What gets you up in the morning? What motivates you, and puts a spring in your step? For me, in the mainframe world, it’s about helping people to achieve more in their day-to-day work. Through better and more secure infrastructure. Through targeted support where and when it’s needed most. Through expert managed services, and DevOps to create and share new value, and so on.
It’s that desire to make a difference, or at least try to, and especially when it comes to helping people to secure their systems. And, increasingly, I think we’re having a real impact.
I’ve written before about a sense of complacency when it comes to the risks faced and the realities involved in securing the mainframe. In other quarters, meanwhile, the image of mainframes still persists as a set of clunky, complicated and hard-to-learn technologies. But the world is changed and new paradigms are developing. Changed attitudes, new directions, are a positive side-effect of the COVID-19 crisis, which has undoubtedly increased the appetite for digital transformation and created a “rush to innovate”.
I’ve never really subscribed to “necessity is the mother of invention” but it is clear from history that times of crisis foster innovation and accelerate development. For instance, the Long Depression of the late 19th century brought the lightbulb, modern steam turbine and refrigeration. The carnage of the First World War also led to synthetic rubber, blood banks, the modern zip fastener and more. Innovations from the Second World War include super glue, modern computing, mass-produced antibiotics. We may be on the cusp of a new age of ideas.
Despite the devastating impacts of the pandemic in many areas, new ideas and fresh thinking are also emerging. Digital transformation requires innovation and, in turn, spawns new innovation, enabling new products and services to emerge. The mainframe as a hub for innovation is something we’re increasingly seeing in the field, with a renewed desire to secure, modernize and optimize the platform.
My team recently performed Penetration Tests and Security Assessments for a handful of organizations that, it seems, have been taking mainframe security and operations seriously for the last few years. For the first time in our team’s history, we are starting to see systems that are well set up, well-structured, and well secured, and that organizations have the right people, processes and skills in place. It’s great to see. The only ‘downside’ is that the more the situation improves, the more calls I’ll get from frustrated colleagues saying “Mark, we can’t find anything… where can we look next? Help us out here, we can’t get in!” The more calls like that, the better.
Of course, two or three out of all mainframe sites in the world isn’t enough, but it’s a start. Great oaks from little acorns grow, and all that. I truly believe we’re starting to make a real difference. If an organization has the will and/or demand to put their own house in order then it’s (almost always) never too late. Five steps can make a big difference.
First, you need to understand your current security posture. It may be strong (like the organizations we are starting to see) but chances are, there will be room for improvements. Properly understanding where you are today is typically done via a penetration test or security assessment by experts, and ideally the latter to get the full picture.
Once you know that, the second step is to understand where you want to be. This is about your direction of travel as a mainframe house and your role as a service provider; what you need to do, and your aspirations for the future. For example, do you want to be that emerging hub for innovation, supporting different aspects of the organization as its transformation continues and new digital products and services are required? Is your core role as the undisputed transactional and storage powerhouse of the data center? Do you want to be both–or perhaps something even more?
Third, once you know where you are now and where you want to be, you can start to build your plan, your roadmap to getting there. What expertise and resources will you need? Is your current headcount enough or do you need to look outside the business and, if so, where? What targets and milestones will you set, to ensure consistent progress towards your goals? How will you measure success?
Fourth, it’s time to execute the plan. Depending on what you need to so, and the resources available, this is often another point where external partners are called in; people with the additional skills and resources required to help you get from A to B and (at some point) Z in faster and more focused ways.
And fifth, you need to check, test and assess what you have done, closing the loop. Strong foundations are essential but the work itself never ends, making continuous improvements as and when they are needed, to stay on track and keep pace with new and evolving business demands.
Of course, all of that is easier said than done. But the sooner we start, the sooner we can reap the benefits.