CA Eases Compliance Management on Mainframes

CA takes another step in its Mainframe 2.0 initiative with the release of Compliance Manager for z/OS, which is designed to automate compliance management tasks that are currently being done manually, and making it easier for mainframe administrators to monitor and track changes that might impact regulatory compliance or security. CA's Mainframe 2.0 push is fueled by the increased interest by enterprises in mainframes. It comes at a time when others in the mainframe space, including IBM and Unisys, are making enhancements to their mainframe offerings.

CA is adding to is wide-ranging Mainframe 2.0 initiative with new software designed to ease compliance management.

CA Compliance Manager for z/OS, announced May 20, is designed to enable mainframe administrators to automate policy-based management of compliance and security events anywhere within the platform, a task that is increasingly important as the number of workloads getting put on the mainframe continues to grow and the number of mainframe engineers shrink.

The new offering comes two weeks after CA unveiled the first deliverables in its Mainframe 2.0 initiative, from upgrades to 143 management applications to strategies for bringing more-and younger-IT professionals to the platform.

In the current environment, changes that are made are kept track of manually, if at all, David Hodgson, senior vice president of CA's Mainframe Business Unit, said in an interview. Many times the changes go unnoticed-unless they have a significant impact on operations-and auditors tend to have more experience with distributed computing environments than with mainframes.

"That's the story today," Hodgson said. "[Tracking a change is] very labor-intensive [and] very difficult to research, and that's even if you ever know about it."

Auditors, many times, do know now what questions to ask to get the information from the mainframe, he said.

CA's new offering is designed to automate that process based on policies. It offers real-time monitoring and alerting, as well as historical reports. Such capabilities are important given not only the increasing mainframe workloads and shrinking mainframe work force, but also the rise of regulations such as Sarbanes Oxley and HIPAA (Health Insurance Portability and Accountability Act).

CA Compliance Manager can detect and record changes that impact security policy, and then are compared with company-defined security policies to ensure compliance. Though many such changes can go undetected today, CA's offering enables mainframe administrators to keep track of the smallest changes, according to CA officials.

The audit trail created by CA Compliance Manager is kept on the mainframe, giving auditors a simple way of keeping track of changes that are made.

"What all this leads up to is more streamlined compliance ... reduced risk factors, and enhanced operational activities and efficiencies," said Kirk Willis, vice president of CA's Mainframe Business Unit.

CA officials say their aggressive Mainframe 2.0 strategy is fueled by the current resurgence in mainframe adoption. They estimated that the number of MIPS-the measure used to gauge mainframe growth-has quadrupled to 14 million over the past eight years, when many thought the platform was dying out, and that trend will continue.

Mainframe leader IBM continues to put a lot of effort into making the mainframe a destination for a wide range of workloads and for younger IT programmers, and Unisys continues to enhance its mainframe business.

CA is focusing much of its efforts into making mainframe management easier and less complex, which will make it more attractive to businesses and IT professionals.

"We believe the mainframe is really becoming a much more desirable platform," Hodgson said.

Along with Compliance Manager, CA also is updating its ACF2 and CA Top Secret mainframe management offerings, which both work with Compliance Manager.