MAINFRAME Safeguarding Your Mission-Critical Mainframe Data and as You Drive Your Business Forward Stuart McIrvine Dhananjay Joshi (DJ) Kevin Shuma Dave Ross Vice President Senior Advisor Vice President Sr. Principal Product Owner CA Technologies CA Technologies CA Technologies CA Technologies

MFX132E For Informational Purposes Only Terms of This Presentation

© 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.

2 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Agenda

1 THREATS TO MAINFRAME DATA – EXTERNAL AND INTERNAL

2 INSIDER THREATS AND RISKS IN DATA MANAGEMENT

3 COMPLIANCE / GDPR – RELEVANCE TO DATA MANAGEMENT

4 DATA LIFE CYCLE AND DATA PROTECTION

5 FEEDBACK – YOUR NEEDS AND HOW CAN CA HELP?

4 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Threats to Corporate Data Insider and External Data Breaches Are Becoming Corporate Nightmares

Yahoo Myspace Experian LinkedIn Equifax Anthem Dropbox Home Depot Target …

•1 Billion •360 •200 •162 •143 •80 Million •68 Million •56 Million •43 Million Million Million Million Million

Source: https://www.scmagazine.com/where-equifax-falls-among-the-top-recent-data-breaches/article/687611/

Source: https://www.scmagazine.com/where-equifax-falls-among-the-top-recent-data-breaches/article/687611/

Source: https://www.scmagazine.com/patient- home-monitoring-corp-exposed-475-gb-worth- of-patient-data/article/699640/

5 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Threats to Corporate Data Insider and External

▪ A large majority of global business data resides on the mainframe ▪ Mainframe is the most securable platform, incredibly difficult to breach ▪ Mainframe accessible to select trusted users ▪ Likelihood of insider threats less than other systems, but impact can be very severe!! (DBAs/Sysprogs/Developers have access to sensitive data)

Source: https://www.scmagazine.com/cios-believe-mainframe-secure-but-still-worry-over-insider-threats/article/666583/

6 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Insider Threats and Risks to Corporate Data More Challenging to Identify and Prevent

▪ Threats and Risks: – More security breaches (>75%) occur through insider threats – Both accidental data loss as well as Intentional data theft – Regulatory Compliance as well as Intellectual Property ▪ Intentional: – Suspicious Access/Login attempts – Irregular pattern of data and application access, data manipulation ▪ Unintentional: – Processes: Development, Testing, Recovery, Copy, Reporting of data – Insufficient/inaccurate identification and accidental loss/compromise of sensitive data

7 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Regulatory Compliance – The Main Driver GDPR – the Looming Deadline!

Legislation approved by the EU Parliament and the EU Council on April 27, 2016 Effective date: May 25, 2018…190 days from today

The legislation requires enterprises worldwide to apply rigorous practices for the acquisition, management, and privacy protection of EU citizen data

8 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED GDPR Applies to My Enterprise – Now What? Cross-Border Regulatory Enforcement

▪ For EU chartered enterprises, interpretation is clear: implementation date is imminent ▪ For non-EU chartered enterprises, interpretation is less clear: ▪ How fines can be imposed? – Enterprises with EU interests or assets could have them frozen or otherwise made unavailable – Enterprises processing EU citizen data who have no direct interests of assets in the EU may still experience pressure from customers, business partners, and their local governments

9 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED The Primary Requirements of GDPR

Article 5 Articles 6-8 Article 15 Article 17 Article 20 Handling Citizen Right to Right To Be Right to Personal Consent Access Forgotten Data Data Article 83 Portability

Articles Articles 33 Article 35 Articles 37- Article 50 25 & 32 & 34 PenaltiesImpact 39 Data International Data Reporting Assess- Protection Companies Protection Data ments Officer Breaches

10 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Insider Threats and Risks to Corporate Data Empower and Motivate Users While Fully Protecting Data

Securing and Protecting sensitive data

(e.g. data masking, data encryption, subsetting during unload/cloning, etc.) vs. Securing and Protecting every system and user that comes in contact with sensitive data

(More controls/micro-management of DBA/Sysprog access?)

