BreachExchange mailing list archives
Legacy Data: The Elephant In The Room
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 27 Jan 2015 19:33:17 -0700
http://www.business2community.com/big-data/legacy-data-elephant-room-01137791 It seems that not a week goes by where there isn’t some story in the news about a data breach. From major retailers to the U.S. Postal Service no organization, despite available safeguards, is immune. The most recent data breach currently making worldwide headlines involves a major entertainment company and a few of the news articles have included screenshots of a terminal emulation green screen with sensitive data in full display. In this instance, the company’s employee list was compromised, salaries of all of their employees were leaked and other confidential information including social security numbers were stolen. Ultimately, this data was shared on the Internet via file sharing networks. The breach even forced the company to resort to pen and paper for a few days while virtually all of their computing environments were shut down. I’ve been a mainframe guy for many years so the aforementioned shots of the green screens caught my eye and got me thinking about what companies are doing holistically to secure their corporate systems. As organizations talk about updating their systems to protect sensitive corporate data, particularly those in industries that must comply with regulatory standards such as PCI DSS and HIPAA, the focus is often on bringing modern systems such as web applications and databases into compliance. Meanwhile, the large, legacy mainframe environment which houses the bulk of sensitive corporate data – the proverbial elephant in the room – does not receive the attention it deserves. More mission-critical applications have been developed for the mainframe than for any other platform, which means that more sensitive customer and business data is stored in these screen-based legacy applications than anywhere else. Slowly, the tech industry is waking up to the risks of neglecting the mainframe when developing compliance policies and for many the January 1deadline to comply with new Payment Card Industry Data Security Standard (PCI DSS) 3.0 forced the issue. A recent article by K3DES executive Mike O. Villegas discusses best practices relating to mainframes and PCI DSS. The article sheds light on the importance of assessing the security technologies protecting critical corporate data stored in legacy computing environments. Still, there is much that needs to be done to educate CIOs and IT organizations about the risks of not taking their mainframe environments into consideration when discussing compliance. Addressing the elephant in the room head on by taking a comprehensive approach to mitigating risk across all of your computing systems can make the difference between upholding your organization’s reputation or becoming another data breach statistic.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Legacy Data: The Elephant In The Room Audrey McNeil (Jan 28)