Mainframe systems are known for powering through vast amounts of data. In fact, the IBM z15 can handle 19 billion encrypted transactions in a single day, at a rate of approximately 220,000 per second. That sort of operational horsepower isn’t easy to find, but it’s not the only advantage offered by legacy systems: they also offer unparalleled security.

This is why mainframes are consistently selected for information-intensive industries like healthcare, retail, and finance. But the trend towards digital transformation has many enterprises reevaluating their mainframe systems, and the increased load on IT infrastructures in response to the COVID-19 pandemic has only accelerated these demands.

What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data?  A recent white paper from IDC and sponsored by Rocket Software, “The Quantified Business Benefits of Modernizing IBM Z and IBM i to Spur Innovation,” surveyed over 440 businesses to find the answers.

The cost of upgrading

Upgrading your mainframe means either moving to a newer version of the existing hardware, or changing to a new platform entirely. According to the IDC study, a slight majority of businesses opted to upgrade rather than replatform (239 companies v. 207). But did they make the right choice?

You might think that hardware costs will make modernizing your existing platform more expensive than replatforming. After all, switching to a distributed x86 system has to cost less than purchasing the latest IBM Z or IBM i, right? Well, not exactly.

The hardware costs are actually quite similar, at least within the $400,000 to $2 million range, but swapping platforms costs more in terms of software, staffing, consulting, and general disruption. One respondent who modernized their IBM Z stated, “For every $1 we spent on IBM, it would have been at least $2 to go with a different solution.” These cost differences become even greater for companies who routinely update their platforms. The shorter your refresh cycle, the more cost-effective your upgrades.

Are businesses satisfied by modernizing legacy systems?

Cost only tells part of the story. After all, spending more on a new platform would be worth it if the value is there. But respondents who modernized their platforms reported higher satisfaction rates than those who replatformed. While there were a variety of reasons for this, the general consensus is related to the amount of retraining and other problem-solving involved in replatforming.

To that end, changing platforms is never a simple matter of moving from A to B. The IDC white paper suggests that it’s more about finding alternatives than finding direct upgrades. Your current platform is great at some things and struggles with others, and your new platform will likely face the same challenges as well. Should you replatform, you may find yourself creating new solutions for operations that used to be routine.

What this means for enterprise security

First, it’s nearly impossible for a user to install malware on a mainframe. A lot of malware tricks users by disguising itself as a legitimate app. But most users can’t install applications on mainframes. You don’t have people reading email or surfing the web via mainframe, which means you don’t have business users clicking risky links or opening suspect email attachments. Plus, the specialized operating language of a z/OS system means that most malware code wouldn’t even work if it did somehow find its way to your system.

Second, mainframes are protected by the Resource Action Control Facility (RACF). This means that most users have zero permissions to alter anything on the mainframe. On other platforms, there is often a default set of user permissions that can be restricted by admins, meaning each user carries an inherent level of risk when using the system. The RACF approach eliminates this, as every permission has to be individually granted.

The RACF also applies to external services. By default, all third-party applications have no access to your system. This eliminates one of the most common routes for hackers, who often attack less secure systems in order to gain backdoor access to a more valuable target. With RACF, a hacker can compromise an external service but will still be unable to touch your valuable data.

Finally, if something does happen to your mainframe, there’s no hiding it. Mainframes automatically log every single action by every user, with no way to hide or delete the record. This means that if something goes wrong, it will immediately appear in the log. That’s not only a deterrent for hackers, it’s an easy way to spot and rectify malware and other breaches.

When it comes to security, there’s really no other choice. And, as the IDC white paper shows, modernizing your platform is the guaranteed way to save money, ensure satisfaction, and maximize security for your enterprise.