RACF (Resource Access Control Facility) is used in around 80 percent of all global z/OS installations. This is an IBM security system for managing authorizations in the mainframe environment. RACF ensures that only authorized users have access to a requested resource. If an unauthorized user attempts to access a protected resource - this can be data, applications or hardware - the system records and reports this attempt.
RACF thus fulfils the following basic functions:
Identification and verification of users using user keys and password checks (authentication)
Protect resources by managing access rights (authorization)
Logging of access to protected resources (auditing)
From these functions different activities are derived for the IT department.
Maintenance of Authorization Structures
The central task of the IT department is to ensure that every user receives exactly the authorizations he needs. Among other things, it has to create new users, reset passwords or assign additional rights to users - relatively simple administration tasks, which, however, are often very time-consuming with RACF. There are two reasons for this: On the one hand, the authorization structures in companies with many employees and a large number of applications are usually very complex. On the other hand, the operation of RACF is not exactly user-friendly: The IBM system does not offer a graphical user interface.
IT administrators are always faced with particularly great challenges when extensive changes are required. This is the case, for example, when computer systems are merged or the computer center is outsourced to a service provider and the authorization structures have to be migrated in this context.
The security threats are growing!
In addition to maintaining the authorization structures, monitoring is also one of the core tasks of the RACF administrators. They have to monitor user access to resources continuously and ideally in real time so that security violations can be reacted to immediately. More than half of all companies in Germany (53 percent) have been victims of industrial espionage, sabotage or data theft in the past two years. This has resulted in losses of around 55 billion euros. In the financial sector, 93 percent of all institutions were affected in a period of 12 months.
In most cases, the perpetrators are current or former employees of the company (62 percent). These attacks also cause much greater damage than external attacks. Reliable monitoring that captures and escalates security-related events is therefore indispensable for all companies. RACF alone does not offer this possibility..
53% of all companies have become victims of espionage or data theft in the last 2 years.
Up to 60% of all cyber attacks are due to identity theft.
Employee attacks cause more damage (almost 200% per incident) than external attacks.
80% of data thefts occurred within one day, but only 12% were discovered on the same day.
Compliance in the RACF
Reporting plays an increasingly important role in the everyday life of RACF administrators. This is because companies must carry out security audits on a regular basis in order to prove compliance with legal regulations. Especially for banks and insurance service providers high requirements apply. Many companies already carry out internal audits in advance of the mandatory certifications in order to uncover possible weak points and take timely measures to increase security. Regardless of whether it is a preparatory audit or an external audit:
The reporting required in the z/OS environment is very complex due to the high volume of data and the usually complicated RACF, SMF and operating system settings. According to Beta Systems' experience, the use of cross-platform reporting tools can reduce the effort by 50-80 percent.
Download the free White Paper here!
Business White Paper
How to administrate mainframe access rights to overcome the growing challenges of the digital age.
A free guide for data center managers who operate RACF systems.