11 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Data-Centric Security on the Mainframe

• We often view the world from the edge inward - Defend from external threats

• Mainframe is usually deep within the network, under several layers of security, but vulnerable to credential theft and insider threat

• For Mainframe, it’s important to examine Security from the bottom up:

1) Start with the 3) Monitor access Data to that data

2) Understand what 4) Limit access to data might be at the minimum set of risk to theft users

12 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Data Life Cycle and Insider Threat Protection Staying Ahead of Your Data Protection Needs

Ensure Availability of Archived data Identify and Classify new Sensitive data Create/ Identify changes to Sensitive data Protection of sensitive archived data Change Non-recoverability of destroyed data Report (Data & recovery) (Content discovery, Schema management, Restrict/Verify Access Data loads) Archive/ Detect irregular access / Store/ Destroy consumption Copy Real-time notifications (potential Mask data at rest breach) Mask/Encrypt data in motion (Audit compliance with data/schema (Test environment/data creation, etc.) Ensure Subsetting changes, Event Management, Data (Data cloning, unload, etc.) security analytics) Share/ Use Report

Mask/Encrypt data in motion (Data extraction, unload, test data creation, etc.)

13 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Have You Done the Basics to Protect Your Data? CA Datacom

✓ Dataset security on key datasets – CXX, LXX, Code libraries ✓ Integration with external security for data access ✓ Path, Content, Metadata – access path, data content, data definitions ✓ Implementation of data protections at rest – guard against non access (TSO, DITTO, Etc.) ✓ Presspack Strong Compression – obscures database content ✓ Built-in Encryption – encrypts data base content ✓ IBM Pervasive Encryption – encrypts non-database storage (, extracts)

14 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Have You Done the Basics to Protect Your Data? CA IDMS

✓ Dataset security on key datasets – Database files, Dictionary files, Journal files, Code libraries ✓ Integration with external security for data access ✓ Users, databases, tasks – access, data, data definitions, program execution

✓ Implementation of data at rest protection ✓ Presspack Custom Compression – obscures database content ✓ ASPG Encryption – encrypts data base content at record or field level ✓ IBM Pervasive Encryption – encrypts VSAM defined databases, as well as non- database storage (backups, extracts)

15 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Have You Done the Basics to Protect Your Data? CA Database Management for Db2 for z/OS

✓ CA RC/Extract for sub-setting as opposed to copying all data

✓ CA Model services and Utility Profile services to automate tasks required for audits such as image copies, granting access to new objects

✓ Db2 Integration with external security for data access ✓ Tables, Views, Plans, Special Privileges( SYSADM, SYSOPR, DBADM,…)

✓ IBM Pervasive Encryption – encrypts Db2 Table/Index Spaces defined databases, as well as Image Copies, Unload datasets, extracts, etc.

16 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Your Feedback What Are Your Requirements and Priorities

How are you addressing these threats?

Do you have processes and tools in place?

Are you working towards GDPR/compliance deadlines?

How can CA help?

17 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Recommended Sessions for Db2 SESSION TITLE DATE/TIME Secrets of the Pros: Mitigate those pesky Mainframe database MFX133E NOV 13 @ 3:30pm performance problems MFX135E Analytics as a Weapon to Proactively Manage Db2 Performance NOV 14 @ 10:00am How to Get the Most out of Your Db2, Db2 Management MFX136E NOV 14 @ 11:00am and Analytics Investment Strategic Direction Session: Enhancing Data Privacy With Data- MFT13S NOV 15 @ 12:45pm Centric Security for Mainframe

MFT24T How CA-Detector for z/OS solved my BIF worries NOV 15 @ 1:45pm

MFT37T Proactive Database Management With Db2 Intelligence NOV 15 @ 3:30pm

MFT47T Insider Threat Prevention on the Mainframe NOV 15 @ 4:15pm

MFT32T Reduce Mainframe Insider Threats Through Machine Learning NOV 16 @ 4:15pm

18 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Must See Demos

CA Data CA CA Trusted CA Mainframe Content Compliance Access Manager Operational Discovery Event for Z Intelligence Manager Mainframe Theatre Mainframe Theatre Mainframe Theatre Mainframe Theatre Station 608/609P

CA Mainframe CA Dynamic CA Storage CA Database Databases Capacity Management Management Intelligence for Db2 for z/OS Mainframe Theatre Mainframe Theatre Mainframe Theatre Mainframe Theatre Station 614P Station 607P Station 617P Station 615P

19 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Questions?

20 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Thank you.

Stay connected at communities.ca.com

21 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Mainframe

For more information on Mainframe, please visit: http://cainc.to/CAW17-Mainframe

22 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED www.mainframe.ai

23 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED