Modernizing vs. Replatforming: Why Choosing the Right Approach Can Impact System Security

There’s no disputing the importance of security on mainframe systems. They handle high volumes of data for healthcare, finance, retail, and other industries where sensitive, personal information must be protected. In fact, the IBM z15 mainframe can process approximately 220,000 encrypted transactions per second (19 billion per day).

There is some dispute, however, about the best way to maintain the security of these systems. There’s been a trend of rip-and-replace, with companies eagerly swapping out their legacy systems for distributed x86 systems and cloud-based solutions. But, according to a white paper from IDC, sponsored by Rocket Software and entitled “The Quantified Business Benefits of Modernizing IBM Z and IBM i to Spur Innovation,” such drastic measures are not only unnecessary — they’re actually less effective.

Why Are so Many Companies Rethinking Their Mainframes?

Whether it’s modernizing their existing platforms or replacing them completely, many companies are actively rethinking their mainframes because of the pressure to perform digital transformation. This has only increased as companies are forced to find socially distant solutions quickly due to the pandemic, digitizing processes that used to be handled in person or on paper.

When it comes to capabilities, most businesses in the IDC study found that their new platforms didn’t necessarily provide upgrades as much as alternatives. In other words, the new platforms solved different problems. So while you may be thrilled to find that a new platform makes a particular task easy, you’re likely to find that it also makes a previously routine task more complex.

As for the expense of upgrading compared to replacing, the data shows that the hardware costs are similar, but that modernizers end up paying less for software, staffing, consulting, and general disruption. For IBM i or IBM Z-based businesses, when comparing how much is spent on hardware, modernization project costs are an average of 1.7% and 3.5% less, respectively, than what replatformers spent. Replatformers that migrate operations to the cloud will also accumulate new operational expenses over time.

Finally, when it comes to upgrading or replacing mainframes, money isn’t everything. The IDC white paper reports that companies that upgraded their platforms, rather than replacing them entirely, were consistently happier with their decisions. It turns out that all that training, platform integration, and other problem-solving that goes along with such a major paradigm shift isn’t just expensive — it’s frustrating.

What This Means for Security

The same concerns that apply generally to updating or replacing mainframes also carry over to mainframe security. Switching to a new platform will make some aspects of security easier and others more complicated. Similarly, modernizing on the same platform is most effective for maintaining security if you update your system regularly.

What remains at the foundation of mainframes when it comes to security though is their reliability. This is the reason why companies in major industries, like nine out of 10 of the US’s top insurance providers, rely on IBM Z to process their data. Other platforms simply do not stand up to the impenetrability of mainframes.

Let’s start with resistance to malware. One of the most common ways for harmful programs to infiltrate a system is to trick the user into executing a file, usually by being attached to or disguised as a seemingly legitimate document or program. This is nearly impossible on a shared z/OS system, primarily due to the specialized operating language used by these systems. It’s not like it’s running a standard OS and a user will think they’re installing a new internet browser or media player.

This specialized OS is then reinforced by the mainframe’s Resource Action Control Facility (RACF). Unlike Windows machines and servers where user permissions start at a default level and have to be limited by the IT team, mainframe users start with next to nothing. Every permission has to be granted, meaning that the average user will not have the ability to install software (legitimate or not).

This also applies to any external services requesting mainframe access, which has become an increasingly common event in today’s online and interconnected world. Think of how many external services your enterprise relies on, and imagine every one of them as a potential target for hackers. If a third-party service is compromised, your data can be compromised as well. But with the mainframe, the default permissions (or lack thereof) help protect your data even if a vendor service is attacked.

Even if there is a security issue, you’ll know about it. Mainframes log every single action made by every user, and there’s no way to hide or delete it. This permanent record helps track suspicious activities and makes it impossible for hackers to disguise their actions.

If you're rethinking your mainframe platform, you’ll be hard pressed to find a better alternative than upgrading to its newest incarnation. From money saved, security provided, and overall satisfaction, the data shows that no other option even comes close.

What’s Hot on Infosecurity Magazine?