Why the Mainframe is the Opposite of Legacy Tech


It’s clear that the mainframe is an essential component of a multi-cloud strategy and a key driver of enterprise-wide security and business continuity.

The death of the mainframe is an exaggeration. Even today, mainframe sales continue to rise, and mainframe use has increased despite IT leaders and the media writing it off as outdated legacy tech.

This stigma continues to proliferate as more enterprises invest in newer, cloud-based environments that promise superior levels of scalability and innovation. While the cloud is an essential part of any digital transformation journey, it isn’t a catch-all solution for all an organization’s IT needs.

Instead of picking one over the other — cloud or mainframe — organizations must invest in a strategy that combines the strengths of both technologies to meet changing business needs. To navigate this transition, organizations also need to enlist the help of a mainframe architect to ensure new mainframe offerings remain secure and compliant.

See also: API Management: The Key to Modernizing Legacy IT Systems

Mainframes are quietly keeping our data secure

Although cloud technologies receive most of the headlines nowadays, the mainframe is the primary architecture that keeps much of our sensitive information safe. Mainframes offer unparalleled integrity and security capabilities that protect mission-critical applications better than most cloud environments.

Mainframes have fewer exploitable endpoints than the cloud, which is especially useful in industries like financial services and healthcare that run operations 24/7, 365 days a year, at a massive scale. For companies in these industries, even a minor leak can disrupt their customers’ lives and put sensitive data at risk. But mainframes are well-equipped to handle large volumes of data securely.

With that said, many IT leaders continue to overlook the mainframe in their digital transformation journeys, seeing it as part of the old guard of legacy technology solutions that need to be phased out. But remember, mainframe technology has persevered for a reason. Mainframes are a vital component of most modern IT setups and enable organizations across industries to facilitate daily transactions and operations.

Mainframes and cloud technology — partners, not rivals

Your IT team shouldn’t feel like they have to choose between mainframes and cloud computing. Instead, they must recognize that both options offer distinct advantages and that successful integration of these options comes from understanding your unique business and security needs.

For example, banks need to handle millions of transactions every day from countless locations around the world. Within the mainframe, IT staff manages thousands of applications from a centralized location. As a result, mainframes are standard in the financial industry. But your company may not have these same needs. Be aware of compliance requirements, then take stock of your applications and consider which storage architecture option is best suited for each. Remember that (in general) mission-critical apps are a better fit on mainframes, while apps that require high levels of collaboration and visibility are best suited for the cloud.  

Implementing a mainframe comes at a steep initial cost, so this evaluation period is necessary to ensure you don’t commit resources to a solution that doesn’t align with your organization’s needs.

One common misconception surrounding mainframes is that they are inherently secure with little to no upkeep needed. While it’s true that mainframes are among the most secure storage options, like any platform, they’re vulnerable to security breaches if you’re complacent. If you’ve decided that a mainframe is right for your organization, consider enlisting the help of a mainframe security architect to lead the way.

The importance of the mainframe architect

A mainframe expert (or architect) provides unbiased analysis to the IT operations team on how the organization should roll out features and applications on the mainframe. Think of the mainframe expert as the security filter for the innovations the rest of the organization comes up with. For example, when financial institutions began to give customers the option to deposit checks via their mobile phones, a mainframe expert was working behind the scenes to ensure they could execute this feature safely.

Consider these best practices when evaluating the role of the mainframe architect:

  • Experts should maintain accountability around access credentials. One of the biggest benefits of the mainframe is first-class visibility into who’s interacting with hosted applications and data. This means that as new applications enter the mainframe, organizations need to be aware of the who, what, when, where, and why of what’s happening in the environment. Operations employees don’t have the time or expertise to manage these credentials for the whole organization, which is where an experienced mainframe architect comes in handy.
  • Mainframe architects should balance organizational goals and compliance requirements. While mainframe architects have a specific area of expertise, they should still keep organizational goals top of mind. They need to always consider the delicate balance between continuously innovating and modernizing their applications and the compliance requirements these innovations have to abide by (i.e., HIPAA, PCI DSS, and NIST guidelines).
  • Keep architects in the loop. Mainframe architects can only do their job successfully if they’re kept in the loop about changes to new or existing apps. It’s quite common for ops teams to only bring in their architect for a quality check after many of the security decisions have been made, and the application is about to launch. This either results in delays to the product launch to make necessary security changes or leads to unforeseen risks down the line that could have been avoided. Instead, the mainframe architect should be involved from day one to ensure new applications are built with a secure foundation.

The mainframe is essential for modern enterprises

It’s clear that the mainframe isn’t a technology of the past — it’s an essential component of a multi-cloud strategy and a key driver of enterprise-wide security and business continuity. To get the most out of the mainframe, businesses need to recognize the importance of having a dedicated mainframe architect on their side, one who can guide projects to completion while keeping them secure and compliant.

Ray Overby

About Ray Overby

Ray Overby is co-founder and Chief Technology Officer at KRI Security, a software and security services firm specializing in mainframe security, where he heads the technical team. Drawing on more than 30 years of experience with IBM z Systems, he is an expert in mainframe security, risk, and compliance. He has consulted with various government and multinational clients on information system security, enterprise security management and design, policy review, penetration testing, technical configuration evaluation, security procedures, and disaster recovery/business continuity planning. For the past decade, he has provided software and consulting services to Fortune 500 institutions focused on z/OS environment code-based vulnerability assessments.

Leave a Reply

Your email address will not be published. Required fields are marked *