Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:45 AM

CA Makes Mainframe Security Play

To unveil new tape encryption next week, after IBM pinned its own colors to the mainframe mast

Next week Computer Associates will announce encryption software designed to ease the security strain on mainframe users, just days after IBM unveiled a slew of new mainframe tools. (See Mainframe Mid-Life Crisis and IBM Unveils Software.)

The news is further proof, if any is needed, that rumors of the mainframe's demise are premature. In CA's view, demand for mainframe improvements continues unabated. "What has been lacking has been a way to manage encryption in ways mainframe users have been used to," says Mary Cochetti, product marketing manager for CA's BrightStor division. She says CA's new BrightStor Tape Encryption software, which encrypts and decrypts IBM zSeries mainframe data as it is written to tape, fills the bill.

One beta user thinks it does, too. Boston University relies on a single IBM z890 mainframe as the central server for all its student, faculty, and alumni data. Gerard Shockley, the University's assistant director of technical services, started experimenting with CA's product in February and finished beta-testing it in late March. "It is blatantly simple and that's what we like about it," he says.

With the new CA software, Shockley does not have to change the Job Control Language (JCL) interfaces that link to z/OS in order to secure his data. This, he explained, was not the case with IBM's Encryption Facility software, which he also evaluated. "The possibility of errors are minimized when there are no changes required," he says.

Shockley notes that this kind of simplicity has been vital to keep up with growth. "The mainframe is stronger than ever. We're growing at an annual rate of 20 percent in terms of CPU utilization."

Flexibility has also been a key benefit for BU. "We liked the fact that you could select from a number of [encryption] algorithms based on the type of data. For example, we may use a different algorithm for our database backup than we would for super-sensitive files."

A number of vendors, including Decru and NeoScale, also offer hardware-based encryption for the mainframe market, although Shockley tells Byte and Switch that he is much more comfortable with a software-based approach. "Software is more seamlessly transportable to our disaster recovery vendor. Hardware may have required additional scheduling of time and, possibly, additional cost."

CA's coming announcement isn't the only evidence that mainframes are alive and well and calling forth tighter security in today's data centers. IBM, which took the wraps off the world's first mainframe, the System 360, back in 1964, unveiled new software for its zSeries platform earlier this week. These include new WebSphere Process Server, Portal, and ESB products, which aim to boost mainframe Service Oriented Architecture (SOA) capabilities. The vendor also announced new DB2 Viper software for handling email, video, and RFID data, as well as a new Tivoli Identity Manager, specifically for securing mainframe transactions.

Despite all this mainframe activity, even IBM can't deny that mainframe technology isn't the top of the data center heap as it once was. AFCOM, the data center managers' organization, has warned of a looming skills gap, with many mainframe experts heading for retirement and the next generation of IT managers more interested in "sexier" Web technologies. (See Mainframe Skills Shortage Looms.)

IBM told Byte and Switch that it is taking steps to address this issue, developing mainframe course ware that has already been deployed in nearly 300 universities worldwide. The vendor also recently sponsored a "Master the Mainframe" competition, involving 700 students from 85 colleges and universities. Jim Rhyne, chief architect of IBM's WebSphere division, denies any suggestion that the mainframe's days are numbered. "Since the advent of the Internet, we have seen the demand for mainframe MIPS go up something like 20 percent every year," he says.

Pricing for CA's new encryption software, which is available now, starts at $60,000. IBM's new Process Server and ESB offerings will be available next month, with WebSphere Portal, DB2 Viper, and the new Tivoli Identity Manager on the market later this year. IBM, however, is yet to release pricing information for these products.

— James Rogers, Senior Editor, and Dave Raffo, News Editor, Byte and Switch

Organizations mentioned in this article:

  • CA Inc. (NYSE: CA)
  • Decru Inc.
  • IBM Corp. (NYSE: IBM)
  • NeoScale Systems Inc.


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/14/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Why Cybersecurity's Silence Matters to Black Lives
    Tiffany Ricks, CEO, HacWare,  7/8/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-14
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
    PUBLISHED: 2020-07-14
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
    PUBLISHED: 2020-07-14
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
    PUBLISHED: 2020-07-14
    In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileg...
    PUBLISHED: 2020-07-14
    Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically vali...