Sunday, 6 June 2021

The Mainframe Mindset and the pandemic

Mainframers are generally fairly robust people who can spend hours happily problem-solving and getting on with their work. And, much like so many other people, mainframers have been working from home for much of the past 14 months. They have done their best with PC-based 3270 emulation software. They may have used VPN to ensure that their remote connectivity was secure. They may have tried connecting to CICS using a web browser. And they may have used the opportunity to try Zowe CLI and Zowe Explore. But – and this is a big but – they will have faced the same problems that other people have spending time away from the office.

The thing about working at the office is that everything is there (somewhere). When mainframers are faced with a technical issue, they can find cables etc, they can access high-speed business-class networks, and they can see dashboards showing the state of play of everything. Working from home isn’t like that. On the plus side, obviously, there’s no commute, no problems parking, etc. It’s possible to get up in the morning and sit down by a laptop in your pyjamas eating your breakfast and answer emails. And that sounds perfect. The problem is that not everything you need to do your job is at your fingertips. In addition, your home is your home, and quite often doesn’t also convert well to an office environment. And that can make life more stressful than it would be in the office.

Now stress actually comes in three types. There’s the stress that you can cope with. That’s really your level of resilience. It explains why some people can face very difficult situations and just seem to cope, while other people seem to really struggle with the same situation. The second type of stress is the stuff that makes you stronger. It’s like putting your body under stress at the gym or by going out for a long run. It’s sometimes called eustress, and, as I said, it makes you stronger. The third type of stress is stress that has an adverse effect on you – usually resulting in a fight or flight response. This also comes in two types. There’s ad hoc stress, which is basically where you think you see something frightening for a couple of minutes. And there’s chronic stress, where the stress continues over long periods of time and your body is constantly bathed in cortisol from the adrenal gland. And the longer that goes on, the more likely someone is to become irritable, anxious, or depressed.

That idea ties up nicely with what medical teams have reported over the past year, there seems to have become a growth in the number of people who are reporting symptoms of depression, anxiety, and irritability.

It’s a fact known to neuroscience that people tend to do what they have always done, ie they are more likely to get into habits and go through actions without thinking. They always put on the same sock or same shoe first. They always walk in through the front door and throw their keys on the nearby shelf. And then they always boil a kettle or always pour themselves a drink. Typically, the brain uses about a fifth of all the energy that the body has and about a fifth of all the oxygen that is transported round in the blood. And it uses more energy and oxygen when it thinks about something. So, it tries to do as much as possible without thinking – ie by habit. Now, it’s quite possible for executive function – the thinking part of the prefrontal cortex – to overrule a habit. And, it can decide on a new behaviour. But unless it’s very definite about the decision, it seems that the old habits will creep back. So, if you like to have a late-night snack or drink, then you are more likely to get into the habit of not only doing it every night, but also starting earlier. And this could explain why a number of people are eating and drinking more while spending so much time at home.

There is another reason. Eating gives your brain a small reward. You get a tiny opioid hit, which is a nice feeling. If you are feeling a bit low, then it’s nice to get a nice feeling in your brain. And so, you just keep eating – binge eating – to get that reward. And after a few months of lockdown, you find that you are putting on quite a bit of weight.

Many mainframers and others have been feeling lonely working from home and not seeing colleagues. Somehow, a Teams or Zoom meetings isn’t quite the same as actually having a chat with colleagues. Often lonely people aren’t living on their own, they are, perhaps, living with the ‘wrong’ people – people who don’t understand their work and the things that are important to them. Isolation or loneliness has been a big issue during the pandemic.

One of the issues with working from home is that people tend to get up and change rooms and start work. They stop work, maybe watch TV, and then go back to bed. They don’t get very much exercise and, consequently, they don’t sleep very well. And that leaves them tired and less able to perform well the next day. Sometimes, they take a much-needed nap in the afternoon. That then impacts on their ability to sleep the next night. You can see how the vicious cycle goes on. Many homeworkers have found themselves getting poor sleep. The answer is to go for, at least, a 30-minute brisk walk every day (whatever the weather). It’s also a good idea to keep to the same bedtime and get-up times. And stop using screens about an hour before bed.

Many people have reported strange dreams, not just nightmares, but unusually weird dreams. In the general run of things, people don’t remember their dreams, certainly not once they have got out of bed. Of course, every now and again people do remember a dream. It seems that, during lockdown, more people have been reporting more bizarre dreams!

The other problem that many mainframers and others have faced during the pandemic is worry about what might happen. What might happen to them or their family and friends if they become ill or very ill; what might happen to the local infrastructure if lots of people become ill, ie will there still be fresh water coming through the pipes, what if there are power cuts, etc? This can lead to people spending long periods of time brooding. Erma Bombeck said that worry (like brooding) “is like a rocking chair: it gives you something to do but never gets you anywhere”. Brooding can use up a lot of time and energy, but doesn’t achieve anything. The other problem with it is that the brain can’t tell the difference between real events and imagined events. So, all the doom and gloom that brooding creates makes the brain think that these events are going on in the outside world and it needs to protect itself from them. The consequence is that it can be hard to break out of the cycle of brooding and actually get back to real life.

