IBM Bolsters Security of Mainframe OS

IBM releases a version of its z/OS mainframe operating system with enhanced security features.

IBM has introduced a release of its z/OS mainframe operating system with new features that increase the systems security for online commerce and business transactions.

IBM officials said the new operating system release is in line with what the company has been calling the renaissance of the mainframe. And as mainframes run a vast portion of the worlds financial services, retail and other large businesses, security was a major concern for this latest release, IBM officials said, in Armonk, N.Y.

IBM on Aug. 17 announced the new version of z/OS to deliver improved network security and policy management, enhanced PKI (public-key infrastructure) services and adoption of the PKCS (Public-Key Cryptography Standards) #11 standard. IBM also announced new mainframe software that automates security administration and audit processes.

Improved network security policy management makes it easier for IBM mainframe customers to set network security policy across multiple instances of z/OS mainframe operating systems, IBM officials said. In fact, administrators only need to define one centralized policy to enforce network encryption rules and intrusion detection for all z/OS systems within an enterprise.


Click here to read about IBMs effort to consolidate 3,900 servers into 33 mainframes.

According to IBM, the enhanced PKI services help improve the creation, authentication, renewal and management of digital certificates for user and device authentication, while the adoption of PKCS #11 enhances z/OS security because that standard specifies an API for devices that hold cryptographic information and perform cryptographic functions.

"Our security leadership is one of the many reasons why the worlds top banks rely on the IBM mainframe for their financial transactions," said Jim Porell, IBM Distinguished Engineer and chief architect of the System z.

IBM also announced the IBM Tivoli zSecure Manager for RACF z/VM, which provides additional functionality for the mainframes security system while helping reduce processing time. The IBM Tivoli zSecure Manager for RACF z/VM provides automation of security administration and audit processes in the virtual mainframe environment, IBM officials said.

IBM also announced enhancements to its mainframe system to deliver features that include more robust scalability and availability for clustered environments, improved economics via expanded use of specialty engines, and simplified management for network diagnosis, the company said.

For instance, the IBM mainframe system can support up to 54 engines in a single z/OS image. With 32 systems together in a Parallel Sysplex cluster, customers could have up to 1,728 mainframe engines behaving as one single system, the company said.

IBM is keenly aware of the resurgence, or the continuance, of use of the mainframe. Indeed, when IBM Chief Financial Officer Mark Loughridge announced the companys second-quarter 2007 financial results recently, he noted the fifth consecutive quarter of revenue growth for the mainframe. Since the early 1990s, IBM has only managed to achieve five consecutive quarters of mainframe growth once—and that was because of pent-up demand immediately following the launch of a new system.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.