How to strengthen the security of the mainframe, the heart of a bank, government, or airline

Banks, public administrations, insurance companies, airlines, and multinational retailers must protect the security of the mainframe they use to prevent unauthorized access

Remember Ethan Hunt descending into a vault to steal the list of CIA secret agents? This iconic scene from Mission Impossible has become ingrained in the collective imagination as the perfect representation of how even the most protected places in the world are vulnerable.

When the film was shot, at the dawn of the digital age, it was difficult to predict the major threats that companies and governments face today, as well as the challenges they must address. One of these challenges is strengthening mainframe security.

What is a mainframe? A transactional server used by banks, public administrations, insurance companies, and some retail companies to process large volumes of data and manage millions of transactions in real time.

We are therefore talking about a critical element in the infrastructure of many organizations. That is why it is essential to strengthen mainframe security from the architecture’s design and throughout its life cycle.

Otherwise, companies and public administrations are exposed to hostile actors who could carry out actions such as financial transactions or access sensitive citizen information, such as taxpayer data, which would end up on the mainframe of banks or public administrations, with the risk that adequate security controls do not exist.

Such is the importance of mainframes that, according to IBM, one of the world’s leading manufacturers, they are used by most financial institutions and two-thirds of the companies included in the Fortune 100 ranking.

Below, we will break down the key aspects to consider to strengthen a company’s mainframe security and prevent access by malicious actors.

The heart that pumps inside large companies

How many financial transactions are carried out in the world every second? The figure is incalculable, but it certainly includes many zeros.

How can banks process millions of transactions in real time? Thanks to systems such as z/OS, AS/400 (IBM), NonStop (HP), and GS21 (Fujitsu), companies can manage large volumes of data and transactions without losing any data. In fact, mainframes are designed not to lose transactions thanks to queuing systems.

Thus, a company’s mainframe is used to process all its data and transactions, making it a central part of the technological infrastructure that connects all the channels that comprise it.

For example, in the case of a bank, the mainframe ultimately processes all the operations carried out from its multiple channels: web, mobile, ATMs, etc. How? The different APIs associated with channels (web/mobile app API, telephone banking API, ATM API, etc.) are generally connected to middleware, which translates requests arriving at the channel into requests the mainframe can process.

In which sectors is this technology used, and is it essential to ensure mainframe security to protect transactions and data?

Virtually all banks have mainframes (although not all). Their use is also common among insurance companies, airlines, public administrations, and large multinational retail companies, which must process thousands of transactions in real time.

Why is it not enough to secure the APIs associated with channels or middleware?

Many companies allocate a significant portion of their resources and efforts to strengthening the security of web applications, mobile applications, APIs, and middleware.

Why? These are usually the most exposed layers of an entity, and companies seek to ensure an optimal level of protection against malicious actions.

However, it is also critical to invest in strengthening mainframe security, given its importance in managing a company’s operations. In fact, it is vital for companies to design their technology architecture with layered security mechanisms, yet there is often a tendency to think that a malicious operation will never reach the mainframe. But this is not always the case.

As we pointed out earlier, a malicious operation that reaches the mainframe can have devastating consequences for an organization if the proper mechanisms for authorizing operations on the mainframe itself are not applied, and if the organization relies exclusively on previous layers of the architecture to prevent such malicious operations. This could facilitate the theft of large volumes of confidential data and large sums of money. We are dealing with a critical asset for companies that must be safeguarded through robust security measures.

Increasing the security of apps or APIs must go hand in hand with a strategy for applying security controls to the mainframe itself.

The pillars of mainframe security

What can companies do to strengthen mainframe security? Tarlogic professionals recommend:

• Designing the architecture of the organization’s technological infrastructure, prioritizing the establishment of security controls on the mainframe.
• Establishing a minimum level of exposure for the mainframe. For example, expose it only to the middleware that translates requests from the different APIs.
• Apply the principle of least privilege for users with access to the mainframe.
• Have a Privilege Access Management (PAM) system to manage access to the mainframe and control and monitor access by privileged users.
• Carry out mainframe change management: upgrades, security patches, etc.
• Implement strict security policies and mechanisms to log all activity on the mainframe, and use single-use passwords to access it, or set a tight operating window before sessions expire…
• Use a pre-production environment to test changes to the mainframe and avoid unexpected behavior.

Cybersecurity services to increase the security of a company’s or government’s mainframe

Along with the recommendations we have outlined, we must take into account the role that cybersecurity services play in strengthening mainframe security:

1. Threat Hunting. Threat monitoring is essential for protecting mainframe security. Threat Hunting teams work with compromise hypotheses to detect unknown malicious actors and hostile activity before a security event occurs. In this way, they can strengthen mainframe security against advanced persistent threats and highly sophisticated attacks.
2. Red Team. Both in the EU and worldwide, regulations (such as the DORA regulation) and frameworks (such as TIBER-EU) have been approved to strengthen the resilience of banking channels. Similarly, standards such as the NIS2 directive focus on the security of companies operating in critical sectors such as aeronautics and insurance. When it comes to complying with this regulatory framework and ensuring mainframe security, it is essential to have a Red Team service capable of identifying ways to bypass the security controls protecting the mainframe, thereby optimizing the mechanisms implemented.
3. Penetration testing. Advanced intrusion tests are key to validating that the system has no vulnerabilities that could be exploited by malicious actors to access the mainframe and commit crimes.

Conclusions

In today’s fully digitalized world, banks, public administrations, and multinational retailers would not be able to manage all their data and transactions without a technological infrastructure capable of doing so.

That is why the role of the mainframe in these organizations is critical, both for security and for business logic.

Focusing on mainframe security and investing in advanced cybersecurity mechanisms and services is, therefore, a key strategic decision for large companies.

In short, mainframe security is not a trivial matter but a vitally important aspect of the cybersecurity strategy of banks, airlines, insurance companies, and large retailers.

If a malicious actor manages to get malicious operations onto the mainframe, it can cause millions in losses and damage that is difficult to quantify.