"Encrypting data on a mainframe is difficult, for example."
No, it's not. This assertion is factually incorrect and even dangerous. Of all the recent security breaches, apparently none of them have had anything whatsoever to do with mainframes. It's other systems that have been compromised.
Re: TJX breach may spur greater adoption of credit card security standards.
Mainframes have had data encryption capabilities since the 1970s. (IBM invented DES, remember.) Mainframes are unique: all of them ship with crypto hardware as a standard feature. They support SSL/TLS at the highest handshake rates in the industry and can encrypt every network transmission including MQ, application layer SSL/TLS, IPSec, and even SNA encryption (if you're not yet using TCP/IP for everything). They can encrypt data at rest on disk and tape using a wide variety of products (IBM Encryption Facility, DB2 V8 and V9, IBM Data Encryption for IMS and DB2 Databases, IBM TS1120 encrypting tape drives, etc.), include complete PKI features as a standard part of the operating system, use key-protected memory, and have pervasive strong authentication and authorization of every system activity. There's intrusion detection and prevention, denial of service hardening, firewall features....
If a mainframe shop hasn't implemented any of these features, available in many cases for literally decades, it's through simple human negligence. And people who say otherwise are just making excuses or are simply uninformed.
The world would be a lot safer if our financial transactions relied exclusively on IBM mainframes, and many businesses are rushing to do exactly that.
Latest software headlines from Network World:
Virtual healthcare system makes house calls
Two years on, Microsoft and Novell extend partnership
Google solves long Gmail outage, but questions remain
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
What?
The guy has no clue. As the first responded stated, IBM mainframes have had the ability to encrypt data for a long time.
The company I work for is attempting to become PCI complaint. We have to work with over 150 different companies to get data transfers to and from our systems PCI compliant, a pair of IBM mainframes.
The first companies we got to converted to PCI compliant transfers were sending/receiving data from/to mainframes. In fact most of them were already PCI compliant.
All of the distributed based companies were (and still are) saying that we have to wait. They are not ready and some of them won't be ready for a year or two.
We have one company that provides processing services for a major credit card company. They are listed as being PCI certified, but yet they receive plain text transfer from us over the Internet. They run a distributed platform and just now (after two years into this project) are ready to start working on converting to PCI compliant data transfers.
Did I miss something?
Where has it been published that the data was on a mainframe? In fact I do beleive that the recent compromises have all invloved non-mainframe systems.
Encryption may not have prevented anyway. If the person was authorized to install, unauthroized, software and have access to the data, then most likely they would have been authroized to decrypt the data if it was encrypted.