Many people have found themselves home all day with their family, which, over time, in some cases, has led to them experiencing relationship issues with their partner and other family members. They are just not used to spending so much time together.

And many people have found themselves feeling quite depressed about everything – their life, their relationships, their job, their chances of becoming seriously ill, everything. One theory about depression is that it results in a reduction in neuroplasticity – that’s the brain’s ability to restructure itself, ie move neurons around as needed. In effect, it becomes hard to learn anything new. And that’s what makes it so hard for mainframers and everyone else to get out of a period of depression. What’s needed is a way to boost neuroplasticity, which is what some drugs do. Sadly, depression is the most common mental health problem worldwide.

As people find themselves getting more stressed, they also find their phobias getting worse. And many people have a phobia of needles – which makes it harder for them to be vaccinated against Covid-19. Some people faint when they see a needle, some associate needles with previous unpleasant events, some don’t like needles or being restrained, and some people feel much more pain than most others. And some people have combinations of these responses. So, some mainframers are avoiding getting the vaccine, which may be causing them more stress.

And there are some mainframers and others who, having been anxious during the crisis, are now anxious about going back to the office, back into the city to start work, back meeting and being with people.

Just to recap, your mainframers’ mindset has had to deal with stress, anxiety, depression, anger issues/irritability, feeling fed up, brooding, relationship issues, loneliness, isolation, insomnia, strange dreams, binge eating or drinking, weight issues, and needle phobia and other phobias. People have done very well to overcome all of those. And the good news is that we think we’re pretty much through the worst of it now!

Sunday, 30 May 2021

The new mainframe mantra – trust no-one!

 

‘Ransomware attacks, phishing exploits, malware, bad actors’ and many other words and phrases associated with security have become common-place parts of everyday conversation for so many people as attacks on all sorts of organizations and individuals have taken place. In addition, the pandemic and the widespread working from home has accelerated a trend that has been growing over recent years that people expect to be able to shop, use social media, and work from anywhere at any time. And, they expect to be able to do it from their phone, tablet, nearby laptop, and any other WiFi-connected device. And that means the attack surface (another commonly-used phrase to add to the list) has grown exponentially over the past year or so.

And what makes mainframe security even harder is that people are using the cloud for their work without even going through mainframe first. So where does authentication take place? Does it make sense to route all traffic through the mainframe and then out to the cloud, and then back to the mainframe, and then back to the user? The answer is probably not. In which case, RACF etc aren’t getting a look in!

The big question facing IT security teams is how can they keep their data and their network secure when they are faced with the problem of users using so many different devices to access the network and the data existing in a cloud or hybrid cloud environment, as well as on DASD connected to their mainframe in the secure data centre? Ransomware attacks have proved that simply authenticating people when they first log in isn’t enough – especially with so many credentials becoming available on the dark web. There needs to be some way to spot that a person who usually logs in from down the road seems to be working late at night from somewhere in Africa or Mongolia (or any other distant country) this week.

At one time, hackers would take a valid login id and then brute force attack with as many potential passwords as they could until they found one that worked. Then they tried using social media to find the name of a targeted person’s dog etc, and used versions of that to try to gain access. Now they have hundreds of valid login id, and they use password spraying – where a few commonly-used passwords are tried against a large number of accounts.

And, once in, hackers try to raise their security level, and access the personally identifiable information (PII) that they can sell on the dark web. And they will corrupt backups, encrypt data, and demand a ransom. And, if you pay the ransom, they may unencrypt the data – but will probably still sell their copy of it!

That’s where zero trust architecture (ZTA) comes in. Continuous trust evaluation is based on people, devices, and applications having digital identities that are continuously being evaluated (by looking for anomalous behaviour). This ensures that everything stays secure. Obviously, it’s not perfect – you have to trust some people doing some things or else no work will get done. What it does though is balance trust against risk. It’s context aware – which means that it will identify unusual behaviour and flag it. The basic rules with zero trust are: least privilege access; never trust, always verify; and assume a breach.

That makes it harder for staff to perform unusual activities and for hackers to gain access to more secure data unless they meet prescribed identity, device, and application-based criteria. And that helps reduce the size of the attack surface. Everyone has just enough privileges (and no more) to do their work. They must meet appropriate identity, device, and application-based criteria. Obviously, criteria can change as personnel change roles within an organization.

PWC suggests four compliance aspects for zero trust. They are: security configuration baseline (SCB) monitoring; file integrity monitoring (FIM); vulnerability monitoring; and data breach detection. I wonder how many mainframe sites can tick all four boxes?

IBM has recently announced a new software as a service (SaaS) version of IBM Cloud Pak for Security, which simplifies the deployment of zero trust architecture across the enterprise. In addition, IBM announced an alliance partnership with Zscaler, and new blueprints for common zero trust use cases.

The new IBM Cloud Pak for Security as a Service allows users to choose either an owned or a hosted deployment model. Users can access to a unified dashboard across threat management tools, which comes with a usage-based pricing approach.

