Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Why modernizing your mainframe is essential for enterprise security

By Adam Glick
data intelligence
January 14, 2021

Mainframe systems are known for powering through vast amounts of data. In fact, the IBM z15 can handle 19 billion encrypted transactions in a single day, at a rate of approximately 220,000 per second. That sort of operational horsepower isn’t easy to find, but it’s not the only advantage offered by legacy systems: they also offer unparalleled security.

This is why mainframes are consistently selected for information-intensive industries like healthcare, retail, and finance. But the trend towards digital transformation has many enterprises reevaluating their mainframe systems, and the increased load on IT infrastructures in response to the COVID-19 pandemic has only accelerated these demands.

What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data?  A recent white paper from IDC and sponsored by Rocket Software, “The Quantified Business Benefits of Modernizing IBM Z and IBM i to Spur Innovation,” surveyed over 440 businesses to find the answers.

The cost of upgrading

Upgrading your mainframe means either moving to a newer version of the existing hardware, or changing to a new platform entirely. According to the IDC study, a slight majority of businesses opted to upgrade rather than replatform (239 companies v. 207). But did they make the right choice?

You might think that hardware costs will make modernizing your existing platform more expensive than replatforming. After all, switching to a distributed x86 system has to cost less than purchasing the latest IBM Z or IBM i, right? Well, not exactly.

The hardware costs are actually quite similar, at least within the $400,000 to $2 million range, but swapping platforms costs more in terms of software, staffing, consulting, and general disruption. One respondent who modernized their IBM Z stated, “For every $1 we spent on IBM, it would have been at least $2 to go with a different solution.” These cost differences become even greater for companies who routinely update their platforms. The shorter your refresh cycle, the more cost-effective your upgrades.

Are businesses satisfied by modernizing legacy systems?

Cost only tells part of the story. After all, spending more on a new platform would be worth it if the value is there. But respondents who modernized their platforms reported higher satisfaction rates than those who replatformed. While there were a variety of reasons for this, the general consensus is related to the amount of retraining and other problem-solving involved in replatforming.

To that end, changing platforms is never a simple matter of moving from A to B. The IDC white paper suggests that it’s more about finding alternatives than finding direct upgrades. Your current platform is great at some things and struggles with others, and your new platform will likely face the same challenges as well. Should you replatform, you may find yourself creating new solutions for operations that used to be routine.

What this means for enterprise security

First, it’s nearly impossible for a user to install malware on a mainframe. A lot of malware tricks users by disguising itself as a legitimate app. But most users can’t install applications on mainframes. You don’t have people reading email or surfing the web via mainframe, which means you don’t have business users clicking risky links or opening suspect email attachments. Plus, the specialized operating language of a z/OS system means that most malware code wouldn’t even work if it did somehow find its way to your system.

Second, mainframes are protected by the Resource Action Control Facility (RACF). This means that most users have zero permissions to alter anything on the mainframe. On other platforms, there is often a default set of user permissions that can be restricted by admins, meaning each user carries an inherent level of risk when using the system. The RACF approach eliminates this, as every permission has to be individually granted.

The RACF also applies to external services. By default, all third-party applications have no access to your system. This eliminates one of the most common routes for hackers, who often attack less secure systems in order to gain backdoor access to a more valuable target. With RACF, a hacker can compromise an external service but will still be unable to touch your valuable data.

Finally, if something does happen to your mainframe, there’s no hiding it. Mainframes automatically log every single action by every user, with no way to hide or delete the record. This means that if something goes wrong, it will immediately appear in the log. That’s not only a deterrent for hackers, it’s an easy way to spot and rectify malware and other breaches.

When it comes to security, there’s really no other choice. And, as the IDC white paper shows, modernizing your platform is the guaranteed way to save money, ensure satisfaction, and maximize security for your enterprise.

KEYWORDS: cyber security risk management supply chain security third party security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Adam glick

Adam Glick is vice president and chief of information security at Rocket Software, a Boston area-based technology company that helps organizations in the IBM ecosystem build solutions that meet today’s needs while extending the value of their technology investments for the future. Before joining Rocket Software, he served as VP of cyber risk at Brown Brothers Harriman and as head of information technology at Century Bank before that. He is also an adjunct professor at Boston College, where he teaches graduate courses in cybersecurity.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybersecurity

    How to enforce security protocols when your workforce has gone remote

    See More
  • digital workplace

    7 Essential Security Factors to Consider When Choosing Your Enterprise’s Messaging Platform

    See More
  • cyber-insurance-fp1170xv45.jpg

    Why cyber insurance protection is mission-critical for your business

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing