Is the Mainframe Really All That Secure?
Everyone talks about how the mainframe, and specifically z/OS, is the most secure platform on the planet. This issue, we thought we'd take a closer look at this, and see if it really is true.
In our management article, we take a closer look at the Common Criterial EAL rating that is often quoted as an indicator of mainframe security. In particular, we look to see if EAL is a valid rating, and whether z/OS has ever achieved EAL 5+ (the results may surprise you).
In our technical article we take a look at mainframe security from the inside out, and discuss at the basic hardware design that provides much of the mainframe security, and how it relates to z/OS.
Finally, in our opinion article, we explain why we believe many z/OS sites are not as secure as they think.
We hope you enjoy this issue.
management: What is EAL, And Is It Any Use?
IBM Z mainframes are generally accepted as the most secure computing platform available. Many have used Common Criteria EAL rating of mainframes as evidence of this security. In particular, the fact that z/OS is the only computer system of its type to achieve an EAL5+ rating is put forward as proof that it is the most secure system. But what is EAL? Is it a valid measurement of computer security, and did z/OS really achieve EAL5+?
Spoiler alert: the answer to the last two questions is "no."
technical: Mainframe Security From the Inside
You hear a lot about IBM Z mainframes, and how they are the world's most secure platform. But why is this so? What makes IBM mainframes more secure than other computer systems - particularly as there are always new ones being created?
To me, the answer is simple: hardware-based privilege. Let me explain.
opinion: No, Your z/OS Isn't That Secure
As a young systems programmer, I was always in awe of the mainframe and its security. "The most secure system on the planet." I've used that phrase many times when talking to people of the mainframe, and why it's still relevant today.
In those days, I believed that statement. If you had z/OS, then your system was more secure than anything else in the machine room. But that's not necessarily true.