Keyvisual_Produkte_Output-Management_01_02_00

The future-proof Mainframe

Authorization Management
in the Digital Age

AUTHORIZATION MANAGEMENT WITH RACF: CHALLENGES & RISKS

RACF in everyday life

RACF (Resource Access Control Facility) is used in around 80 percent of all global z/OS installations. This is an IBM security system for managing authorizations in the mainframe environment. RACF ensures that only authorized users have access to a requested resource. If an unauthorized user attempts to access a protected resource – this can be data, applications or hardware – the system records and reports this attempt.

RACF thus fulfils the following basic functions:

Identification and verification of users using user keys and password checks (authentication)
Protect resources by managing access rights (authorization)
Logging of access to protected resources (auditing)

From these functions different activities are derived for the IT department.

Maintenance of Authorization Structures

The central task of the IT department is to ensure that every user receives exactly the authorizations he needs. Among other things, it has to create new users, reset passwords or assign additional rights to users – relatively simple administration tasks, which, however, are often very time-consuming with RACF. There are two reasons for this: On the one hand, the authorization structures in companies with many employees and a large number of applications are usually very complex. On the other hand, the operation of RACF is not exactly user-friendly: The IBM system does not offer a graphical user interface.

IT administrators are always faced with particularly great challenges when extensive changes are required. This is the case, for example, when computer systems are merged or the computer center is outsourced to a service provider and the authorization structures have to be migrated in this context.

The security threats are growing!

In addition to maintaining the authorization structures, monitoring is also one of the core tasks of the RACF administrators. They have to monitor user access to resources continuously and ideally in real time so that security violations can be reacted to immediately. More than half of all companies in Germany (53 percent) have been victims of industrial espionage, sabotage or data theft in the past two years. This has resulted in losses of around 55 billion euros. In the financial sector, 93 percent of all institutions were affected in a period of 12 months.

In most cases, the perpetrators are current or former employees of the company (62 percent). These attacks also cause much greater damage than external attacks. Reliable monitoring that captures and escalates security-related events is therefore indispensable for all companies. RACF alone does not offer this possibility..

53% of all companies have become victims of espionage or data theft in the last 2 years.
Up to 60% of all cyber attacks are due to identity theft.
Employee attacks cause more damage (almost 200% per incident) than external attacks.
80% of data thefts occurred within one day, but only 12% were discovered on the same day.

Compliance in the RACF

Reporting plays an increasingly important role in the everyday life of RACF administrators. This is because companies must carry out security audits on a regular basis in order to prove compliance with legal regulations. Especially for banks and insurance service providers high requirements apply. Many companies already carry out internal audits in advance of the mandatory certifications in order to uncover possible weak points and take timely measures to increase security. Regardless of whether it is a preparatory audit or an external audit:

The reporting required in the z/OS environment is very complex due to the high volume of data and the usually complicated RACF, SMF and operating system settings. According to Beta Systems’ experience, the use of cross-platform reporting tools can reduce the effort by 50-80 percent.

Download the free White Paper here!

Business White Paper

How to administrate mainframe access rights to overcome the growing challenges of the digital age.

A free guide for data center managers who operate RACF systems.

Cookie	Type	Duration	Description
cookielawinfo-checkbox-advertisement	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Analytics'.
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.
cookielawinfo-checkbox-non-necessary-en	persistent	1 year
viewed_cookie_policy	persistent	1 hour	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
IDE	1	2 years	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
mautic_device_id	persistent	1 year
mautic_referer_id	persistent	30 minutes
mautic_session_id	persistent	1 year
mtc_id	persistent	1 year
mtc_sid	persistent	1 year
VISITOR_INFO1_LIVE	1	5 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	1	1 year	This cookies is set by Youtube and is used to track the views of embedded videos.
YTC	persistent	10 minutes

Cookie	Type	Duration	Description
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat	persistent	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gat_gtag_UA_48984882_3	persistent	1 minute	Google uses this cookie to distinguish users.
_gid	persistent	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_pk_id.2.8605			This cookie is used by Matomo.
_pk_ses.2.8605			This cookie is used by Matomo.
AnalyticsSyncHistory			This cookie is used by LinkedIn.
bcookie			LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie			LinkedIn sets this cookie to store performed actions on the website.
GPS	persistent	30 minutes	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
lang			LinkedIn sets this cookie to remember a user's language setting.
li_gc			This cookie is used by LinkedIn.
lidc			LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory			LinkedIn sets this cookie for LinkedIn Ads ID syncing.

YOUR CONTACTS

+49 (0) 30 726 118-640