Businesses complacent about mainframe security
Although 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security finds a new report.
The study from mainframe vulnerability specialist Key Resources Inc, based on research by Forrester Consulting also finds 67 percent of respondents admit that only sometimes or rarely are they factoring security into mainframe decisions.
Respondents' top mainframe priorities are cited as data breach prevention, compliance, risk management, IT cost reduction/optimization and application availability. But despite this desire for data breach prevention, scanning for OS vulnerabilities is consistently ranked as a low priority. There seems to be a fundamental misunderstanding among IT managers and security professionals about what it takes to secure the mainframe. Scanning for OS vulnerabilities is one of the most effective ways to prevent a breach.
While 65 percent say they find it easy to find the right mainframe security tools, they overwhelmingly struggle to find the right personnel. The majority of respondents are either bringing in third-party mainframe security technology (96 percent) or outside resources to review security and compliance (95 percent). Nearly three-quarters say they expect to experience a reduced risk of data breaches as a result of using mainframe security.
The biggest mainframe security challenge is protecting systems from zero-day attacks according to 86 percent of IT management and security decision makers. Additionally, 66 percent struggle to quickly identify vulnerabilities, while 63 percent struggle to ensure the integrity of vendor software.
"Despite widespread awareness concerning the stakes, enterprises simply aren't devoting enough attention and resources to mainframe security," says Ray Overby, president and co-founder of Key Resources Inc. "All it takes is one mainframe data breach to bring an organization to its knees. But, many organizations lack the tools, personnel, and in some cases, knowledge, they need to protect their mainframes and all the mission-critical data they hold."
The full report is available to download from the Key Resources site.