Sunday, 31 October 2021

Guide Share Europe Annual Conference 2021


It used to be that you needed to live in the UK or western Europe to be able to attend the UK’s premier mainframe conference and exhibition. However, because of Covid, the Guide Share Europe Annual Conference is online again this year. And that means anyone from anywhere can enjoy the presentations.

The conference runs from Monday 1 November to Thursday 4 November and Monday 8 November to Thursday 11 November, and has presentations in eight ‘virtual rooms’. There are all the usual streams: 101; 102; AIOPS, System Automation, Monitoring and Analytics; Application Development; Batch and Workload Scheduling; CICS; DB2; Enterprise Security; IMS; Large Systems; Linux on Z; Mainframe Skills & Learning; MQ; Network Management; New Technologies; Storage Management; Women in IT; and z/Capacity Management and zPerformance. If you want to register, the address is https://conferences.gse.org.uk/register.

The conference is made possible by sponsorship. This year’s Platinum sponsors are IBM, BMC Software, and Broadcom. Other sponsors include MainTegrity, Beta Systems, Micro Focus, SMT Data, Luminex, and Rocket Software. The charities being supported this year by the raffles are: RNLI (Royal National Lifeboat Institution) and Guide Dogs UK.

There are a number of keynote presentations. The first is on Monday 1 November at 2pm, when Mark Wilson opens the conference. That’s followed by Broadcom’s Greg Lotko, whose keynote presentation is entitled, “Colleagues in Corvettes Getting Cappuccinos”. That’s followed at 3:15pm by IBM’s Geeth de Mel, whose keynote is entitled. “AI Driven Knowledge Discovery”.

The keynote on Tuesday at 5pm is from Chris Booth from NatWest and is entitled, “Don’t call us special”. “Infrastructure and Application Modernization on IBM Z with Red Hat OpenShift” is at 5pm on Wednesday 3 November. It’s presented by IBM’s Marcel Mitran.

Mark Wilson opens the second week of the conference at 2pm on Monday 8 November. He’s followed at 2:15pm by BMC Software's John McKenny’s keynote called “The Road to Digital Transformation is Paved with AIOps, SecOps, and DevOps”. At 3:30pm, it’s Saghi Amirsoleymani from Rocket Software asking, “Does the future DBA need to be a data scientist?”. On Tuesday at 5pm, Ian Thompson from Next will be asking, “Where Next? Keeping the mainframe relevant at Next”. On Wednesday at 5pm, IBM’s Meredith Stowell will be speaking. Mark Wilson wraps up the conference on Thursday 11 November at 6:15pm.

There are also a number of lunch and learn sessions. On Tuesday 2 November, Misty Decker from Micro Focus will be asking, “Do You Really Understand Mainframe Modernization?”. On Wednesday at 1pm, conference favourite Resli Costabell will be discussing, “Imposter Syndrome”. On Tuesday 9 November Glenn Anderson from GlenAndersonSpeaks will offer, “Five Tips to Energize Your Next Presentation”. On the Wednesday, BMC Software’s Edward Shim looks at, “SecOps, SOAR and how to build a strategy for your mainframe”. SOAR stands for security orchestration, automation, and response – in case you weren’t sure. Thursday lunch time sees BMC Software’s Atul Bhovan talking about, “Mainstream the Mainframe with Automated CI/CD Pipelines and Shift Left Automated Testing”.

Being an online conference means that you don’t need to drive or fly anywhere. There’s no need to book hotel rooms. There’s no need to arrange cover for staff who are off work because they will just be in a meeting for part of the day. There are just so many reasons on the plus side for registering to attend. The presentations are the usual high quality – and there are so many of them. The only downside to a virtual conference is that you don’t get to meet and chat to other mainframers from other sites. And you don’t get to hear all those horrendous revelations about what has actually happened at other sites while you’re sitting with new friends in the bar late at night!

You may be interested in a session on the last Thursday at 10:30 until 11:30, “Defending your mainframe against hackers, ransomware, and internal threats”.

I would definitely recommend the conference to everyone.

Sunday, 24 October 2021

The Arcati Mainframe Yearbook 2022


How do you know what’s really going on at other mainframe sites? One answer, each year, is to read the annual mainframe users’ survey published in the Arcati Mainframe Yearbook. If you’re prepared to give up 10 minutes of your time to complete a survey form, we will send you a FREE copy of the survey results before they are published in January. As in previous years, we’re inviting all mainframe professionals to complete the annual user survey, which is up and running at itech-ed.com/AMY22/usersurvey22/. The more users who complete the survey, the more accurate a picture of what’s happening in the mainframe world we can produce, and therefore the more useful the survey report will be.

For example, when looking at what’s new (or, perhaps more correctly, what appears on a lot of PowerPoint slides), last year’s survey found that 35 percent of sites are already using Splunk. And a further 20 percent said that they were planning to use it. The survey found that 35 percent of sites were already using DevOps (up from 20 percent last year), with a further fifteen percent planning to use it. And half of all respondents said that they were already reusing APIs to speed up application development. And a further 25 percent of sites are planning to reuse APIs. Blockchain has been in the news a lot, and 10 percent of sites reported already using it, with 15 percent planning to use it. With Docker, we found that 10 percent of respondents were already using it with 15 percent at the planning stage. When it came to Web-enabling subsystems, we found that 80 percent of organizations were Web-enabling Db2; 75 percent were Web-enabling their CICS subsystems; and 30 percent of sites were Web-enabling IMS, and 30 percent were Web-enabling WebSphere. In contrast, only eight percent of sites already use Liberty, with eight percent planning to install it.

When asked what, in their opinion, are the main benefits to their organization of the mainframe over other platforms, every single respondent highlighted security. Clearly, all the talk about breaches and ransomware is focusing the minds of mainframers. 90 percent of respondents highlighted the benefit of availability. 75 percent of respondents highlighted manageability, with 75 percent identifying scalability.

Linux is often in the news, so it was interesting to see what our respondents had to say about it. Just over half of respondents said that they run Linux on the IBM Z. There are considerable cost and management benefits from consolidating distributed Linux workloads onto the mainframe. However, 63 percent of respondents weren’t interested in LinuxONE mainframes. Six percent of respondents said they already had one, with 25 percent expecting to get one at some time in the future. But, no sites in the survey said their primary operating system was Linux.

Reinforcing the value of the mainframe to organizations, the survey found that 89 percent of sites have seen some kind of increase in capacity, and 83 percent have seen an increase in technology costs, and yet only 59 percent of sites believe their people costs have increased! Also, in terms of costs, 81 percent of sites surveyed said that the bulk of their IT budget is spent off mainframe.

If you’ve not come across the Arcati Mainframe Yearbook before, it has been the de facto reference work for IT professionals working with z/OS (and its forerunner) systems since 2005. The Yearbook includes: an annual mainframe user survey; a mainframe strategy section with papers on mainframe trends and directions; an up-to-date directory of mainframe vendors, consultants, and service providers; a guide to useful sources of mainframe-related information; a glossary of terminology; and a mainframe evolution section. Each year, the Yearbook is downloaded by over 21,000 mainframe professionals. The current issue is still available at arcati.com/newyearbook21.

So, very shortly, many mainframe professionals will receive an email telling them that we have started work on the 2022 edition of the Arcati Mainframe Yearbook. If you don’t hear from us, then email arcati@itech-ed.com and we will add you to our mailing list. All respondents completing a survey before Friday 26 November will receive a FREE PDF copy of the survey results. The identity and company information of all respondents is treated in confidence and will never be divulged to third parties. And any comments made by respondents will be anonymized before publication. If you’re in a Zoom or Teams call with mainframers from other sites, please pass on the word about this survey. We’re hoping that this year’s user survey will be the most comprehensive survey ever. Current estimates suggest that there are somewhere around 3,000 mainframes in use world-wide.

Anyone reading this who works for a vendor, consultant, or service provider, can ensure their company gets a FREE entry in the vendor directory section by completing the form, which is at itech-ed.com/AMY22/vendorentry/. This form can also be used to amend last year’s entry.

Also, as in previous years, there is an opportunity for organizations to sponsor the Yearbook or take out a half-page advertisement. Half-page adverts (5.5in x 8.5in max landscape) costs $990 (that's UK£790 or €850 Euros). To put that cost into perspective: for every dollar you spend on an advert, you reach around 25 mainframe professionals.

Sponsors get a full-page advert (11in x 8.5in) in the Yearbook; inclusion of a corporate paper in the Mainframe Strategy section of the Yearbook; a logo/link on the Yearbook download page on the Arcati Web site; and a brief text ad in the Yearbook publicity e-mails sent to users. All this for just $2590 (that's UK£1990 or €2230 Euros). To put that cost into perspective: for every dollar you spend on sponsorship, you reach around 9 mainframe professionals.

Last year’s sponsors and advertisers were: BMC Software, Broadcom, Model9, Action Software International, DataKinetics, DataVantage, Enterprise Systems Associates, Inc (ESAi), Fischer International, Fujitsu, Key Resources Inc, Software Diversified Services, Tone Software, and ZETALY.

