Mainframe Security Features Help Manage Risk

Not Your Father's IT
In the '60s and '70s, mainframes were stationed in locked-down areas with special access required. Only a handful of systems programmers had access to the hardware, applications and data. Additionally, mainframes were water-cooled and large - not something anyone in their right mind would consider an easy target for theft. Data storage, also large and bulky, was secured behind the same locked doors with minimal access.

In its infancy, data redundancy was too costly for most companies to consider. The large businesses that had mainframes knew exactly who had access to what and could track who entered and left the room in case any problems arose.

Simultaneously, most businesses were self- sufficient and self-contained. In other words, companies handled every aspect of their business, including programming, service, support, storage and sales. Anything that was required for their business to operate was handled internally. Many businesses tended to keep databases with massive amounts of product information, but very little information was kept on the customer base. Sales opportunities weren't regularly tracked, and there was little opportunity to get to know the customer in a retail environment.

When distributed processing came along, many of the strict controls that protected information on mainframes flew out the window. Larger networks were built, often outside the perimeters of the traditional IT environment. No longer centralized behind a locked-door environment, heterogeneous servers of every size and description started participating in the application, data processing and storage. It was significantly easier to get approval on funding smaller amounts, as needed, rather than plan for the cost of a mainframe, which might be more processing power than was required. Simultaneously, new transaction protocols brought widespread access to applications and data via intranets and the Internet. For awhile, hackers weren't educated or didn't focus their attention on all of the vulnerabilities that arose from this new distributed and networked IT environment.

Next came the trend where businesses focused on their mission-critical or core products and services. Consultants and business analysts recommended that companies outsource everything - from small services, such as credit checks, to whole datacenters. Regardless of the size, many companies found that working with partners who specialized in other complementary areas made perfect sense. Many businesses realized that working with third-party vendors improved earnings by saving businesses time, money and headaches.

Another fundamental change that came about during this time-frame was the movement toward customer-relationship management (CRM). Businesses were consumed with collecting data about their clientele and trying to get to know them better. At first, it was the basics - such as names, addresses and telephone numbers. But, in time, businesses started to collect Social Security numbers, credit-card numbers, credit ratings, birth dates - and even data on their customers' preferences or buying trends. Their goal was to provide better services to customers. By eliminating the need to enter the same data numerous times, they'd save their customers time and improve the quality of the service they provided by serving the information customers wanted when they wanted it. This was all intended to establish a long-term relationship with clientele. When CRM collided with distributed computing, it led to the utilization of outside-vendor services and widespread access to data via the World Wide Web. A number of new threats and vulnerabilities materialized.