Changing the Mainframe Cyber Resiliency Game with Model9 Shield
Years of ever increasing cyber attacks, as well as recent world events, have put cyber resiliency at the top of any IT leader’s agenda. In that context, architectural concepts around air-gapped, 3rd data copies – sometimes referred to as “safe harbor” or “cyber vault” – have become a priority for many mainframe-based enterprises around the world. Most, if not all such cyber resiliency solutions are currently based on on-premises mainframe-focused technology, usually utilizing flash copy and/or WORM storage to create immutable backups. Taking frequent flash copies has its advantages, especially the lack of performance overhead and the possibility to quickly recover entire Sysplexes. But this approach also has a number of major disadvantages. This is where Model9’s cyber resiliency product, Model9 Shield, comes into play. Model9 Shield harnesses the power of cloud object storage in order to take the mainframe cyber resiliency game to the next level – an approach that no mainframe solution provider has used before.
Time to Value: Model9 Shield is a software-based solution. Without the need for on-premises infrastructure, Shield can be implemented in a matter of weeks (days, if the target architecture is well-defined) and offer the organization protection from cyber attacks, such as ransomware, significantly faster time to value than an on-premises, hardware-based solution.
Air-gap by Design: A cloud-based solution can deliver the ultimate air-gap, as the 3rd data copy no longer resides in any of the enterprise’s data centers and can be rendered immutable and inaccessible via cloud technologies such as AWS’ Object lock. As a matter of fact, with most cloud providers the data doesn’t even reside in a single data center but is dispersed between multiple data centers – while still remaining inaccessible from the enterprise network (or any other network, for that matter). Maintaining a similar architecture on-premises requires a level of cost and complexity that only the largest of enterprises can afford.
Architectural Flexibility: Software-defined cloud solutions are inherently more flexible than on-premises hardware that needs to be procured and installed, and which requires regular maintenance – and eventually replacement. A cloud-based object storage solution, on the other hand, can be scaled up or down in a matter of minutes; tiering can be adjusted on the fly, and complex maintenance becomes a thing of the past. Having a distinct infrastructure for the enterprise’s cyber solution also reduces the likelihood of attacks by adversaries who are familiar with common vulnerabilities, design flaws and misconfigurations of mainframe-based solutions.
Regional Availability: Protecting the enterprise data in cloud-based object storage does not have the same geographical limitations as on-premises solutions, where a 3rd data copy has to be kept in one of the enterprise’s data centers. Of course, a 3rd data copy is a tool of last resort; having to use the enterprise cyber vault means that all IT defenses have failed, primary and secondary data copies have been corrupted, or a natural disaster or geopolitical event has rendered an entire location unusable. Keeping the data in a remote cloud-based data center, potentially even out of the country (laws and regulations permitting), can make a key difference in these cases. In addition, since Model9 Shield leverages the advantages of the cloud-based architecture to provide high throughput for backup and restore even for remote geographical locations, performance is greatly improved.
Zero Change: IT teams are overburdened as is, so a good cyber resiliency solution should cause as little disruption as possible to existing architectures, processes and procedures. Model9 Shield has been designed as a complementary solution to existing backup or flash copy implementations, such as DFSMShsm or SafeGuarded Copy. No changes are made to any of the existing backup policies and procedures.
Total Cost of Ownership: Cloud-based object storage has become a commodity by now and is provided at a much lower cost than on-premises storage. In addition, TCO calculations need to take into account additional expenses related to on-premises solutions, such as data center space, power & cooling, FICON Directors, DWDM etc., all of which increase TCO even further.
Surgical Recovery: Most 3rd data copy solutions today are based on flash copy technology which indeed is extremely fast, but provides store/restore services only at system volume level. This approach is great if the entire system has been corrupted – but most sophisticated cyber attacks only affect a small portion of the data (say the inventory or customer database). Model9 Shield allows picking the exact data sets to surgically restore – something not easily possible with flash copy based solutions.
Clean Room Recovery: One of the unique advantages of Model9 Shield is its bare metal recovery capability. Bare metal recovery provides you with a starter system that connects to your cloud object storage of choice and recovers your entire z/OS system either in your data center or and here is where a hybrid-cloud solution like Model9 has yet another key advantage, in a 3rd party data center. Keeping the enterprise data off-premises provides a clean-room setting, unaffected by any intrusion, which creates an environment allowing to analyze the degree of data corruption, and the impact of such an issue, adding a dimension of cyber forensics to the solution.
Data Validity and Recoverability, and Cyber Forensics: Model9 Shield includes a number of periodical checks that re-verify the validity of the data which was copied into the object storage. In addition, automatic recoverability checks verify periodically that backups in the cloud can indeed be recovered – which is essential, as an increasing number of cyber attacks first target backup data.
To summarize – a 3rd data copy is a tool of last resort, and does not eliminate the need to have in place a rock solid cybersecurity solution, based on a holistic zero-trust concept. Model9 Shield can extend such an on-premises cybersecurity architecture into a hybrid-cloud model that offers the enterprise better and faster protection and more flexibility, at a significantly lower TCO than competing on-premises 3rd data copy solutions.