So, your organization has a mainframe – had one for years – and everything is nicely locked down. You can recover almost up to the minute the system or subsystem crashed (which it hardly ever does), and you’ve got people who seem to know, almost by instinct these days, when something isn’t performing quite right.
On top of that, you’ve got another layer of IT. People who use laptops with Windows and/or people who use Linux, and possibly bits or Solaris dotted around. These people have more interesting lives. They have to fight to get the best performance. Their back-up strategy is good if they can recover to last night! They probably still insist on people using XP as their Windows operating system because Vista was no good and it’s a bit of a jump to Windows 7. Plus they’re probably coming to the end of a virtualization project to reduce the number of server boxes they’ve got lying around. Parhaps they’re installing Citrix to virtualize desktops, or SharePoint to produce an intranet and join up all the separate islands of computing.
Plus you’ve got remote users, who are logging in over somebody else’s wifi. Or they might be using the 3G network on their smartphone. It’s your fault, of course, because you spent so long changing your CICS and IMS applications so they could be used in a Service-Oriented Architecture (SOA) environment. But, I guess you have strategies in place to secure the connection, and secure what applications they can run, and what data they can see.
In fact, you’re probably convincing senior managers in your organization that it really was their idea all along to combine the strengths of mainframe computing with the flexibility of distributed systems. What your organization needs is a nice z196 mainframe – perhaps one of the planned-but-not-quite-announced Business Class (BC) machines.
For those of you who’ve spent the past year on Mars, the z196 brings together the latest mainframe technology with POWER7 and x86 IBM blade systems, giving potential users z/OS, AIX, Linux, and (coming soon) Windows, all on the one box. At this stage, I should point out that there are very strong arguments for going to zLinux. It’s been around for 10 years now, and is just becoming an overnight success – as they say.
So, there you are thinking that you can use your mainframe experience and expertise to tidy up all the other computing areas in your organization and get them under your control when HR tells you they have supplied everyone on the board of directors with an iPad. Now, you might think this is a good opportunity to bring some of the board into the 21st century, but it creates yet another rip in the secure blanket you've been throwing over the company’s computing infrastructure. Can you set up a security policy for iPads? Well, yes, if they come into a Microsoft server – in the same way you would for Mac users. Can you allow board members to download apps? Or can they have only pre-approved ones? Where do you start building proper security? It’s back to herding cats!
And don’t think I’ve singled out iPads, Androids have similar issues. You can download firewalls and anti-virus software for them, but it’s not the same as RACF!
And it might not just be board members – you may still have road warriors that want the small form factor of a tablet. The issues of theft or forgetfulness compound your security problems.
My suggestion at this stage is to wait for Windows 8 tablets, and hope that the policies laid down by the non-mainframe ITers will apply to them. And by then, Windows will be running on our z196 box. So everyone’s a winner!
1 comment:
Trevor, good read. I posted something similar a while ago under http://bit.ly/p3JSSZ. But while all of us who take IT seriously are wondering why we are seen as obstacles to innovation, most end-users seem to ignore the fact that "Business IT" is different than "Personal IT". When we hear about security breaches, most people seem to think they only happen to their neighbours. As a company, it is our tasks to make employees aware of the importance of the data we work with. For Privacy, or Business reasons. But how often have you seen company data on spreadsheets showed on the laptop of the person in front of you in an airplane? How often have you had to overhear business discussions on a mobile phone in an airport or on a train? As long as this happens, explaining that an iPad DOES introduce major security risks will simply not be understood....
Post a Comment