|Issue 2, 2013||Download pdf|
By Brian Johnson, Eaton Corporation and
Becky Albin, Chief IT Architect, Software AG
Security on IBM mainframe platforms, where many installations of Software AG’s Adabas and Natural reside, is considered robust. However, don’t be lulled into thinking the mainframe is invincible. More tools and applications are accessing and manipulating mainframe data for analysis, intelligence and real-time processing than ever before. Enterprise systems are also more interconnected than ever, putting your data at risk. Learn what best practices and tools are available to protect your Adabas-Natural environments from internal and external threats in our white paper: Secure Your Adabas-Natural Environment—Best Practices for Multi-Level Security.
Multi-Level Security Risks
The last few years have been a wakeup call for organizations to establish a comprehensive data security policy that addresses risks at multiple levels. Securing just the application is no longer good enough. Databases are now accessible from a multitude of applications through direct calls and desktop query tools such as Crystal Reports®, Microsoft® Excel® and Business Objects®.
Data is also constantly in flight between various applications, platforms and users, making it susceptible to interceptions. And as distributed development and processing has grown, so too has the need to control and audit internal staff, including those who have access to production, test and development data.
Your data security policy for your Adabas-Natural environment must occur on multiple levels to address:
- Data at rest
- Data in flight
- Application lifecycle
Analysts & Surveys Estimate That:
* 15% of attacks occur without the enterprise ever knowing an attack took place
* It takes only 30 seconds to steal your data
* 60 to 80% of breaches are internal
* 78% of global enterprises don’t have a database security plan
Data at Rest
Today there are many Adabas applications written in Natural or other languages that tap into the database, especially SQL and Direct Call applications. To protect your data, you must secure the database where the data resides. This not only includes the production database but anywhere the data is housed including development, test, training or archives. And don’t forget to include other non-Adabas databases or targets where data is replicated.
Adabas SAF Security and the Adabas Security utility (ADASCR) are ideal candidates for securing access and authorization to your Adabas data. Encrypting protects the sensitive files of the database should unauthorized access occur, while Data Masking for Adabas ensures that data replicated in development, test or training environments is altered in such a way to make sensitive information such as names, salaries, addresses, phone numbers, credit card numbers and account numbers unusable.
Once your data is no longer in use in an active production database, it’s time to move it off. Data Archiving for Adabas moves data off production and places historical data in a storage “vault”. There you can apply additional security protections depending on your archive platform.
Data in Flight
Because hackers are becoming increasingly sophisticated, standard database and application level security are simply not enough to protect your data. Data in flight (or in queue) is also at risk. Data moves between users, applications, platforms and the database in a multitude of ways, from integration servers, service buses, terminal emulation and client-server communications.
Securing user access to applications and data is complemented by ensuring that program functionality is not altered outside of documented business processes. Organizations that permit ad hoc updating of production data create risk of having unknown transactional updates or data access that bypasses all the usual controls. Best practices for complying with Sarbanes-Oxley (SOX) and other regulations include reviewing code migration policy and user access. This is best accomplished with a code migration tool that enforces implementation as well as centralized management of user access control.
Natural Security and Natural SAF Security enable you to protect your Natural environment against unauthorized access and improper use. The Adabas SQL Gateway provides additional security when opening your data up to desktop tools and applications. To ensure the integrity of your applications, Predict Application Control (PAC) controls Natural, COBOL, JCL and Assembler applications throughout the software development lifecycle.
Best Practice: Centralize on SAF-based repository
Use Adabas SAF Security, Natural SAF Security, Entire Net-work SAF Security and EntireX SAF Security to ensure all authentications are carried out against a central security repository where user-ids, passwords and encryption codes are stored.
As the volume of personal data grows across industries and the number of data attacks on enterprises continues to increase, organizations large and small are seeking best practices on how to protect their data.
At each level described above, there are some common best practices that demonstrate how you can:
- Centralize management of security policy
- Control user access and authentication
- Encrypt sensitive data
- Mask data in nonproduction environments
- Determine policy for record retention, archival & destruction
- Manage the Application Lifecycle
Learn in greater detail how to specifically address data security for Adabas-Natural environments for data at rest, data in flight and the managing the application lifecycle in our white paper: Secure Your Adabas-Natural Environment—Best Practices for Multi-Level Security.