Sunday, 25 June 2023

Cloud security for mainframers

One of the things that mainframers are rightly proud of is the security that surrounds working on a mainframe. Data can be secured at rest, in motion, and even while being used. Using modern mainframe security products like FIM+ from MainTegrity, makes it possible to quickly identify when data has been changed and whether that was an expected change or not. It’s also possible to quickly identify which backup copy should be used to restore data from. And it does much more. Basically, what I’m saying is that when mainframe security is done properly it works well and is fairly easy to use. I’m not saying it’s perfect, that’s not the world we live in.

If you’ve read any mainframe news stories for the past year, they are predominantly about mainframe sites modernizing and moving applications to the cloud, or even just getting rid of their mainframe and moving to a cloud-based environment only. The question that no-one seems to ask is whether the cloud is any more secure than a mainframe. Well, is it?

I guess the answer is that when cloud security is done well, it can be quite secure.

Just looking at AWS for the moment, it provides:

  • AWS CloudTrail, which tracks all activity occurring on AWS.
  • Amazon GuardDuty, which is a threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers security findings for visibility and remediation.
  • Amazon Security Lake, which centralizes disparate log and event data from a customer’s AWS environment into a purpose-built data lake for a more complete, organization-wide understanding of their security related data.

There are other security products available.

IBM has recognized the need to extend mainframe security and has recently come out with some announcements. It is planning to help customers simplify and enhance cloud security by bringing together native AWS Cloud Foundational Services with IBM Security QRadar Log Insights and IBM Security QRadar SIEM. It’s also strengthening its Guardium family of data security products, extending data visibility and control into AWS.

IBM Security QRadar Log Insights, which is a cloud-native management platform, is being brought together with several AWS native services. Roles and permissions are programmatically set-up within the AWS Identity and Access Management (IAM) Identity Center, and AWS Control Tower configures Log Insights, which are designed to help shorten time-to-value and reduce cloud misconfigurations.

Customers can expect the following benefits:

  • Simplified search-based investigations. Audit logs from AWS CloudTrail can be integrated with IBM Security QRadar Log Insights, making it easier to search events across AWS and hybrid cloud environments to identify potential malicious behaviour or misconfigurations.
  • Enhanced security data visualization. Bringing together Amazon GuardDuty and IBM Security QRadar Log Insights allows user to take data from other clouds and on-premises, providing access to data quickly and in one place to deliver efficient detection, investigation, and response to threats.
  • IBM Security’s QRadar Suite now supports Amazon Security Lake, providing comprehensive hybrid cloud visibility.

In addition, IBM has enhanced its Guardium data security products, helping customers better protect and manage their cloud data:

  • Guardium Insights SaaS editions is available in AWS Marketplace. The three new SaaS editions are designed to meet the needs of small, mid, and large enterprises. These new editions help organizations address data compliance regulation requirements and protect data spread across multiple cloud platforms.
  • Data Security Posture Management (DSPM). IBM has acquired Polar Security, a DSPM pioneer. Polar’s agentless solution automatically finds unknown and sensitive data across the cloud, including structured and unstructured assets, SaaS apps, within cloud service providers such as AWS. Once the data is discovered, Polar classifies the data, maps the potential and actual flow of that data, and identifies vulnerabilities, such as misconfigurations, over-entitlements, and behaviour that violates policy or regulations. Polar’s DSPM technology will be integrated into IBM’s Guardium family of data security products.

IBM Security Services, part of IBM Consulting, is announcing support for the AWS Global Partner Security Initiative. This new initiative will provide the opportunity for IBM and AWS to provide transformational security and compliance services with actionable security data that leverages the power of generative artificial intelligence (AI).

The AWS Global Partner Security Initiative comprises four security pillars: Managed Detection and Response (MDR); Cyber Resilience Emergency Recovery; Security-led Cloud Migrations; and Continuous Regulatory Compliance. Through this initiative, IBM initially intends to focus on helping customers migrate, modernize, and operate critical business workloads in the cloud. This also builds on the dedicated resources and deep expertise within IBM Consulting to work with shared AWS customers to bring secured, automated solutions to hybrid cloud environments.

Clearly, IBM has recognized that while cloud security is good, it needs to be enhanced in order to bring cloud security up to the same level as mainframe security.

I would imagine that very soon we will be hearing about artificial intelligence (AI) products being used on mainframes and in the cloud to maintain the security of those environments against both would-be hackers and disgruntled staff. Although, I suppose that somewhere hacker gangs are building their own AI software to hack those same cloud and mainframe sites.

No comments: