Reaching New Frontiers: Modernizing Mainframe Environments with Generative AI

IBM’s Rich Larin on how generative AI solutions address the need for efficiency in mainframe application modernization and fill in growing skills gaps

By John Morell

Is Your IBM Z Mainframe Ready for 2024’s Cyber Threats?

IBM Expert Technology Labs’ Didier André highlights the 5 core functions of the NIST Cybersecurity Framework—and how to bolster your cybersecurity strategy in 2024

By Didier André

Image created with Adobe Firefly

In a digital landscape full of ever-evolving cyber threats, data and infrastructure protection is paramount. For businesses relying on IBM Z mainframes, this challenge feels even more daunting as mainframe related documentation is scarce.

In 2021, I wrote that the threat of being hacked was still real a few years after IBM introduced pervasive encryption as a new layer of defense on IBM Z and LinuxONE. For example, adding encryption for data-at-rest kept privileged users from accessing sensitive information. Even so, breaches continued to happen.


Flash forward to today: the Identity Theft Resource Center (ITRC) just reported that 2023 was a new record year for data breaches, with a 72% increase over the previous high.

In 2023, ITRC reported


 data compromises with a total of 

—Identity Theft Resource Center

The message is clear: Businesses need a proactive approach to security in 2024.

Leveraging an existing and proven model—like the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which brings a prioritized, flexible, repeatable and cost-effective approach—is key.


Developed by the NIST, the Cybersecurity Framework is not a rigid set of rules, but rather a flexible framework offering best practices and recommendations. It empowers organizations of all sizes and industries to identify their unique cybersecurity risks, implement effective controls and continuously improve their security posture through five core functions:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover



These five core functions act as a roadmap for improving cybersecurity—and that includes the modern IBM Z mainframe world. If you are not sure how to protect your enterprise or your client’s assets, let’s explore how the NIST Cybersecurity Framework can be applied to improve your mainframe cybersecurity posture using readily available solutions. 


Understand your assets, systems and data—and the potential threats they face.

As a consultant for Technology Expert Labs (TEL), formerly IBM Systems Lab Services, I have been helping clients assess and improve their security posture. I have heard many times that the mainframe is "special" and does not need the same level of attention as other platforms because it is already "secure."  I even heard from a mainframe domain manager that mainframe did not require a security policy.


Many believe the myth that the mainframe is inherently secure. Here is the truth: The mainframe is not secure by itself, but it is one of the most securable platforms. 


To properly secure your mainframe, you must do your homework and identify your mainframe assets and how they interact in your enterprise ecosystem. Maybe your mainframe feels very secure, but what if another platform connecting to your IBM Z LPARs has weaknesses? You may be the next in the list to appear in the ITRC list of hacking victims.


The identify function involves identifying who is connecting to your infrastructure and how the traffic is encrypted.


Since version 2.3, z/OS has been equipped with zERT ( z/OS Encryption Readiness Technology). Enabling zERT allows you to identify who is connecting to your LPARs and which encryption algorithms are being used. If you plan to use stronger network encryption, zERT enables you to identify all connecting servers that will need to support this stronger network encryption ahead of time, avoiding unplanned outages. 


Since z/OS 2.4, zERT can also enforce a connection encryption policy to ensure that non-secure connections disclosing data or credentials are no longer permitted.


Defend against cyberattacks with safeguards like firewalls, intrusion detection systems, access controls and data encryption.

Data breaches seem to dominate headlines these days, and mainframes aren't immune. Some years ago, I worked with a “breached” z/OS client. Stolen credentials allowed unauthorized access—a situation multifactor authentication (MFA) could have prevented.


While specific security frameworks might not mandate MFA for your z/OS TSO users, it's not just a compliance checkmark. Consider the widespread adoption of 2FA across platforms and its impact on security. Adding this extra layer of defense could be your mainframe's last defense shield against cyber threats.


