Global Enterprises considering the modernization of their mainframe applications need to be confident that a Cloud based deployment can provide the same, or better, level of security. Mainframe systems have a reputation for being secure and the Enterprises that use them, trust them to protect the Intellectual Property contained in their applications and their customer’s data.
Because security is a multi-faceted challenge, it needs to be considered through different lenses, for example:
- Authentication – controlling how the users gain access to the applications, historically with a simple username and password but increasingly using multi factor authentication to provide additional security.
- Access Control – managing what functions and tasks a user can access perform within the system to prevent unauthorised access to applications and data.
- Data Security – ensuring that data at rest and in motion is protected and is not accessible as “clear text” if it is accessed by an unauthorised user.
For mainframe applications that have been modernised through replatforming to run in the Cloud, Enterprise Server offers a comprehensive approach to security covering Authentication, Access Control and Data Security. This means that applications deployed to the Cloud using Enterprise Server are just as secure as they were on the mainframe.
These security capabilities can be further extended using other Micro Focus Products including; Host Access Management and Security Server and Voltage SecureData Enterprise. Both are solutions that can also improve your application and data security for business systems that are still deployed to the mainframe.
The same is true for our browser based Host Access for the Cloud, an industry leading solution that delivers secure, zero footprint access to host applications. The applications can be deployed on premises or in the cloud and hosted by Enterprise Server or the mainframe. Using Host Access for the Cloud improves security because native 3270 data is not transmitted across the web. In 8.0 we have included a restricted license version of Host Access for the Cloud with Enterprise Developer alongside Rumba. And, for the first time, 3270 access is available with Enterprise Server with Host Access for the Cloud licensed for use by operations and administration staff to support their job function.
Focusing on security in our Enterprise Server solution, as with previous versions, we have further enhanced the security capabilities by extending existing capabilities and adding new ones.
For securing data in transit and end points using TLS we no longer support TLS 1.1 “out of the box”. With 8.0 by default we only support TLS 1.2 and 1.3. Allowing the use of TLS 1.1 is frequently raised as an issue by penetration testing because it is seen as a security weakness. TLS 1.1 support can be enabled, if for example it is required to support connectivity with older systems, but given the accepted weaknesses of TLS 1.1, we would recommend that this is avoided if possible.
To further enhance the way that internal passwords are managed we have enhanced our Vault to support the AWS Secrets Manager and Hashicorp to store your passwords. Customers who do not use AWS Secrets Manager or Hashicorp can use the default Enterprise Server Vault which is stored locally. We have also improved the way that passwords, and other sensitive data, are managed in memory to reduce their exposure.
To help you navigate the security options available within Enterprise Server, in 8.0 we have included a new Enterprise Server Hardening Guide. This is a really powerful addition to the product and will really help customers to optimise their security implementation.
Developed from the previous informal guides and drawing on the experience of our security experts, the Hardening Guide is a collection of advice and guidelines to help you secure Enterprise Server once you have the system installed. The guide provides details of product features and configuration options and includes details of systems administration tasks, for example setting file and process permissions, that can enhance your system’s security. The guide balances details of general concepts and theories with some specific recommendations.
To get the most value from the guide you do need to have a good understanding of security and the guide is not intended to replace the skills and knowledge of a security specialist. It is also worth mentioning that, due to the differences that exist between deployments, the guide is not a step by step guide to securing your system. But, when combined with the knowledge of your local security experts it will help you create a secure Enterprise Server environment for your replatformed mainframe applications.
If you are currently running an older version of Enterprise Server you will still find a lot of really useful content in the guide and I would definitely recommend that you take a look at the content to see whether you can make your system even more secure.
It is often said that securing a system is a journey and not a destination and from an Enterprise Server perspective you can expect to see us make further improvements with every release. If you want to know more, the Enterprise Suite 8.0 Launch Webinar has details of the security and other improvements in our latest release. For full product details, or to request a trial, please visit the Enterprise Server web page.