CA Compliance Software Reaches the Mainframe

CA is today releasing its Compliance Manager for z/OS software, which delivers compliance reporting and enforcement on IBM’s mainframe operating system.

The software is needed because auditors are trained to understand client-server architectures and often don’t understand the mainframe environment, David Hodgson, senior vice president of CA’s mainframe business told

“I admit that I’m generalizing but . . . when it comes to mainframes, they don’t know what are the probing questions to ask the IT people. For example, the auditor may ask about the anti-virus software on the mainframe,” he said.

The software is designed to provide continuous, real-time monitoring and alerts to provide reporting to auditors who may lack mainframe training. CA’s intent is that the software announced today be part of a total package delivering “end to end security and compliance from the Web to the mainframe,” the company said in a statement.

The software is part of CA’s ongoing mainframe 2.0 initiative to provide easier to use software and trained
for big iron.

Compliance on mainframes may be easier in theory than in practice. “Many organizations can point to policies and say they have policies but they fall short when they need to demonstrate adherence to those policies,” said Kirk Willis, vice president of CA’s compliance management product.

It’s often a technology issue. “The log captures that organizations rely on are abbreviated by design,” said Willis. “When a particular policy maps to an event that compliance manager is auditing, it can then collect large amounts of compliance data for forensics use later as well as trigger actions and can disclose which permission or rule triggered the event.”

The mainframe makes actions more visible, not less, he added, providing detailed visibility of an event that is not possible in a distributed environment.

Furthermore, the product also monitors changes to the processing environment.

Compliance ties neatly into real security issues. “Much of data theft is done by internal people, not external people,” said Hodgson. “We monitor what people are authorized to do and what they are doing.”

Pricing starts at $44,270 for a 45 MSU machine.

News Around the Web