Mainframes especially vulnerable to insider threats, study reveals

Register now

While most chief information officers at large companies say their mainframes are more secure than other systems, a majority say their organizations are still exposed to a significant risk of insider threats due to blind-spots in internal data access and controls.

That is the finding of a a new report by research firm Vanson Bourne. For the study, sponsored by mainframe software company Compuware, the firm surveyed 400 CIOs in the U.S., France, Germany, Italy, Spain, and the U.K. in April 2017.

Approximately two thirds (64 percent) of organizations polled use a mainframe as a core repository of their most sensitive data, storing either more or equal amounts of customer personally identifiable information (PII) there as they do on other systems.

Many of the CIOs (84 percent) say they find it difficult to track who has accessed data stored on the mainframe, exposing them to an increased risk of insider threats.

“The mainframe has always been the most securable platform in the enterprise; which is why organizations continue to entrust their most sensitive data to it,” said John Crossno, product manager at Compuware. “However, businesses still face the risk that privileged employees, or those who have acquired access illegally, will misuse mainframe data. Organizations must take steps to gain more visibility over who is accessing data and how they are using it.”

The research showed that the most common measures being used to overcome insider security risks include saving security log files for future reference (74 percent), regularly scanning security logs for inconsistencies (68 percent), using a security incident and event management (SIEM) system to perform security analytics using mainframe data (67 percent); and using a SIEM system to combine mainframe data with security data from other systems (58 percent).

For reprint and licensing requests for this article, click here.