Vendors, consultants, and service providers need to complete our survey form to get their free entry in the Yearbook as soon as possible. Also, they need to let me know, either by e-mail or by ticking the appropriate box at the end of the survey (at itech-ed.com/AMY22/vendorentry/), whether they wish to advertise in or sponsor the Arcati Mainframe Yearbook 2020. All entries need to be with us by Friday 26 November.

Clearly, not an opportunity to be missed. The Arcati Mainframe Yearbook 2022 will be freely available for download early in January next year. Let me thank, in advance, everyone who will help to make the new Yearbook such a success.

Find out more about iTech-Ed here.

 

Sunday, 17 October 2021

How do I respond if my mainframe has been hacked?


I wrote a couple of weeks ago about the need for people to reveal that they have been hacked and to tell the world how large a ransom they were presented with and what they paid. I thought this time, we might dive into the thinking of companies who are faced with this dilemma.

Basically, a company that has just received a ransom demand and discovered that not only are its files and backups encrypted, but also its data has been syphoned off and could be appearing for sale on the dark web any day soon, has two choices. Either they reveal all to the media and make the lessons they have learned available to other organizations to help them prevent similar breaches occurring. Or, they say nothing about it, pay the money, and carry on in business. They hope the criminals unencrypt their data and don’t put it up for sale. And they hope that their customers continue doing business with them as if nothing had happened – which, as far as customers are concerned, is what they believe. The reputation of the hacked company stays intact.

This is in many ways like the famous game theory of the prisoner’s dilemma. You may be familiar with this. Two prisoners are held in separate rooms and are now being interviewed by the police. They can’t communicate with each other. And they are told the following:

·        If you confess and agree to testify against the other suspect, who does not confess, the charges against you will be dropped and you will go free.

·        If you do not confess but the other suspect does, you will be convicted, and the prosecution will seek the maximum sentence of three years.

·        If both of you confess, you will both be sentenced to two years in prison.

·        If neither of you confesses, you will both be charged with misdemeanours and will be sentenced to one year in prison.

Imagine that you were one of the prisoners, which option would you choose?

As a bit of background, this game theory originally came from Merrill Flood and Melvin Dresher at the Rand Corporation in 1950. It was formalized and named by Albert William Tucker.

Let’s put some numbers on the options available. If neither confesses, they both get a year behind bars. If they both confess, they get two years. But if one confesses and the other doesn’t, the one who confesses goes free and the other faces three years inside. Think of it as 1,1; 2,2; 3,0; and 0,3.

If we add up the numbers, if a prisoner confesses, they either get two years or walk away. If a prisoner doesn’t confess, they get three years or one year. If you add those numbers together, it’s either 2 years for confessing or four years for not confessing. Because they can’t communicate with each other, confessing seems like the best strategy to minimize the amount of time spent in gaol. The ideal solution, if they could communicate is for both of them to stay silent, but they probably won’t do that for fear that the other prisoner has already confessed.

What I’m suggesting is that something like the prisoner’s dilemma could be used as a theory to see what would happen if a financial institution were to work out the result of revealing that it has been hacked or not.

The first financial institution to reveal that its mainframe has been hacked would definitely find that its reputation was dented and that customers would move to a more ‘trustworthy’ bank. No matter how they spun the information they were giving to the press. It just seems to me that the same people who panic buy at the drop off a hat would lemming-like rush to another financial provider. So, I can see why these kinds of institution would not reveal the information.

Suppose there was another scenario available, where two or three or more financial institutions not only revealed the details of the ransomware attack, but also the steps they took to ensure that a similar attack couldn’t happen ever again. Their PR teams would be busily spinning the information to show that it was only a small part of their business, and they were completely in control, and appropriate steps had been taken to prevent it ever happening again. And, as a result, customers would be less likely to rush to another bank or whatever because they all seemed to be equally vulnerable. Yes, the organizations would suffer a dent to their reputations, but that would soon be forgotten about.

The advantage of companies coming out with details of their breaches and the ransoms they have been asked to pay, as well as the amount that they did pay, is that other companies can put in place appropriate strategies to prevent similar attacks happening to them.

At the moment, you can picture the mainframe business world in much the same way as the first cowboys with guns felt when they saw herds of buffalo roaming across the plains of North America. It’s pretty much open season for the bad actors to take down any mainframe site that they like. The buffalo aren’t talking to each other.

So, how to get out of the prisoner’s dilemma where a suboptimal result occurs because each prisoner is looking after themselves and not communicating with the other. In the case of the mainframe world, there are lots of ‘prisoners’ and it is very easy to communicate with them. In my opinion, legislation and protection is the only way forward to get organizations using mainframes that have experienced a breach to reveal all. Legislation would compel them to reveal all, and protection would ensure that the loss of business for those first few companies that speak up doesn’t put them out of business.