Mainframe shops favor a single authentication system

Apr 09, 2020

79% of mainframe professionals say relying solely on password authentication is risky


While 74% want stronger protection such as multi-factor authentication (MFA), 40% of mainframe professionals say separate sign-on and authentication systems for the mainframe and other platforms make deploying MFA more challenging.

IBM mainframe customers would prefer a single unified authentication system that lets users securely access both mainframe and non-mainframe applications, a new survey suggests. As well as improving the user experience, the research indicates this would encourage more mainframe customers to move away from relying solely on passwords in favor of stronger protection such as multi-factor authentication (MFA). Mainframe professionals also recognize that it is easier and more cost effective to deploy the same MFA solution across mainframe and other environments such as Microsoft Windows.

In the survey of 80 mainframe professionals by Macro 4, a division of UNICOM® Global, 83 per cent of respondents said that logging into multiple systems separately using different authentication methods wastes time, while 78 per cent admit it is too easy for users to forget or confuse login credentials if they have several to remember. 63 per cent said supporting multiple authentication systems ties up IT resources.

At the same time, 40 per cent of survey participants suggested that having separate authentication solutions for mainframe and non-mainframe environments within the enterprise is a disadvantage because it makes deploying MFA more challenging. Most mainframe customers still rely solely on password protection, but recognize that an MFA solution – which uses two or more security tests or ‘factors’, such as a randomized PIN or a fingerprint scan – would help them strengthen access security.

“Most mainframe professionals today are aware that they need stronger authentication to protect access to sensitive information. Passwords are just too easy for hackers to steal or crack. By adding extra factors, MFA makes the hacker’s job harder,” said Keith Banham, Mainframe Research and Development Manager at Macro 4.

“79 per cent of our survey sample said relying on passwords alone for authentication is a risky strategy and 74 per cent believe that increases in remote working and mobile devices mean there’s a greater need for stronger authentication such as MFA. 55 per cent recognize that in order to comply with regulations such as GDPR or PCI DSS, organizations that manage sensitive data should implement MFA. Despite the obvious need, uptake has been slow and the problems associated with rolling out separate MFA systems on different platforms is an important contributing factor.”

“If you are deploying separate MFA systems on a number of platforms, you have to invest in additional MFA software and hardware and the IT team has to support multiple systems which is preventing wider adoption. On top of that, having several different systems means you risk a backlash from end users because they are forced to remember multiple authentication credentials and processes,” said Banham.

In Macro 4’s research, only 27 per cent of participants had already adopted MFA to protect access to mainframe applications, compared with 42 per cent who had implemented MFA on their Windows and other non-mainframe applications. Just 15 per cent use MFA in both mainframe and non-mainframe environments, despite more than two thirds (67 per cent) believing that an integrated security strategy covering both mainframe and non-mainframe platforms is the ideal scenario.

36 per cent of the sample said their organization had not deployed MFA at all, while 12 per cent had deployed it only in their mainframe environments.

“Whenever we have a conversation with mainframe customers who are thinking about introducing MFA, there’s always someone in the room who says, ‘we already use MFA on our Windows systems, why can’t we just use that?’,” explained Banham. “So, it’s really no surprise that 39 per cent of those who took part in our survey believe that MFA is more likely to be deployed if the same system can be used for both mainframe and non-mainframe environments.”

“If you combine security for both the mainframe and Windows, it can give you access to many more advanced security options,” said Banham. “With Windows based single sign-on, the user only needs to log on and authenticate once via their normal Windows logon. This means they can take advantage of additional authentication that has already been put in place at the Windows logon level, and they do not have to worry about the same capabilities being available and supported directly on the mainframe.”

Macro 4 believes that organizations will benefit from adopting a more integrated security strategy involving the mainframe, together with other platforms within the enterprise:

“It makes much more sense to choose ‘best of breed’ security and do it once, rather than reinventing everything for each new platform. That’s why we are developing a solution – the UNICOM® Universal Gateway – that provides a single sign-on facility to control access to applications on the mainframe and other IT platforms throughout the enterprise. It will greatly simplify the user experience and will make it possible to deploy one MFA solution across the board,” said Banham.

The survey findings support the overall conclusion that mainframe professionals are well aware of the risks of relying solely on password protection and understand the need to adopt MFA to strengthen security on the platform, but there are still few organizations that have fully embraced it.

Macro 4 polled 80 mainframe professionals at the annual GSE UK Conference in November 2019. An infographic highlighting the results of the survey can be found here.