By: Frank DeMarco
As popular as the cloud has become in recent years, its benefits have been slow to materialize for some, for a variety of reasons. The cloud isn’t going anywhere—far from it—but today, the mainframe is still the core platform for 67% of Fortune 100 companies, including 45 of the top 50 banks, 4 of the top 5 airlines, and 7 of the top 10 retailers.1 Mainframes are still considered central to business strategy, according to 90% of business leaders surveyed in Kyndryl’s 2023 State of Mainframe Modernization report.
The mainframe is best suited at the heart of a well-integrated hybrid cloud strategy. It’s not about whether moving workloads to the mainframe or the cloud is right for you, but rather, which workloads are right for which platforms.
Putting the right workload on the right platform calls for reviewing your individual workloads and determining the most optimal solution for each in terms of scale, security, and cost-effectiveness. Not everything belongs on the cloud and not everything belongs on a mainframe. Typically, a hybrid solution is needed, and when building your own hybrid cloud strategy, there are four critical factors to take into consideration: security, availability, performance, and innovation.
Security-critical workloads should modernize on the mainframe
The convenience of the cloud can’t be denied: outsourcing your data storage, cataloguing, and maintenance to a third party can be a huge benefit. However, that level of access has come with increased vulnerabilities. Nearly 7 in 10 organizations, 69%, say data breaches and exposures have happened due to inconsistent security practices across their multicloud environment.2 That’s a real concern, especially when it comes to sensitive data.
Some workloads, like project management data or office administration files, don’t have to constantly send sensitive data. The convenience of the cloud outweighs the mildly increased security risk. But for others, like financial trading or bank transfers, confidential information is fundamental. Fines for security breaches can be steep, with financial institutions paying some of the largest fines ever levied due to security breaches in the cloud. Of course, the cloud can still be made secure with security policies like zero trust, but it’s important to consider security when selecting the right platform for your workloads.
With the right security controls and strategies in place, the mainframe is eminently securable. Controls and strategies implemented on the mainframe—like multifactor authentication, data encryption, penetration testing, auditing, transaction monitoring, and constant sweeps for new vulnerabilities—are the key reasons why so many major companies, particularly in banking and industries that deal with personal information, primarily rely on the mainframe to run their workloads.
It also enables total vertical control over your data, from user to server, eliminating a cloud provider as a threat vector (not to mention an expenditure). For workloads where security is vital, it can be better to modernize by moving workloads to the mainframe instead of taking them off the platform.