Cecabank Automates Mainframe Administration Tasks with Beta Access
Authorization management at Cecabank: The bank automated its mainframe security and cybersecurity risk management with software from Beta Systems.
Initial Situation
Information security is a fundamental aspect at Cecabank, and technology is key to optimizing the internal information systems. Cecabank was in need of state-of-the-art technology to gain reliable compliance with regulatory requirements and to boost their level of information security.
Over the past four years, Cecabank has worked hard to drive its digital transformation plans and has made significant headway in implementing and expanding them.
Challenge
All hardware and software must support digital transformation to ensure the required level, quality and security of services.
The cybersecurity department must both enhance security and meet compliance requirements as defined in the GDPR, in addition to satisfying internal audit requirements. In order to achieve an adequate level of security, all employees are only assigned the authorizations to IT systems they actually need to perform their tasks.
Implementation
Authorization management at Cecabank: Cecabank opted for Beta Access admin from Beta Systems because the comprehensive and simple yet reliable solution for zOS security administration and audit not only met, but even exceeded their requirements. As an added bonus, the solution also integrates with the SIEM system, which simplified workflows significantly.
Prior to the introduction of Beta Access, Cecabank processed security events (RACF SMF events) originating from the mainframe in batch mode, which generated a daily workload. User management, access to resources, protection of resources and the allocation among them used to be handled with the tools provided by the operating system.
Accessing audit data required additional effort from the zOS administration team, as they were familiar with the environment and had sufficient access rights. This posed a challenge because alerts did not reach the SIEM in real time, and it was also a cumbersome system to manage. Therefore, administrators had to perform and control audit tasks to deliver the information to auditors.
Outcome
Cecabank benefits from the implemented Beta Access solution in many ways. The IT department is now able to provide a convenient Windows interface that allows auditors to operate the system without any special RACF or zOS knowledge. Also, the solution enables non-technical users to review the RACF system and generate audit reports.
They can perform fast audits via an easy-to-use Windows interface and generate preconfigured audit reports based on actual requirements and industry best practices. Moreover, the new real-time monitoring feature alerts users in real time as soon as a critical RACF or security-related event occurs.
As a result, security breaches can be detected much faster. This also means that incidents are escalated to predefined recipients or operation monitoring systems without delay. The cybersecurity department can now receive early warnings and alerts, and the user-friendly ISPF interface of Beta Access admin provides functions for centralized RACF management.
A comprehensive set of functions enables the maintenance of RACF profiles while providing a transparent overview of all information that needs to be managed in the RACF system.