Why Geolocation Is Key to a Comprehensive Mainframe Security Strategy

Iconium Software’s Rick Jones explains how geolocation services can bolster your company’s defenses in today’s ever-changing business landscape.

By Dava Stewart

When it comes to security, change is the only constant. Regardless of how carefully planned and meticulously implemented the security strategy of an enterprise with mainframe operations, the need to continually assess, update and protect operations remains constant. This is a change from the not-so-distant past, when on-premises mainframe operations were, by their nature, as secure as they could be.

 

As the centerpiece of business, data must be protected, and the way that’s accomplished is always evolving. Rick Jones, founder of Iconium Software, says geolocation should play an important role in securing data in the modern age, especially for organizations that store personal information or intellectual property.

Maturity, Compliance, Size and Other Pertinent Factors

Every enterprise has a unique combination of services or products offered, size, location(s), regulatory requirements, company culture and more. This variability makes it impossible for security experts to create security strategies that can be replicated successfully across companies. In other words, the security strategy that works for a nationally recognized bank is unlikely to work for a large insurance company. Although that may seem obvious, it’s a fact that can be lost in the chaos of attempting to secure data in the modern world.

 

Compliance requirements and security strategy maturity levels are two factors that indicate whether an organization is using or should be using geolocation as part of their security program. To cite an old example, NASA has a mature security strategy, and geolocation is an important part of it. Anyone accessing NASA’s system from outside of Huntsville, Alabama, must have very specific access credentials.

On the other hand, a regional bank may have a security program that’s compliant with the regulations for their industry, but it likely doesn’t include geolocation. “They’re not thinking about this because they think they don’t have that vulnerability,” says Jones. A comprehensive security strategy varies enormously from one organization to another, and from one industry to another.

“A comprehensive security strategy is more than just software.”

— Rick Jones 

Jones says very few organizations currently include geolocation in their security strategies. Even for those that do, in many instances, geolocation security is based on an IP address that can be spoofed. Newer technology is changing that. Just as communication changed with the development of the cell phone, so will security change and evolve with the use of artificial intelligence (AI), machine learning (ML) and the ongoing development of geospatial technology.

Common Misconceptions About Mainframe Security

Security professionals and CEOs often have a false sense of security because they use networking devices to verify IP addresses. However, Jones notes that using a free VPN can evade such security measures. “You can use a free VPN, put in an IP range and it’ll plow right through,” he says.

 

Having a false sense of confidence regarding security ignores the fact that the threat landscape is evolving daily. He offers advice for maintaining a robust security strategy:

Understand that security is more than software.

“A comprehensive security strategy is more than just software,” says Jones. Having any particular product in place is not sufficient alone. Jones says along with safeguards like security software, enterprises need to have processes, policies and procedures in place in order to create a comprehensive security strategy. “And you’ve got to practice that stuff,” he says. Staff training, and regular practice, help people understand what to do when something is wrong, even if it’s someone accessing a file more often than usual.
NEXT

Don’t underestimate the importance of monitoring and reporting.

Another common issue Jones sees is a lack of comprehensive monitoring and reporting. Getting a report once a week or once a month is one thing, but along with that report, companies need to have analytics applied to the reporting. Using AI and ML to interpret reports allows for more advanced threat detection.
NEXT

Frequently assess your enterprise’s security strategy.

Vulnerability testing, staff training, consistent practice, processes and procedures, and a clear understanding of incident reporting are all important and frequently overlooked elements of a comprehensive security strategy. Consider a regional bank headquartered in Texas, where geofencing rules say only people in Texas can access mainframe data but someone in Oklahoma accesses it. Do staff members know what to do with a marginal risk like that? What is the policy? What is the process? “It’s risk assessment,” Jones says. Being informed about whether an employee is on vacation or someone in a different country is attempting to log in makes a big difference in how the risk is calculated.
← BACK

SPONSORED CONTENT

Full-Service Mainframe Hosting and Recovery Solutions

Converge Enterprise Cloud is an IBM Platinum Business Partner and leading infrastructure services provider. We offer flexible and customized private, hybrid or public cloud solutions that are supported by experienced talent and enhanced through unparalleled customer service. 

Scalable and secure services enable our clients to focus on their core business while ensuring cost-effective, high-quality service and support. Explore our Mainframe-as-a-Service, Disaster Recovery-as-a-Service, Backup-as-a-Service and networking services in support of your recovery requirements. 

Mainframe-as-a-Service

Host your production processing in one of our SOC 2 mainframe data centers in a public or private cloud. Our mainframe team can provide a total dedicated cloud solution. In addition, our mainframe architects, system Ppogrammers and storage administrators are available 24-7-365 to manage your environment either on-premises or remotely. 

 

With Converge Enterprise Cloud, you can move your CapEx expenses to OpEx, align your business requirements and reduce overall cost while utilizing the latest technology. 

