Legacy Data: The Elephant In The Room

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.business2community.com/big-data/legacy-data-elephant-room-01137791

It seems that not a week goes by where there isn’t some story in the news
about a data breach. From major retailers to the U.S. Postal Service no
organization, despite available safeguards, is immune. The most recent data
breach currently making worldwide headlines involves a major entertainment
company and a few of the news articles have included screenshots of a
terminal emulation green screen with sensitive data in full display. In
this instance, the company’s employee list was compromised, salaries of all
of their employees were leaked and other confidential information including
social security numbers were stolen. Ultimately, this data was shared on
the Internet via file sharing networks. The breach even forced the company
to resort to pen and paper for a few days while virtually all of their
computing environments were shut down.

I’ve been a mainframe guy for many years so the aforementioned shots of the
green screens caught my eye and got me thinking about what companies are
doing holistically to secure their corporate systems.

As organizations talk about updating their systems to protect sensitive
corporate data, particularly those in industries that must comply with
regulatory standards such as PCI DSS and HIPAA, the focus is often on
bringing modern systems such as web applications and databases into
compliance. Meanwhile, the large, legacy mainframe environment which houses
the bulk of sensitive corporate data – the proverbial elephant in the room
– does not receive the attention it deserves. More mission-critical
applications have been developed for the mainframe than for any other
platform, which means that more sensitive customer and business data is
stored in these screen-based legacy applications than anywhere else.

Slowly, the tech industry is waking up to the risks of neglecting the
mainframe when developing compliance policies and for many the January
1deadline to comply with new Payment Card Industry Data Security Standard
(PCI DSS) 3.0 forced the issue. A recent article by K3DES executive Mike O.
Villegas discusses best practices relating to mainframes and PCI DSS. The
article sheds light on the importance of assessing the security
technologies protecting critical corporate data stored in legacy computing
environments. Still, there is much that needs to be done to educate CIOs
and IT organizations about the risks of not taking their mainframe
environments into consideration when discussing compliance.

Addressing the elephant in the room head on by taking a comprehensive
approach to mitigating risk across all of your computing systems can make
the difference between upholding your organization’s reputation or becoming
another data breach statistic.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!