IT organizations are under increasing pressure to ensure compliance with regulatory mandates and the imperatives of good corporate governance. This is no easy task. The compliance alphabet soup can significantly tax a company’s resources, perpetually forcing them to balance the need to mitigate risk against the need to allocate resources elsewhere.
While the specific mandates an organization must address differ considerably, compliance can be viewed as a single, enterprisewide challenge. Compliance, in essence, is the ability to verify the implementation of policies. An organization is considered compliant when it can answer certain basic questions about policy implementation, such as:
• Do we have the necessary controls in place to do what our policy says we should do?
• Would we know if policy were violated?
• Can we provide an auditor with accurate, credible documentation?
All these questions pertain to mainframe computing environments. The streamlining of mainframe management can help simplify compliance. In fact, in light of the central role the mainframe plays in areas such as the use of customer data and the execution of financial transactions, the case can be made that sustained focus on improvements to mainframe management are an important component of any enterprise compliance strategy.
Even more specifically, the convergence of mainframe security and storage can go a long way to help organizations do a better job of compliance—while reducing the operational overhead required to achieve it.
That’s because mainframe security and storage have a highly symbiotic relationship, playing both similar and complementary roles in the implementation of corporate policy: In other words, organizations can leverage the commonality of mainframe security and storage to ensure policies are consistently and efficiently implemented across both disciplines.
Based on this high-level view, IT organizations should consider the following best practices for enabling compliance on the mainframe:
• Ensure that mainframe security policies are consistent across all operating systems, storage subsystems, and databases.