Security Information & Event Management Blog | SIEM

The Big Iron ‘Ghost Town’: Are You Prepared for the Fast-Approaching Mainframe Security Labor Cliff?

IBM mainframe talentMainframes aren’t going anywhere soon, but competent mainframe professionals are disappearing at a rapid rate. The core systems of the world’s largest banks, insurers, and retailers are on mainframes. IBM estimates that 80 percent of the world’s enterprise data resides on mainframes, and 90 percent of the largest health insurance companies are on mainframes[1].

Why is it that mainframes are so entrenched? The primary reason is that mainframes are so efficient with data processing and transaction throughput. With the world going mobile and the explosion of mobile transactions coming, the mainframe is better suited for running these enormous amounts of data completing those transactions. The mainframe can manage this barrage of data more efficiently than Windows/UNIX systems because of its high amount of multi-processing power and massive data throughput capability.

Mobile tech firms have embraced the mainframe as complementary technology that can boost the performance of their own products. This is highlighted by the recent partnership between Apple and IBM to create a suite of apps and solutions powered by enterprise data and advanced analytics to help companies grow their markets, create new revenue streams, and drive competitive advantage.

Click to download "Real-Time Mainframe SIEM 101" whitepaper with  5 steps to connect z/OS to your SIEM strategy

It’s no surprise then that mainframe demand and workload is projected to increase for the foreseeable future.

According to the 2017 BMC Mainframe Research Survey, which surveyed 1,000 executives and technical professionals from organizations across industries and geographies, 52 percent see increased transaction volumes, 58 percent expect MIPS growth, and 63 percent are increasing Java usage. Despite the prevalence of the mainframe and its continued foothold in enterprise computing, 80,000 mainframe positions will open by 2020[2] and 85 percent of IT professionals say the need for mainframe skills are increasing as veteran mainframers retire[3], all during a time when mainframe demand and workload is projected to increase.

The reality is there are fewer people with the skills necessary to fill these crucial roles that have helped get the mainframe this far.

‘There’s Gold in Them Thar Mainframes’: What Hackers Realize That Your CEO Doesn’t.

Other than the knowledgeable experienced IT professional, most people (including the CxOs in control of their budget) don’t realize the true importance of securing the mainframe or understand how it supports distributed platforms operationally within their organization.

Mainframes were once thought of as unhackable, but several remote breaches of critical data have shown that the days of your mainframe security policy being solely behind lock and key are over. From entry-level retail employees processing transactions on tablet computers to high-ranking government officials conducting activities on mobile devices (such as White House chief of staff John Kelly) more and more high-value enterprise and government data is flowing into mainframes than ever before. With all this critical data ripe for the plucking in company and government mainframes, the rewards have never been higher for ambitious hackers.

This means that as an InfoSec professional, you’re tasked with protecting something that many people in your company (most notably the CxOs) don’t realize the importance of, all while mainframe demand and workload continues to increase in time with the sophistication of hacking methods – no easy task.

Moving Forward: The Mainframe Skills Gap Is Here Whether You like It or Not.

IBM’s Academic Initiative program provides educators and students at universities worldwide with robust resources and hands-on training for developing enterprise computing and mainframe skills in an attempt to fill their pipeline of talent. In spite of the resources being poured into this area by an industry leader, the skills gap remains. From a strategic perspective, major long-term recruiting and training initiatives for the ever-dwindling pool of capable mainframe professionals might seem like a logical step to combat the skills gap.

Even if your company was doing this, bringing talented employees on to your team five years from now doesn’t help you today. The skills gap is happening now, and is out of your control. What you can control is streamlining how your company manages its mainframe security. You need an effective mainframe SIEM (Security Information & Event Management) tool that’s not too difficult to install or use by a security admin that might not have any mainframe OS experience.

Bridging the Skills Gap Through Streamlined Mainframe SIEM.

The key is to leverage your existing SIEM tools to include mainframe events in your IT SOC in real time. By incorporating mainframe events in real time alongside distributed events, a one-world view of your enterprise for security and compliance can be realized and will equip IT security admins with up-to-the-second security notifications for faster remediation in the event of a breach of either platform.

SIEM systems have long been the industry standard for enterprise network security, but the mainframe has mostly been left behind, which poses a risk to companies that have fallen into and remain in this trap. Understanding the fundamentals of mainframe security and implementing best practices is a pressing concern for organizations that wish to keep their mainframe data secure as we move further into the mobile era.

We’ve created a Mainframe SIEM 101 whitepaper designed to be your launch pad for instituting a mainframe SIEM initiative, with four steps for ensuring any malicious mainframe activity alerts the appropriate security systems and personnel in real-time.

If you want to learn more about getting real-time data in a Windows/UNIX-based SIEM, this whitepaper is right for you.

Click to download "Real-Time Mainframe SIEM 101" whitepaper with  5 steps to connect z/OS to your SIEM strategy

Since 2008, CorreLog has been bridging the security and compliance gap between distributed (WIN/UNIX) and mainframe computing environments. Our industry-leading solutions deliver real-time z/OS security inclusion in WIN- and UNIX-based SIEM systems for complete, cross-platform IT security and compliance strategies.

For more information on CorreLog’s industry-leading security solutions, contact us here.


[1] [2] IBM Systems Magazine, "Rethinking the Mainframe Talent Drain."

[3] SHARE and IBM Systems Magazine, “Mind The Gap: Analyzing The Mainframe Skills Survey.”

0 replies