* According to Gartner, five billion lines of new COBOL code are being written every year.
* According to IDC, there are more than 850,000 COBOL developers.
* According to Gartner, worldwide IT service industry revenue will grow at a 6 percent compound annual growth rate through 2009 to reach $796.8 billion.
A case when mainframe is being broken into...
When a Midwestern-based retailer began seeing a dramatic rise in phishing scams among its customers, they became concerned that someone had gained unauthorized access into their customer relationship system. The organization immediately called in a forensics investigation team to determine whether the increase in phishing scams was just an odd coincidence or the result of a mainframe security compromise. A review of the cursory information against mainframe data sources revealed a direct correlation among more than 70 percent of the organization’s customers. The sensitive customer information used to facilitate the phishing scams actually resided on the mainframe.
Using an SQL injection exploit against one of the perimeter Web servers, the intruder devised a pathway directly into the trusted internal network where the mainframe resided. With
no IDS and minimal host-based logging enabled on or around the mainframe, the intruder installed several network sniffer programs on the administrator workstations. Within a week, the intruder captured the administrative login credentials with the sniffer, thus gaining privileged access to the mainframe.
The compromise actually spanned far more data than originally suspected, encompassing customer information such as names, e-mail addresses and credit/debit card data. The hacker used the compromised credit/debit information combined with the account holder’s contact information to impersonate their bank to gain social security numbers and pursue identity theft. While the initial intrusion vector was linked to a perimeter Web server, a lack of security controls surrounding the mainframe could have limited the exposure of private customer data.
Having learned its lesson the hard way, the retailer hardened its infrastructure and now performs regular vulnerability assessments of the mainframe and surrounding environment.
Mainframe Authorize Program Facility
30 years ago, IBM introduced the Authorized Program Facility (APF) and storage protection keys in both hardware and software. Combined, these facilities have provided a level of compartmentalization that enables multiple workloads to run together and maintain a level of system integrity. When used in combination with the Recovery/Termination manager and Workload Manager, z/OS can achieve and maintain high levels of processor utilization with less fear of impact to differing workloads. In turn, this can reduce the number of full-time employees necessary to manage an enterprise and reduce the amount of servers necessary to operate, which in turn improves mean time before failure, more efficient use of floor space, environmentals, etc. These services have been built into mainframes and middleware for many years, as IBM has taken a holistic design approach across both hardware and software to provide distinguishing operational characteristics on the mainframe.