Looking at the blueprints, which provide a framework for security, a prescriptive roadmap of security capabilities, and guidance on how to integrate them as part of a zero trust architecture. They address business issues such as preserving customer privacy, securing a hybrid and remote workforce, protecting hybrid cloud, and reducing the risk of insider threats.

IBM’s partnership with Zscaler will help organizations connect users to applications seamlessly and securely. IBM Security Services uses the technology of Zscaler to help clients adopt an end-to-end secure access service edge (SASE) approach. Integrating Zscaler Private Access and Zscaler Internet Access with IBM security products such as Security Verify helps to build zero trust architecture.

All together, it continues to make the IBM mainframe the most secure computing platform available anywhere.

Sunday, 23 May 2021

Modernizing the mainframe


If you’re like me, a cold shiver goes down your back whenever you read a headline like that. Too often, the report or article is written by people who don’t ‘grok’ the mainframe. You can guess that the first paragraph is going to contain words like ‘legacy’, ‘venerable’, and ‘still’ – as in ‘still using a mainframe’. The attitude is that it is a technology that most people have grown out of! How wrong is that attitude.

Articles usually go on to suggest that all those ancient applications could be easily written in modern languages and could be running on an array of Linux machines or in the cloud. They could then be updated by people trained in modern languages and customers would be getting a much better deal.

Many of the authors don’t seem to grasp that fact that the first mainframe appeared in the mid-sixties, and has been updated all the time. And that is in much the same way that aeroplanes and cars have been updated since they first appeared. Yes, people like air shows and car shows where these old vehicles turn up, but no-one uses them for everyday business uses. And that is exactly the same with mainframes.

So, let’s take a look at some of the reasons people think mainframes need modernizing. Firstly, many people think that you need to have worked on mainframes for at least 40 years before you really understand how to work on green screens and make important changes to the mainframe that won’t cause chaos. As I wrote in a TechChannel article, there are lots of things that non-mainframers can use to make working on a mainframe easier. In the article, I talk about z/OSMF, VSCode, Zowe, and ZOAU, which enable developers with non-IBM Z backgrounds to work usefully on mainframes.

Then, there’s the myth that mainframes are in a world of their own and you can’t use things like containers on a mainframe. Again, not true. Using mainframe Linux, Docker and Kubernetes can run as easily on a mainframe as on a workstation, with all the advantages you would get on a workstation or in the cloud. New containers can be spun up as needed. Containers can be made up of single microservices or multiple microservices that make up a unit of service in exactly the same way.

And, talking about cloud, many people think that mainframes and cloud are two separate worlds that can’t possibly interact. Again, this just isn’t the case. Many mainframers will jump up and down explaining that the mainframe was the first iteration of a cloud-style environment before we had the cloud. In fact, using the cloud is now something that the mainframe does well. And, IBM has been very clear that cloud is a direction it wants to be going. Red Hat OpenShift on IBM Cloud helps enterprises start the cloud migration process by creating cloud-agnostic containerized software. Developers can containerize and deploy large workloads in Kubernetes quickly and reliability.

You also find people who think that mainframes are a kind of silo area. They don’t believe that the outside world can be in contact with a mainframe unless they’re using a 3270 terminal emulator. Again, that’s not the case. Many people are accessing services on CICS or IMS from a browser. Clicking an option on the screen kicks off a CICS or IMS transaction, and the results would be displayed in the browser. In additions, CICS and IMS can take part in the API economy. RESTful APIs can be used to link mainframe microservices with microservices from the cloud or distributed systems to create new applications. And, using JSON, the results can be served up in a browser. What I’m saying is that mainframes can be treated as just another processing platform that interacts with every other processing platform.

People who work on distributed systems have, in the past, always seemed a bit behind the mainframe world in some of the things they do. But, on the other hand, they were definitely ahead in a couple of ways. For example, a SIEM running on a distributed platform is quite common. It’s used to pick up incident messages and display them for security staff to deal with straight away. Nowadays, it is possible for SMF data and other mainframe records to be written out to a SIEM on a distributed system and alert security staff. This is better than reading through day-old SMF log files. The other piece of software found on distributed systems that isn’t generally found on many mainframes is FIM software. File Integrity Monitoring software can identify when changes have been made to files and check with products like ServiceNow whether they are authorized changes and alert security staff if not. This makes identifying unauthorized activity so much quicker than pouring over yesterday’s SMF data. BMC offers such mainframe software, as well as a company called MainTegrity with their FIM+ product.

Lastly, many people aren’t aware of just how secure a platform a mainframe can be. With z15 processors, IBM has extended the ability to encrypt data stored on the mainframe to also encrypt data in transit. And it can do that without impacting system performance. This uses the idea of Data Privacy Passports. So, even if data is accessed by an intruder, they won’t be able to read it because they won’t be able to decrypt it.

What I’m saying is that mainframes are being modernized by IBM and other software vendors all the time. It’s just a case of whether mainframe users are making use of all the facilities that are available. I’d also like to suggest that it’s the job of all mainframe professionals to spread the word about what mainframes can do to not only non-mainframe-based IT staff, but also management and the rest of the world.