In addition, IBM Multi-factor Authentication for z/OS (MFA) is now available on z/OS. The solution adds another layer of security by requiring privileged users to enter a second form of identification, such as a PIN or randomly generated token, to gain access to the system. This is the first time MFA has been tightly integrated into the operating system, rather than through an add-on software solution. This level of integration is expected to deliver more streamlined configuration and better stability and performance, the company said.
IBM maintains that hybrid cloud infrastructure offers advantages in flexibility but can also present new vulnerabilities. With more than half of all attackers coming from the inside, organizations must automate monitoring, removing human error or meddling. To address this, IBM is integrating the mainframe with IBM Security solutions that address privileged identity management, sensitive data protection and integrated security intelligence. When paired with z Systems, these solutions can allow clients to establish end-to-end security in their hybrid cloud environment.
IBM Security Identity Governance and Intelligence can help prevent inadvertent or malicious internal data loss by governing and auditing access based on known policies while granting access to those who have been cleared as need-to-know users. IBM Security Guardium uses analytics to help ensure data integrity by providing intelligent data monitoring, which tracks which users are accessing what specific data, helping quickly identify threat sources in the event of a breach. IBM Security zSecure and QRadar use real-time alerts to focus on the identified critical security threats that matter most to the business.
Total system security requires deep knowledge of specific industries and threats. That is why IBM is working with other leaders in the field to augment its own solutions. IBM's strategic partnership program for security, "Ready for IBM Security Intelligence," now includes more software applications from key ISVs integrating their solutions for z Systems. As the program extends to z Systems, it will provide an additional layer of protection and access governance to critical applications, resources and data that reside on the mainframe, IBM said.
For instance, Forcepoint's Trusted Thin Client secures sensitive and mission-critical data at the endpoint—where it is most at risk. With a read-only endpoint device, there is no residual data on the device—if it is compromised, nothing can be stolen or leaked.
"The vast majority of security concerns today revolve around the endpoint device," said Ed Hammersla, chief strategy officer at Forcepoint and president of Forcepoint Federal, in a statement. "No matter how secure the infrastructure is, if endpoints are not secure, vulnerabilities exist. By integrating Forcepoint Trusted Thin Client with an IBM z Systems mainframe, customers will benefit from a highly secure environment that will help prevent leakage of sensitive data at the endpoint."
For its part, RSM Partners offers deep expertise in application readiness, penetration testing and security reviews. It also has software products that help ease security administration and provide dashboards that give a view into an organization's overall mainframe security posture.
"Cyber-threats are constantly changing and evolving as attackers look for new ways to compromise systems," said Mark Wilson, director of RSM Partners. "By working with IBM, RSM Partners is able to use its expertise in mainframe security to help organizations take full advantage of new technology to build comprehensive solutions that stay ahead of new threats."
Banco do Nordeste, a large Latin American regional development bank, has purchased two new z Systems to support its growing mobile and banking automation transformations. Security, and specifically fraud prevention, is a primary concern for the bank. With z Systems as a core part of its technology infrastructure, it can use analytics capabilities to detect anomalies and prevent fraud.
"As our business continues to grow, we need a computing platform that can grow with us—while at the same time offering the security and reliability banks require," said Claudio Freire, superintendent of Information Technology at Banco do Nordeste, in a statement. "The combination of performance and security on the mainframe with the openness of Linux provides us with an optimal platform to analyze user engagement and manage massive amounts of sensitive client data while keeping it secure."
The new z13s systems are expected to be available in March. IBM Global Financing leases and payment plans are available from IBM and IBM Business Partners and provide flexible terms and conditions that can be tailored to meet each customer's needs to upgrade from older models to z13s, convert an owned z system to leasing while upgrading or acquiring a net new z13s. Promotional offers include 90 days deferred payment for new customers.