Alan Altmark <alan_altm...@us.ibm.com> wrote :-
> I would have thought that everyone's IT host & network security
> departments would be turning the screws on unencrypted and
unauthenticated
> transmission to/from VM of any sensitive data and/or passwords. ("You
> mean you let MAINT's password flow in clear-text over the company's
> network?!?") And that you all, in turn, would be squeezing IBM for a
> supported, manageable solution.
> It's kind of scary, actually. My biggest fear is that folks are trying
to
> fly under the radar in the hopes of not being discovered and are taking
> too many undocumented or ill-understood risks.
> But perhaps I am too paranoid. Maybe these all just trivial
transmissions
> of today's cafeteria lunch menu and cannot be used by some disgruntled
or
> creative employee to discredit, steal, corrupt, or destroy your fave
> virtualization platform or the data it holds.
> There are large corporations who are finally starting to look at z/VM
> management policies (incl. security) to ensure that they are mitigating
> the risks inherent in any virtualization strategy. It's easy to say,
> "We'll deal with that later." Tick, tock, tick, tock.....
Because of the very power of mainframe systems, the power of any Systems
Programmer worth their salt makes them far too dangerous to have on-site -
unless you "really" trust them. You can put all sorts of controls in place
and make their job more difficult but, unless you take away all access
that they need for their job, they can always get round any controls.
That is not to say that there should be no controls at all - the main ones
should be to prevent accidental or negligent issues. To make it easier to
do it right than wrong.
A lot of people are flying just under the Radar - not with mal intent, but
to achieve what needs to be done.
However, my company (along with many others) does have a strategy for
dealing with this problem. Get rid of mainframe systems because we all
KNOW that distributed systems handle these problems SO much better !!! In
4-5 years the risk will have been eliminated (along with all of us).
Colin Allinson