Think of it this way: even the strongest password can be compromised. But with MFA, even if someone steals your password, they still need that second factor (like a code from your phone) to gain access. It's like adding a padlock to your already locked door—an extra layer of security against unwanted intrusions.


And don’t forget about pervasive encryption, which is still relevant today. Using z/OS data set encryption brings another layer of security, ensuring that your most important assets—your data or your client’s data—are still safe, protected by a strong encryption algorithm even if a breach occurs. 


Set up systems to quickly identify and track suspicious activity in your network.

The world is changing, and the battle against hackers is no longer against humans only. The hacking world is rapidly adopting AI and adding new weapons to their arsenal, creating a new and escalating threat to your valuable assets.  Fighting against AI powered hacking requires a better response.


That's why fast threat detection is more crucial than ever. Security intelligence, monitoring and reporting should be your top priorities.


We're ahead of the curve with the AI-powered Telum processor in the z16. It's already being used to detect banking fraud in real time, and soon, it will be your shield against AI-wielding hackers.


But you don't have to wait for the future. Start by instrumenting your mainframe logs and implementing robust monitoring and analysis. There are many solutions to monitor z/OS security-related events and alert you of detected threats. Sending logs to a data analytics solution is also paramount to detect changes in trends. 


Even if you begin with non-AI solutions, be prepared to embrace the future. Exciting advancements in AI-powered mainframe security are right around the corner. 


Develop a plan to effectively respond to incidents, minimizing damage and restoring normal operations.

The respond function of the NIST Cybersecurity Framework emphasizes the importance of being prepared for cyber incidents. This includes having a response plan to:

  1. Quickly identify the source of a breach. Use your detection capabilities to pinpoint the attackers, entry point and affected systems.
  2. Seal the breach. Take immediate action to contain the incident and prevent further damage.
  3. Improve. Develop short-, mid- and long-term plans to rebuild your defenses and strengthen your security posture.


On the cryptography side, as a z/OS crypto expert, I'm surprised to see clients still using PPINIT (passphrase initialization) for master keys. This practice prevents key rotation after an incident and creates a single point of failure. Consider an option like the Trusted Key Entry (TKE) workstation for secure key management and rotation.


Put measures in place to resume normal operations after an incident and learn from the experience to improve future resilience.

You've built strong defenses—access controls, data encryption, the whole arsenal. But what if attackers bypass them, aiming not just for theft, but for complete data destruction? While robust backups are crucial (don’t forget the 3-2-1 rule), there's another layer of protection you can leverage: granular protection beyond the backups.

The 3-2-1 Rule

Follow the 3-2-1 rule when you back up your data.


Copies of your data 

(your production data and 2 backup copies)


Media types

(disk and tape/cloud)


Copy off-site
for disaster recovery

  • ‹ prev
  • next ›
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

Looking For Security and Compliance Solutions?

Start your search with TechChannel’s Solution Directory, home to hundreds of companies and products in a wide range of categories, including compliance and security.

Disk subsystems vendors offer solutions that create point-in-time snapshots, isolating your data from ongoing threats and enabling surgical recovery of specific datasets and when implemented, you can also upgrade them with additional analytics which elevates protection with continuous monitoring, detecting data corruption attempts in real-time and safeguarding your backups from manipulation.


By going beyond traditional backups, you gain powerful shields against data destruction attempts. Ensure business continuity, minimize damage, and face cyber threats with confidence and ultimately recover in case of any event.


Remember, security isn't a one-time fix; it's an ongoing journey. The NIST Framework can guide you toward a resilient and future-proof IBM Z mainframe using existing and incoming solutions. Don't wait for the next headline-grabbing breach—take action now.

Didier André
Didier André is Delivery Consultant for IBM Technology Expert Labs, with extensive experience in IBM Z security and cryptography. He works with IBM clients across a broad range of industries to help them improve their IBM Z security. 
Share this article
Share this article

Our sponsor Advanced Software Products Group, Inc. is a leader in data center software specializing in IBM Z security solutions.