We provide:
  • Hardware and software services 
  • IBM Z services and architecture 
  • Linux on IBM Z and Red Hat OpenShift 
  • Enterprise flash storage expertise 
  • Advanced architecture design 
  • Migration planning and implementation 
  • Virtual tape storage expertise 
  • VTS migration planning and implementation 
  • Digital assets and hyper protect services 
  • Mainframe knowledge management retention and risk mitigation 
  • Significant mainframe workforce and talent pool reach 

Disaster Recovery-as-a-Service (DRaaS)

Converge Enterprise Cloud Mainframe DRaaS allows you to recover and test workloads in our secured cloud environment, providing cost-effective data replication and recovery options, generating faster recovery times and superior data security. 

 

Our DRaaS program provides the necessary platforms and peripheral equipment to recover your business ATOT or ATOD. Recovery hardware is based on the overall recovery strategy and business requirements, and mainframe and storage hardware can be provided on a shared or dedicated basis. 

Benefits:
  • Recovery includes LPAR or VM recovery solutions based on varying requirements
  • Testing is provided with only a 60-day notice
  • Disk or tape-based recovery solutions can be provided with or without encryption
  • Virtual tape solutions include both physical and non-physical tape 

Backup-as-a-Service and Networking 

Experience ease of mind knowing your data is being replicated in our secure SOC 2 Type II data center facilities environment. Converge Enterprise Cloud's backup services can utilize disk replication and/or virtual or physical tape, and we can provide all the necessary technology to support your recovery requirements. Through our network, mainframe environments can be connected to all distributed environments including IBM i, Power Systems, Intel and external clouds. 

Details:
  • Solutions range from public to private cloud, or a completely dedicated service
  • IBM DASD copy services: flash copy, metro and/or global mirror solutions
  • BaaS includes secondary or tertiary backup solutions 
  • Our engineering team supports all network platforms including but not limited to: Cisco, Juniper, Palo Alto, VMware and Fortinet

Download our free catalog of services to learn more. 

Let’s get started!Opens in a new window.

An Ever-Changing Security Landscape

Along with bad actors constantly looking for new ways to infiltrate security systems and steal data for nefarious purposes, organizations must also figure out how to keep things secure in an ever-changing security landscape. Prior to the pandemic, remote work was on the rise, but COVID-19 accelerated that trend in ways no one had ever really considered. Remote work increases the attack surface available. The risk of data breaches and cyberattacks is greater when people work from remote locations.

 

Richard Schoeberk, PhD, program chair and director of graduate studies, criminology and homeland security at the University of Tennessee Southern, told Security magazine, “[The COVID-19] pandemic has generated a surge of security threats in a variety of industries—there will be no return to normalcy. Security and risk professionals alike must be prepared with a plan, but also be prepared to adapt it for the current situation.” 

 

Consider this scenario: A trusted employee, who has worked with the company for many years, and even has some privileged access, works remotely. But they get bored at home and begin working from the local Starbucks. Suddenly, the risk of cyberattack or credential theft, or other negative incidents, is far higher and it’s likely the employee isn’t even aware of that increased risk.

 

CSOs need to know where employees are working so that they can assess the safety of the work environment. Geolocation can mitigate some of the risks associated with remote work by verifying the location of users and devices prior to granting access. Using geofencing regionally, within a particular city or all the way down to the level of a street address is one way to make remote work more secure.

 

According to the Cybersecurity and Infrastructure Security Agency, “Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system.” One problem the agency specifically notes is a lack of sufficient controls in remote services.

 

Increasing regulations is another area where change is constant. With the introduction of laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Privacy Act (CCPA)—both of which require protection of personal data and transparency around how it’s collected, processed and stored—Jones thinks it’s likely that similar regulations will be passed in other locations. For the moment, some big companies pay fines for violating such regulations but Jones predicts a tipping point, where individuals may be held responsible for violations and data threats.

The Benefits of Including Geolocation in Your Security Strategy

Security is a never-ending investment of funds, time and training, but the payoff is customer trust and loyalty, compliance and good standing and even useful business insights. Adding geolocation to an existing security program makes it more robust and adds protections such as real-time monitoring and alerting, which is a form of advanced threat detection. Jones says that understanding whether an out-of-bounds activity is a minor infraction of company policy or a serious threat is one of the benefits of geolocation monitoring and alerting.

Defining Out-of-Bounds Activity

Out-of-bounds activity goes beyond geographical boundaries. Companies should also monitor:

 What time are systems accessed? Is it 2 a.m.? Is that typical for that specific user?

How frequently are systems accessed? Is there an abnormal amount of login attempts?

What specific parts of the system are accessed? Has sensitive company data been accessed?

How much data is being accessed? Is it more than usual?

This information helps enterprises identify unusual activity and defend against attacks as they evolve. Security teams can send alerts and create barriers when out-of-bounds activity is identified.

Geolocation provides comprehensive, customizable protection for an organization’s mainframe data and can be adjusted to meet the current needs. Perhaps a manufacturing company needs a particular level of protection now but expects to expand in a few years. Geolocation protections can be adjusted as circumstances and threat levels change.

 

Jones says adding geolocation to a security strategy is a way to improve its effectiveness. “Geolocation is and add-on to your current security stack,” he says. The advanced threat detection, real-time monitoring and alerting are additional tools to protect the most valuable asset in modern business: data.

Share this article