the mainframe offers more security than any other commonly available platform.
Most of these security advantages result from issues of:
• Size, since a larger operation can afford more functions and features, due to economies of scale
• Architecture, since a solid foundation makes it easier to build a secure structure
• Standards, since shortly after Lou Gerstner took over as CEO of IBM, IBM started abiding by all the common standards for security and interconnectivity.
When evaluating the mainframe against other platforms, consider these 10 questions relating to security:
1. How well does it protect sensitive data?
Mainframe computers provide for complete protection of all data from unauthorized reading and writing. If you want a measurable standard of how good the security of a given computer is, you probably want to know how it scores on the Common Criteria, a set of standards supported by the International Standards Organization (ISO). They specify seven levels of security from Evaluation Assurance Level (EAL)-1 up to EAL-7. A computer system is granted an EAL certification only after rigorous independent testing. Levels EAL-1 to EAL-4 apply to commercial installations. Levels EAL-5 and higher are much more formal and are granted only after certification by the National Security Agency (NSA).
Mainframe computers with z/OS system software have been certified at EAL-4+. Mainframes with VM system software have been certified at EAL-3+. With Linux system software, mainframes have been certified at EAL-4+.
Mainframe computers are usually kept behind locked doors in a secure data center. This physical security provides a “secure zone,” and within that zone, the mainframe security software permits only authorized users to access data. Outside the security of the data center, access to data is restricted by means of encryption. Whether the data is sent over a network or shipped on a tape cartridge, encryption can prevent unauthorized data access. You’ve probably read f companies whose computer tapes containing sensitive data were stolen off delivery trucks. In cases where the data on the tapes had been encrypted, the loss was minimal.
Mainframe computer security provides several additional access control functions not commonly found on other types of computers. These include verification of tape access by means of tape labels, access control over printouts before they’re printed, and automated obliteration of data when disk data sets are erased.