Five tips from Beta Systems on how to optimize your mainframe access management

There are various ways for IT managers to set up a simpler and more secure mainframe access management workflow. However, the associated measures should not be viewed as isolated items. On the contrary: It’s all about combining them in a suitable way.

  1. Regularly clean up your authorization structures.

Due to the complexities of operating RACF and lacking know-how, IT staff often shy away from deleting or restructuring access rights. This, in turn, leads to the buildup of ever more complex and opaque authorization structures over time. You should therefore have your system checked and cleaned up by an expert on a regular basis. Numerous companies, including Beta Systems, offer such a service.

  1. Implement monitoring tools that help you gain transparent structures.

Using software that monitors which access rights are being used actively, you can quickly identify which authorizations can be disabled and then deleted. While such monitoring solutions incur an initial investment, the resulting time savings during troubleshooting and, even more importantly, improved system security, make such an investment highly worthwhile.

  1. Build internal authorization management know-how.

Given the lack of skilled professionals, some companies might consider outsourcing their authorization management to an external service provider. Yet even if they do so, this does not mean they can simply forget about this whole topic. A service provider can only operate a system that has been cleaned up adequately, so the company has to take care of this in any case. Moreover, as a service provider is not familiar with the client’s internal structures, close cooperation is of the essence. You should also consider the security risk that can result from handing over a task as sensitive as protecting your own resources to an external party. You also need to be aware that your company remains responsible for your authorization management, no matter where it is taking place. Therefore, define clear responsibilities and build strong know-how in this area.

  1. Replace home-grown interfaces with a standardized solution.

RACF administration solutions must be able to quickly adapt to changing conditions. This tends to be a difficult task when dealing with self-coded interfaces once the original coders have left the company. Standardized solutions present a good way to prevent loss of knowledge. Before you decide on a product, you should ensure that the provider will support and update the system over the long term.

  1. Regularly perform RACF audits.

RACF should be subjected to ongoing monitoring in order to uncover weak spots: Is the system still able to detect IT risks in due time? Are there implementation errors that may compromise security? To ensure that you cover the whole range of potential error sources, you should adopt an audit guideline that observes the BSI list of basic security measures. The guideline describes the procedures and scope of an RACF audit in detail. In general, the audit should focus both on the configuration of the RACF security settings as well as on the logged events that may indicate potential attacks/risks.

Specialized software solutions can significantly simplify and speed up the audit process, resulting in savings of up to 50 percent. Companies still need to be aware that it takes more than simply installing such a software tool. Human specialists still need to evaluate the identified risks, which is why a combination of tools and consulting is generally the best course of action.

For further information about access management in the digital age, get the free guide “The Future-Proof Mainframe” at http://decrease-racf-administration-costs.betasystems-dci.com/

Veröffentlicht am: 14. Dezember 2017
Kategorie: Software