Enterprise Executive 2017: Issue 2 : Page 16

cross all operating systems at all companies, the rise of insider threats is a growing concern. Regarding what level of risk different systems face, it’s true that the mainframe is inherently more secure than any other platform. However, if an unauthorized individual can obtain credentials to gain access to a mainframe—where a company’s most business-critical applications and data reside—the scenario changes. Many assume that because the mainframe was designed with security in mind, the information residing on it reflects the same level of protection. However, authorized users can access applications and data that a typical hacker would have trouble accessing. This opens the door for unauthorized users who are, by whatever means, able to obtain credentials and access sensitive information under the radar. This individual could be a malicious employee or someone posing as one, but the reality is you likely don’t have the adequate tools or visibility to know who’s doing what when they’re in your mainframe environment, when they’re doing it, how or why, let alone know while it’s happening or at least immediately after. Who can you trust? In the Cisco 2016 Annual Security Report , 47 percent of respondents indicated internal security breaches are a significant threat to their organizations, shadowed only by malicious software downloads (54 percent). The report also indicated lack of employee awareness (39 percent) and inadequately trained IT security staff (26 percent) as threats to enterprise security. Does this demonstrate a decline in effective security measures at companies? In a December 2016 report from McAfee Labs, as reported in CIO Insight , 67 percent of survey respondents reported an increase in security breaches. To translate the cost of these threats to organizations, consider the Association of Certified Fraud Examiners 2016 Report to the 16 | E nt e rp r i s e E xe c u t i ve | 2017: Issue 2 A Nations on Occupational Fraud and Abuse that included a study of 2,410 cases of occupational fraud occurring in 114 countries and causing a total loss of more than $6.3 billion. More than 23 percent of those cases amounted to a loss of at least $1 million. However, when fraud was uncovered through active detection methods, such as monitoring, the median loss and median duration of schemes were lower. One can conclude that these figures indicate the importance of companies having in place a solution that allows them to see what’s going on in their various system environments. How Capable Are Your Security Tools? The State of Enterprise Security Companies are using security tools to monitor their applications and data, but it’s questionable if those tools provide enough visibility into the activity occurring in their mainframe environments. Most commonly, companies rely on gathering various available records, such as SMF, where activities like logging on and off are tracked, along with attempts to access systems, applications and data for which an ID is unauthorized. These SMF records are then processed to produce audit reports. However, these types of audit reports offer limited visibility and exclude critical information about users. Audit reports can’t answer questions about who a user is, what they were doing, when they were doing something or how they found access to sensitive data in the first place. Without a good view of mainframe activity from the user’s perspective, what happens when an unauthorized user gets their hands on an authorized user’s credentials and gains unapproved access to sensitive mainframe applications or data? Adopting an Advanced Security Tool Under the growing risk of insider data breaches, simply collecting and analyzing mainframe log data isn’t enough. By merely

Previous Page  Next Page


Publication List
Using a screen reader? Click Here