While mainframes are often not connected to outside networks, it's still important to keep them secured — malicious employees who gain access to your mainframe can destroy or steal sensitive data. Unfortunately, many businesses fail to properly secure their mainframe systems, opening themselves up to disastrous consequences. This is exacerbated by the fact that z/OS mainframe security options often lag behind security options available for other devices such as desktops and smartphones. Thankfully, security solutions exist that can harden your mainframe security, one of which is multi-factor authentication. Here's why implementing multi-factor authentication software on your z/OS mainframe helps keep your crucial business data secure.
What's the Difference Between Single-Factor Authentication and Multi-Factor Authentication?
A single-factor authentication system requires only a username and password in order to access your z/OS mainframe. This poses a security risk to your company — a malicious employee that discovers a mainframe administrator's password will be able to steal all of the sensitive data contained in your mainframe.
With multi-factor authentication, users require an additional form of authentication along with the password tied to their account. There are a few options available for this additional form of authentication — a user may be required to enter a one-time PIN code sent to their smartphone when they access your mainframe or may be required to insert a secure USB key into their computer that contains an encrypted code personalized to that employee.
How Does Multi-Factor Authentication Secure Your z/OS Mainframe Against Unauthorized Employees?
Passwords are a relatively insecure form of authentication — employees may write them down on notes left at their desks or share passwords with each other. An employee who wants to steal sensitive data can also sometimes learn an administrator password by watching the administrator enter his or her password from afar. Once the password is known, all of the data on your mainframe is at risk.
If a malicious employee learns the password to an administrator account on your mainframe, they would still require this additional form of authentication in order to steal data from your servers. The sensitive data on your z/OS mainframe is more secure, since a single leaked administrator password won't result in your data being stolen or deleted. If an employee steals the other form of authentication, whether it's a smartphone or secure USB key, it would be entirely useless unless they also knew the password. By having two steps in the authentication process, you greatly cut down on the risk of unauthorized access to your mainframe.
In addition, multi-factor authentication also makes your z/OS mainframe more secure by leaving an audit trail. If a user tries to log in to an administrator account without the other requisite form of authentication, it can be noted in the server log and the associated account can be locked until your business can perform a full security review. Your business will be able to catch unauthorized users on your z/OS mainframe before they are able to do damage or steal sensitive data.
Upgrading your mainframe with z/OS multi-factor authentication software is a valuable step in securing the sensitive data it contains. In most cases, multi-factor authentication can easily integrate with your existing security configuration. To make your business more secure, contact a z/OS security software developer and inquire about implementing multi-factor authentication on your mainframe systems.