Mainframes hold an organization’s most critical and sensitive business data, making it crucial to ensure that data is secure and meets the strictest privacy regulations.
Controlling access through network micro-segmentation is an effective way to protect sensitive data on mainframes by isolating applications or devices. Such isolation is required in heavily regulated industries with compliance standards such as the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR).
Micro-segmentation is an important step toward achieving Zero Trust security. Micro-segmentation can isolate each application into its own network segment. That gives organizations the ability to limit application access to specific network segments or specific devices, providing an additional layer of security beyond user authentication.
Isolating card payment processing applications to specific network segments can greatly reduce the scope, cost, and time of PCI DSS compliance assessments. Although segmenting the cardholder data environment (CDE) from the rest of an organization’s network is not a PCI DSS requirement, it is highly recommended by the PCI Security Standards Council. By consolidating data into fewer locations that have more control over that data, segmentation reduces the risk to an organization’s payment account data.
The PCI Security Standards Council says that any assets that store, process, or transmit payment card data are “in scope”—meaning they must be assessed for PCI compliance. Thus, the entire network is in scope without proper segmentation. The wider the scope, the longer and more costly the PCI compliance problem becomes.
Network segmentation that isolates the card handling applications reduces the PCI review to that specific area rather than an entire network, which can span hundreds of thousands of devices. Reducing the scope of the PCI DSS assessment also reduces the cost and difficulty of implementing PCI DSS controls. It also mitigates risk to an organization by consolidating cardholder data into fewer locations with greater control.
Vertali has a long pedigree in providing IBM mainframe skills, resources, and software tools to organizations around the world. The company’s mission is to help its clients to reduce risk, work smarter, and deliver their mainframe strategy. www.vertali.com