This article summarizes a recent webcast discussion between Enterprise Security Weekly Host Adrian Sanabria and Rocket Software's Barbara Ballard, Principal Product Manager – Host Connectivity, and Kris Lall, Principal Product Manager. They discuss bridging the identity and access management gap between enterprise security systems and mainframe infrastructure, emphasizing the need for modern multi-factor authentication and integrated security approaches.The mainframe security challenge
Mainframe systems remain critical infrastructure for many organizations, particularly in financial services. Despite handling 90% of credit card transactions, these systems often operate in isolation from modern enterprise security practices, creating significant vulnerabilities.
Ballard highlighted a fundamental problem: Mainframe identity and access management (IAM) typically exists in a separate ecosystem from enterprise security systems.
This siloed approach creates significant blind spots, making it difficult to implement consistent security protocols across an organization's entire technological infrastructure.
Regulatory pressures driving change
Recent regulatory mandates are forcing organizations to reconsider their approach to mainframe security. Regulations like the New York State financial services requirements and PCI DSS now mandate multi-factor authentication (MFA) across all systems, including mainframes.
This shift means organizations can no longer treat mainframe security as an isolated concern.
The zero trust approach
The conversation emphasized adopting a zero trust philosophy for mainframe access. Instead of granting broad access, organizations should implement granular, role-based access controls that limit user permissions to only essential functions.
This approach requires integrating enterprise IAM solutions with mainframe authentication mechanisms.
Technical integration strategies
Lall explained that a standards-based approach allows seamless integration between enterprise security platforms and mainframe systems. By supporting protocols like SAML, OIDC, and OAuth, organizations can implement consistent authentication across different technological environments.
The experts shared a case study involving a U.S. federal government agency transitioning to a unified identity management platform (ICAM). By leveraging standards-based integration, they successfully modernized their authentication processes without massive infrastructure disruption.
Key challenges and considerations
Sanabria highlighted several critical considerations:
Preventing alternative non-MFA access methodsEnsuring user productivity alongside enhanced securitySupporting backup authentication mechanismsImplementing comprehensive monitoring and behavioral analysis The future of mainframe security
As cyber threats evolve, mainframe security can no longer rely on "security by obscurity." Organizations must proactively integrate modern security practices, leveraging enterprise IAM solutions, multi-factor authentication, and comprehensive monitoring tools.
Modernizing mainframe security requires a holistic approach that breaks down technological silos, embraces standards-based integration, and implements robust, adaptive authentication mechanisms.
By treating mainframe systems as an integral part of the enterprise security landscape, organizations can significantly reduce their risk profile while maintaining operational efficiency.
