Issue 6 2022

Premium Mainframe Security Bsecure is a mainframe and security company headquartered in Spain, specialising in the marketing of security solutions and services for mainframe architectures and z/OS operating systems. It is one of the few firms that focus on all the security and audit elements of the IBM mainframe architecture and is a leader in such a specific niche. Having earned the title of Best Mainframe Security Services Provider 2022 – Spain in this issue of Corporate Vision magazine, we learn more about the company. Bsecure was born in 2006 in an environment where mainframes were becoming more powerful, and there was a significant shortage of professionals capable of managing them. The company is formed by experts who have made their professional careers providing professional services and supporting software solutions in the most prominent local and international corporations for dozens of years. 46% of large international corporations with more than 10,000 employees use mainframes to manage critical business data. This fact means that the typical clients of Bsecure are large corporations with complex business processes that need to make a tremendous amount of data available to their employees and clients in the shortest possible time. They are customers with a high demand for protecting critical data managed by these infrastructures. These companies are subject to continuously passing technological security audits (GDPR, SOX, GLBH, HIPAA, PCI, SOLVENCY II, BASEL III, ISO 27001, and so on) to certify their level of compliance with the demanding regulatory standards. This mainly measures two fundamental aspects: the operational risk produced by using mainframe technology in the business and third-party data protection. Until the advent of the Bsecure DataPASS service, mainframe security meant many millions of dollars in software licenses and hiring numerous highly paid, highly knowledgeable, and experienced specialists. These motives are where Bsecure stands out from the few specialised vendors left in the mainframe industry. Bsecure’s leading service lies in providing the appropriate data to correctly pass all these audits regardless of the type of software the client may have, while taking the complexities out of it. Bsecure provides the means to secure data in mainframe infrastructures through specific technical knowledge and, above all, experience in the different disciplines, including security, auditing, storage, systems management, and communications. In an industry such as IT, in which the lack of professionals is a critical problem, the sector of large IBM mainframes suffers tenfold. New professionals see mainframes as an old and obsolete technology, and very few even come close to it. By considering that mainframes manage 70% of the critical data in the world, the seriousness of this problem could be realised. Bsecure’s partners and employees are professionals who have spent years working with those who are approaching the age of retirement. For this reason, five years ago, the company decided to create an audit and security service for this audience. Its plan was to implement all the knowledge and experience of Bsecure professionals in a knowledge engine designed and supported in the new Linux environments. Bsecure’s remote service, Bsecure DataPASS (Data Protection, Audit and Security Services) helps clients pass any audit process and measure all critical security risks within a mainframe environment. Through the creation and continuous execution of more than 300 controls related to data and technology. The Bsecure DataPASS service was designed by taking into account the new CISOS, the IT audit departments, compliance, operational risks, and all those who are responsible for data protection in these environments. Bsecure acts as an MSSP working for the client’s audit and security SOC. The first organisation to successfully implement Bsecure DataPASS was Rural Servicios Informáticos (RSI) to help them achieve mainframe security compliance. With eight million customers and five billion transactions each year, RSI is a technical integration IT services company serving 74 small and medium-sized banks in Spain. It represents a tremendous burden on IT audits and accountability for your customer data. Currently, the Bsecure DataPass service evaluates most of the controls (almost 300) in each of the LPARs that make up the mainframe infrastructure daily and fortnightly. This data illustrates the degree of risk and regulatory compliance in the mainframe environments and the evolution of the security state through dashboards shared with the Committee of the Board of Directors and other corporate departments involved in the risk and compliance of IT from the CISO office. By implementing DataPASS, RSI has gone from recognising security issues in mainframe environments when they arise to proactively detecting vulnerabilities and threats, assessing risks, and, most importantly, tracking the proper protection of its critical data and customers. Another aspect covered by the Bsecure DataPASS service is detecting activities aimed at hacking mainframe systems. IBM mainframes are highly prized games in the hacking world. Gone are the days when the mainframe was thought to be impregnable because it was the most expensive computing platform on the market. Serious security incidents such as Nordea Bank and Logica in Europe and the events in the USA indicate that IBM’s Z technology is an IT technology like others that has to be configured and protected by human administrators. Bsecure is the only consultancy worldwide that teaches hacking techniques to security professionals through its online course VA_060, and provides the necessary knowledge to auditors to execute the appropriate controls to know the degree of protection against these activities in the online course VA_080. “With our Bsecure DataPASS service, it is effortless for us to teach our customers how to manage data security and auditing on their mainframes at a fraction of the money they are used to spending.”