1. How well does it protect sensitive data?
Mainframe computers provide for complete protection of all data from unauthorized reading and writing. If you want a measurable standard of how good the security of a given computer is, you probably want to know how it scores on the Common Criteria, a set of standards supported by the International Standards Organization (ISO). They specify seven levels of security from Evaluation Assurance Level (EAL)-1 up to EAL-7. A computer system is granted an EAL certification only after rigorous independent testing. Levels EAL-1 to EAL-4 apply to commercial installations. Levels EAL-5 and higher are much more formal and are granted only after certification by the National Security Agency (NSA).
Mainframe computers with z/OS system software have been certified at EAL-4+. Mainframes with VM system software have been certified at EAL-3+. With Linux system software, mainframes have been certified at EAL-4+.
Mainframe computers are usually kept behind locked doors in a secure data center. This physical security provides a “secure zone,” and within that zone, the mainframe security software permits only authorized users to access data. Outside the security of the data center, access to data is restricted by means of encryption. Whether the data is sent over a network or shipped on a tape cartridge, encryption can prevent unauthorized data access. You’ve probably read f companies whose computer tapes containing sensitive data were stolen off delivery trucks. In cases where the data on the tapes had been encrypted, the loss was minimal.
Mainframe computer security provides several additional access control functions not commonly found on other types of computers. These include verification of tape access by means of tape labels, access control over printouts before they’re printed, and automated obliteration of data when disk data sets are erased.
Because of its large size and standardized processes, the mainframe can be said to offer more functions and more comprehensive protection of computerized data than most computing platforms.
Windows computers have received a Common Criteria rating of EAL-4+, the same as mainframes with the z/OS operating system. Unix computer ratings vary with the brand of Unix, but mainframes with Linux also have been rated EAL-4+.
Mainframes can provide more security functions than Windows or Unix, such as the tape and printout protection previously described, because of their greater processing power. Unlike mainframes, Windows and Unix systems aren’t always housed in locked data centers with strong physical security.
For any computer system you’re considering, ask how it ranks on the Common Criteria, which provides a consistent, independent evaluation of a given computer’s security. Also, ensure that your staff encrypts all sensitive data leaving your data center.
No comments:
Post a Comment
Please Provide your feedback here