Organizations today grapple with the expansion of distributed computing, increased online collaboration, explosive data growth and heterogeneous IT environments—all issues that make information security more critical, yet more complex than ever. Moving data to a virtualized, cloud-based environment can help develop and manage a more flexible infrastructure, and reduce operational costs and total cost of ownership.
In addition, a virtualized environment can help accelerate time to market through increased efficiency and automation; scale operations to meet market dynamics and business strategy; and virtually eliminate downtime. The question, therefore, is not whether to move to the cloud—it’s how to do it while protecting critical data. Not surprisingly, the level of data security depends largely on which platform supports the cloud environment.
From automation to advanced virtualization technologies and open industry standards, IBM System z® mainframes help deliver a solid, secure foundation on which to build the virtual environment. They support expandable cloud environments with industry-leading security, as well as availability, performance and cost-effectiveness. These benefits are particularly valuable on today’s smarter planet, where instrumented, interconnected and intelligent businesses collect, process, use and store more information than ever before.
Realizing benefits of mainframe clouds
Besides many of the traditional reasons to choose the mainframe over other hardware platforms—security, reliability and consolidated workloads among them—the following are a few real world examples that demonstrate why organizations deploy virtualized environments on System z platforms:
- One organization already had a mainframe in their data center running customer workloads. They wanted to maintain the mainframe skill base and migrate non-mainframe workloads to Linux on System.
- Another organization wanted to offer cloud-based software as a service to its customers. The company’s calculations revealed that the cost of deploying IBM middleware on the mainframe would be lower than other platforms.
- A third organization wanted to provide customer workload hosting on a mainframe-based cloud. Already a mainframe user, they wanted to protect their workload hosting base by offering a cloud environment on System.
Addressing security concerns in the cloud
More than ever, organizations are faced with the need to protect critical data in distributed, collaborative, multi platform environments. Although the operational and capital benefits of cloud computing are clear, so is the need to develop proper security for cloud implementations. It’s a justifiable concern. According to IBM X-FORCE® Research & Development, attacks are getting more sophisticated and more common. Halfway through 2011, X-Force reported that the number of critical vulnerabilities had already exceeded the total for all of 2010.
The same characteristics that make the mainframe ideal for running critical applications—robust hardware, reliable operating systems, industrial-strength system management capabilities and dependable security—can be used to enable it as an enterprise security hub. These features extend to virtualized environments. Security is built into every level of the System z structure, from its processor, hypervisor and operating system to its communications, storage and applications.
Optimizing—and protecting—virtualized platforms
The mainframe’s support for multi-architecture, virtualized environments enables customers to run a broad range of workloads. This means users can add processors, blades and more, quickly and easily, and automate hypervisor and network setups to reduce the manual time required to get a virtual server environment up and running. Once the virtual platform is optimized, it is easier to consolidate workloads due to the smaller footprint; smaller system; fewer licensing fees; and data-consolidation capabilities.
Choosing IBM security for mainframe cloud computing
To optimize enterprise security, there needs to be a high level of planning and assessment to identify risks across key business areas. This security framework includes people, processes, data and technology throughout one’s entire business continuum. This holistic approach can facilitate a more business-driven security blueprint and strategy that can act as an effective shield of defense for the entire organization.
IBM can help. Our security solutions provide comprehensive, end-to-end, integrated security capabilities on mainframes, enabling enterprises to consolidate their security management and to leverage the mainframe as their enterprise security hub.
IBM Resource Access Control Facility
IBM Resource Access Control Facility (RACF®) is a premier product for securing the most valuable corporate data. Working closely with the operating system, IBM’s industry-leading licensed program can improve data security by protecting vital system resources and controlling what users can do on the operating system. RACF grants access only to authorized users of the protected resources. After identifying and authenticating the user, it controls the interaction between the user, system resources, communications capabilities, programs and applications. It also provides detailed audit and administrative capabilities.
IBM Security zSecure suite
IBM Security zSecure™ suite provides cost-effective security administration, improves service by detecting threats and reduces risk with automated audit and compliance reporting. The following tools, in particular, can enhance mainframe cloud environments:
- Security zSecure Audit—Compliance and audit solution enables users to automatically analyze and report on security events and detect security exposures.
- Security zSecure Admin—Enables more efficient and effective RACF administration, using significantly fewer resources.
- zSecure Manager for RACF z/VM—Provides combined audit and administration for RACF in the virtual machine (VM) environment.
IBM Security Key Lifecycle Manager (for z/OS)
IBM Security Key Lifecycle Manager for z/OS manages encryption keys for storage, simplifying deployment and maintaining availability to data at rest natively in System z mainframe environments. It also simplifies key management and compliance reporting to protect data privacy and comply with security regulations.