The rhetoric surrounding mainframes and their uses in modern enterprises tends to be largely negative. Mainframes are seen by many as outdated legacy IT systems that are, or will be, obsolete in the near future as businesses increasingly move to the cloud.
However, these notions are one-sided. The reality is that mainframe computing remains alive and well within many infrastructure-critical industries, including some of the largest organizations in the world. It’s reported that 71 percent of Fortune 500 companies still run much of their core business on a mainframe. And for a number of reasons, reliance on these “legacy” IT systems remains particularly strong in the financial services sector, with 92 percent of the top 100 banks continuing to use mainframe computing.
The primary reason mainframes remain a critical part of financial enterprise data centers is due to the considerable processing power they possess.74 percent of IT professionals say the use of mainframe computing is very important for large-scale transaction processing on mission-critical applications. This is important because banks need to be able to process high volumes of transactions quickly and accurately tin order o track and report on the movement of often highly volatile financial accounts. Additionally, mainframes perform analytics on marketplace and user trends, provide mobile and cloud support, and monitor for signs of fraudulent activity.
As consumers increasingly perform financial transactions such as deposits, and transfers from their mobile devices, the processing power, terabytes of RAM, and limited downtime provided by mainframes are necessary to properly execute and store the high volume of requests and data received.
Security and compliance are also key factors contributing to the continuing use of mainframes in financial services. These machines have long been considered impregnable data storage centers because of how isolated they have traditionally been from outside threats, as they historically were not exposed to external traffic. This isolation has also been beneficial for compliance – especially PCI compliance – as data has been stored in one isolated location within the protected network.
However, this is beginning to change as mobile web applications and IoT functionality become increasingly necessary to competitive consumer offerings from banks and other financial institutions. Digital transformation, mobile device use, and the IoT have given way to the connected mainframe. This includes mainframes integrated with mobile applications, APIs, and other modifiers to give consumers increased access to their data. Moving forward, as applications continue to gain increased access to mainframes and their data, financial services firms will have to incorporate further security measures at the application layer in order to ensure that vulnerabilities exploited by internet and application-based attacks are mitigated.
Today, there are a couple of core cyber threats that use applications as their attack vector to gain network and data center access.
Financial services firms have to implement security controls that go beyond the signature-based detection of firewalls to protect themselves from advanced persistent threats at the application layer and beyond, while securing confidential business and consumer information stored on mainframes. These security controls include web application firewalls, DDoS attack mitigation appliances, and encryption with advanced application delivery controllers (ADCs). Fortinet offers comprehensive Application Security to ensure data center and mainframe protection from internet-based attacks at the application layer as well as from advanced threats that utilize multi-vector attacks and advanced detection evasion techniques.
Each of these components of Fortinet’s Application Protection suite can be fully integrated into the Fortinet Security Fabric to provide end-to-end protection across your applications and network. With the Security Fabric in place, these application layer security controls share security updates with each other in real-time while receiving the latest threat intelligence from FortiGuard Labs to provide effective protection against the newest application layer attacks and advanced persistent threats. In addition, integration within the Security Fabric provides actionable insights through automated tools, single pane of glass management, and simplified scalability.
Mainframes have proven themselves to be a critical technology for financial services organizations due to their unparalleled processing power, and for the time being, they are here to stay. However, as networks continue to evolve though their digital transformation efforts, these platforms are becoming increasingly connected, meaning they are no longer isolated from internet-based attacks. As a result, threats that were once common only for traditional web applications are now becoming common for mainframes and data centers as well.
In order to continue to evolve technology to meet consumer demands while also maintaining data security and compliance, financial services firms need to adopt robust application security in order to protect valuable data stored on their connected mainframes.