• Home
• Topics
• Application and Platform Security
• Virtualization Security Issues and Threats
• Is it more secure to have a mainframe or a collection of servers?

Is it more secure to have a mainframe or a collection of servers?

Requires Free Membership to View

Login



SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Interestingly, if you compare security based on the Common Criteria for Information Technology Security Evaluation (CC), both mainframe computers running Linux or IBM's z/OS system software and various versions of Microsoft's Windows 2003 server software have all been certified at Evaluation Assurance Level (EAL)-4+. (CC specifies seven levels of security from EAL-1 to EAL-7.)

Effective distributed security across a network of systems, which is what's necessary when running a collection of run-of-the-mill servers, is hard to achieve. As the number of machines increases, there's more to protect. A variety of tools – many of which often operate independently of each other – are needed, making it difficult for anyone to truly understand the overall security picture and be confident that security policies and procedures have been correctly implemented.

Mainframes, on the other hand, have the benefit of centralized management and auditing features. And, of course, there are no monthly security patches to be tested and rolled out. Viruses, too, are almost unheard of on mainframe computers because their architecture makes it virtually impossible for unauthorized programs to execute functions that could bypass security. Also, mainframe computer security tends to include additional access control functions, often due to their size and price, not commonly found on other types of computers. These include features such as verification of tape access, access control over printouts and the automated destruction of data when disk data sets are erased.

Alternatively, a server-based approach does offer benefits. A lower entry cost is an obvious one, and that leaves more money left over for security. Although the initial cost of acquiring distributed servers may be less than the cost of a mainframe, it may cost more in the long run to maintain them. Infrastructure and energy costs have become a big consideration now. Distributed systems require additional NICs, hubs, switches and routers to be used, all of which add to floor space, power consumption and heat dissipation costs.

One big trend in the market is virtualization. Although it's being adopted in server-based projects, the level of sophistication of mainframe virtualization capabilities is far more advanced. Also, the security implications of virtualization in a distributed environment are not yet fully understood.

Distributed computing is certainly here to stay, cloud computing being the latest incarnation. Advances in processors, virtualization technology, disk storage, broadband Internet access and fast, inexpensive servers can make it an attractive option. Organizations can pay for and use the services and storage that they need, when they need them. It's probably too early, though, to risk large-scale critical applications on such an untested platform against the tested scalability, resilience, recoverability and security offered by the mainframe. Having a mixed environment may be an option for your type of applications and workloads, but you're doubling the number of in-house skills you'll need to maintain the systems.

Still, if you're looking at a truly mission-critical, enterprise-size application, then a mainframe is probably the way to go. The recent smaller, cheaper mainframes paired with the Linux operating system also look like an attractive alternative to Unix on RISC or SPARC servers.

Dig Deeper

This was first published in February 2009

More from Related TechTarget Sites

• Security Channel
• Cloud Security
• SMB Security
• Financial Security
• Security UK
• Security AU
• Security IN

• Security Channel

  • Survey results: VARs report customers’ IT spending 2012 expectations

    VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.

  • Create a computer security blog to attract and retain customers

    Blogging can produce new leads for security solution providers. Focus on content in your computer security blog that connects with customers.

  • Penetration testing tutorial: Guidance for effective pen tests

    This penetration testing tutorial contains essential tips to help solution providers uncover vulnerabilities in clients’ networks.

• Cloud Security

  • Are cloud providers HIPAA business associates?

    Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.

  • SaaS security: Weighing SaaS encryption options

    A look at SaaS encryption techniques and challenges.

  • Panel debates cloud computing governance issues

    Problems with data governance in the cloud aren’t much different than traditional outsourcing.

• searchMidmarketSecurity

  • Windows Phone 7 security: Assessing WP7 security features

    Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.

  • Choosing the best security certifications for your career

    Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.

  • Midmarket security tutorials

    SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.

• searchFinancialSecurity

  • Web application threats: What you really need to know

    In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.

  • Ramnit worm variant now dangerous banking malware

    The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victim’s bank account.

  • SIEM vendors make the case for extending SIEM product capabilities

    Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions.

• Security UK

  • Study finds attacks slip past spotty patch management policies

    A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago.

  • Survey: Types of DDoS attacks on the rise due to hacktivist groups

    New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.

  • Web application vulnerability statistics show security losing ground

    New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.

• searchSecurityAU

  • AISA launches new website

    With a reinvigorated look and feel, improved back-end infrastructure, and regularly updated information about the association the Australian Information Security Association website has been re-launched for the benefit of its members and the Australian IT Security industry.

  • Cisco hardening guides for IOS, IOS-XR and NX-OS devices

    Patching routing and switching infrastructure in any organisation is often delayed, sometimes due to the potential impact on production systems and sometimes because the IT resources are simply too busy fighting fires.

  • Cloud providers and data sovereignty issues

    Australian cloud provider Ninefold warn that understanding who has legal access to company and personal private data is not as simple as checking a box and selecting the 'in-country' option.

• Information Security

  • Airtel’s DLP technology rollout makes data egress a thing of the past

    Airtel’s DLP technology implementation, India’s largest, went live in December 2010. Join us in exploring its inner workings, even as it is poised for bigger things.

  • February 2012 Patch Tuesday to address 21 vulnerabilities

    Microsoft plans to fix coding errors in Internet Explorer, .NET Silverlight and Microsoft Office.

  • IDFC’s information security awareness week tastes success with ‘Mr Gobo’

    Financial major IDFC set out to craft its information security awareness initiative with a portal that led users via a ‘Mafia don’s den’. Step in for more.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map