IBM Boosts Mainframe Security
IBM last week unveiled a new release of its mainframe operating system -- the z/OS -- adding features that increase the software's already fortress-like security for online commerce as well as the next generation of highly secure business transactions. IBM also announced new mainframe software that automates security administration and audit processes.
"Originally designed to be shared by thousands of users, the IBM mainframe has security built into nearly every level of the computer -- from the processor level, to the operating system to the application level," said Jim Porell, Distinguished Engineer and System z Chief Architect. "Our security leadership is one of the many reasons why the world's top banks rely on the IBM mainframe for their financial transactions."
For companies running "thousands" of transactions that require identity validation and lightning fast communications from countless customers and unknown parties, the new IBM z/OS is designed to deliver the following:
• Improved network security policy management -- making it easier to set
network security policy across multiple instances of z/OS mainframe
operating systems. Administrators only need to define one centralized
policy to enforce network encryption rules and intrusion detection for all
z/OS systems within an enterprise -- including distributed systems
attempting communication with z/OS systems.
• Enhanced Public Key Infrastructure (PKI) services to help improve the
creation, authentication, renewal, and management of digital certificates
for user and device authentication. By managing digital certificates
directly through their z/OS mainframe, customers can potentially see
substantial savings compared to the cost of third party hosting. This
capability is essential in creating the digital certificates for buyers and
sellers to conduct secure business transactions online. z/OS's PKI can be
used for many important tasks, such as securing a wireless network
infrastructure using WPA security, exploiting smartcard technology on
credit and cash cards and securing the end nodes of a Virtual Private
Network that might be hosting Point of Sale or ATM communications traffic.
• Adoption of the popular security standard, PKCS #11, which specifies
an application programming interface for devices that hold cryptographic
information and perform cryptographic functions. These functions are now
provided on z/OS to help host applications that utilize this standard onto
z/OS to take advantage of the centralized key storage provided by z/OS.
Additional enhancements include more robust scalability and availability for clustered environments, improved economics via expanded use of specialty engines, simplified management for network diagnosis, among others. For details, log on to http://www-03.ibm.com/servers/eserver/zseries/zos/.