Multiple factors keep organizations from using MFA for mainframe applications
Only one in five organizations is using multi-factor authentication (MFA) to secure access to IBM mainframe applications or plans to do so, despite nearly two-thirds of mainframe users (64 percent) being aware that it is available, according to a survey from enterprise software company Macro 4.
UNICOM Global company Macro 4 surveyed 81 companies at the GSE UK Conference in November 2018, and found that concerns about application disruptions, a lack of mainframe and security skills, and resistance from end users are barriers to adoption of MFA by mainframe users. IBM’s Resource Access Control Facility (RACF) can be integrated with mainframe MFA systems to apply a biometric identifier or other credential to extend user verification beyond traditional passwords.
“With data protection and security a major priority among most enterprises, it’s concerning that this new survey suggests mainframe shops have been slow to take up multi-factor authentication, which has been available for the platform since 2016,” said Keith Banham, Mainframe Research and Development Manager at Macro 4. “Continuing to rely on a password alone for user authentication exposes business-critical applications to unacceptable risk. Hackers are now very adept at misleading people into revealing their passwords or they use technology to crack, steal or by-pass them altogether.”
More than half of those surveyed (59 percent) say they are aware that MFA is an important part of compliance, but Banham says companies should consider implementing modern session management software to make MFA easier by giving users single sign-on access to mainframe applications. Risks associated with changing older applications to support MFA is cited most often as a reason for not yet implementing MFA, at 28 percent, but a lack of mainframe skills, the challenges and costs of installing MFA hardware, a lack of security skills, and resistance from end users are all seen as barriers by 20 percent or more. Further, challenges and costs associated with MFA software, a perceived lack of necessity, and the complexity of the implementation process are considered barriers by 12 percent or more each.
Grand View Research predicted earlier this year that the global MFA market will grow by 15 percent CAGR to $17.76 billion by 2025.
access management | biometrics | IBM | identity verification | multi-factor authentication