Most people would say no. Such an idea sounds almost crazy.
Still this is more than likely to have happened at quite a few banks, as more and more banks outsource mainframe operations to service providers. The ironic thing about this is that it is indeed on the mainframe where the bank’s absolutely most critical information assets are to be found!
However, finding people who have mainframe skills is not easy. Many Z/OS experts have retired or will soon do so. This is what in the first place has led banks to outsourcing. If the trend continues, then any remaining mainframe-skilled workforce will slowly but surely be concentrated to a few service providers who will be running mainframe services for the majority of banks.
When it gets confusing
The job of a service provider is to make sure that an agreed SLA is fulfilled (preferably as cost-effective as possible). However, how do you define an SLA for IT security? Does that even make sense? The very nature of hacking is to find new vulnerabilities. How do you agree in an SLA on identifying new security threats?
Things can get confusing in an outsourcing process as responsibilities are reassembled. Let a few years pass and everyone will point to the service provider as soon as they hear the word mainframe. The service provider is responsible, right? Actually, when it comes to security that is not entirely true. The bank remains responsible for security, no matter where it derives its mainframe services from.
Where the Vision starts
In order to create a good strategy for IT security, we at Beta Systems believe that not only technical mainframe skills but also practical knowledge about the bank’s operations is needed. No one but the bank itself can understand how its people work and what information is critical. Only with this knowledge is it possible to proactively prepare for incidents. Therefore information security cannot be entirely outsourced.
This leads us down to our vision: enabling mainframe security without a need for technical mainframe expertise. To realize this vision we develop easy-to-use software for managing and monitoring RACF permissions, giving the bank’s Security Officer a modern UI to fulfil security goals with.
But how to administrate mainframe access rights to overcome the growing challenges of the digital age?
Get your free guide for data center managers who operate RACF systems here.
More than 80 percent of all global z/OS installations employ RACF (Resource Access Control Facility), the IBM tool for identifying and verifying users, managing access rights and logging access to protected resources. Based on the probable assumption that IBM mainframe systems are likely used by very large companies, it can be said with great confidence that RACF protects the security of the world’s most complex IT landscapes.
What happened to a major financial service provider when they prepared their quarterly statement makes the perfect case for Beta 91: According to press sources, a computer error caused faulty bookings affecting hundreds of accounts, in some cases resulting in negative balances in the range of tens of throusands of dollars.