Bringing open-source software solutions into the mainframe could bring multiple benefits for businesses dealing with legacy systems -- but security must play a central role in any plan.

Nathan Eddy, Freelance Writer

October 27, 2022

5 Min Read
illustration of a dark room with keyhole as a source of light.
medrooky via Alamy Stock

The mainframe continues to be a critical system of record, however the speed at which businesses operate and the complexities of a hybrid IT infrastructure are growing.

Known for its security and reliability, the mainframe is a critical piece of technology that plays a central role in the everyday operations of some of the world’s largest organizations, spanning industries such as government, finance, and healthcare.

Although it has the capability to process 30 billion business transactions daily, the mainframe has a reputation of being outdated and cumbersome, because it has been around for more than 50 years.

Organizations are now increasingly exploring open-source software (OSS) to help bridge the divide between modern applications and the mainframe.

“Most often we see innovative technologies like open-source software solutions tied to cloud-based products, leading mainframe-dependent businesses to believe they can’t successfully implement these types of technologies into their operations,” says Phil Buckellew, president of infrastructure modernization at Rocket Software. “But that assumption is not true.”

He says the introduction of OSS to mainframe infrastructure and the ability to seamlessly implement innovative processes will not only improve product development and speed time to market but will also open the mainframe to a new host of developers who will boost the next wave of innovation.

“Open-source solutions give mainframe teams access to the collaboration and responsiveness capabilities they need to continue their modernization journeys,” he adds.

Mounting Mainframe Maintenance Challenges

Bud Broomhead, CEO at Viakoo, a provider of automated IoT cyber hygiene, says among the key challenges facing organizations and their mainframe infrastructure include maintaining operations within an older compute model, ensuring the security of operations, and having support staff trained properly.

“At some point, rehosting such systems will make economic sense, or maybe forced by components going end-of-life,” he explains. “This is a similar dilemma as faced by operators of IoT/OT devices, where the functional life of the products can be extended through new adaptors or interfaces, but still must face a genuine end-of-life because of support and security concerns.”

He says open source can help by giving a critical “starting point” to develop middleware and other software needed for the system to perform its functions and interoperate with newer compute environments.

“The open-source community potentially provides proven starting points and ability to customize from there,” Broomhead adds.

Open Source Brings Modernization Benefits

The arguments for OSS on the mainframe are in many cases the same as for OSS on any other platform -- more accessible, often more secure, easier to develop.

“These arguments are from the same development teams who push for OSS elsewhere in the environment,” says Mike Parkin, senior technical engineer at Vulcan Cyber. “The major differences are when the implementation is specific to the mainframe environment.”

He points out many of the same advantages for OSS apply here as well, but the difference is that it is now the team who handles the mainframe itself making the case.

Parkin adds there has been a trend to use mainframe platforms for virtualization, essentially replacing a rack of commodity class servers with a single Big Iron machine that can do the job more efficiently and effectively. “Those are ideal use cases for open-source software at multiple levels, from the guest operating systems to the application layers,” he says.

Boris Cipot, senior security engineer at Synopsys Software Integrity Group, a provider of integrated software solutions, agrees that open source can bring fresher and better integrations into today’s working processes and tools, and enable companies to focus on their work and not re-create existing software functionality.

“If we speak about cost, this is a relative viewpoint,” he says. “Some will say that open source does not cost a thing, which is unfortunately not true, as there are costs of running these operating systems and educating your staff to use them properly and securely.”

He says it comes down to the point where the organization has problems.

“If it is legacy, you need to modernize; then, it is IT that would have to argue what the usage of an open-source mainframe operating system and applications would bring to the table as benefits and also costs of implementing and educating employees,” he says.

Security can also chip in, as legacy systems will likely cause all sorts of issues with unpatched security holes and unsecure communication protocols that must be used.

“If you are going into the direction of DevOps, that team could make a case on distributed architectures or mainframes with newer integration capabilities like APIs,” Cipot adds. “Again, it really depends on where the biggest issue is surfacing.”

Security Concerns Take Center Stage

Buckellew notes one of the main OSS security concerns is around the application development and delivery to and from the mainframe. Additionally, many organizations are worried that if there are vulnerabilities found in open-source packages, that it will take a long time to get fixes.

“This risk can be eliminated if the organizations are working with reputable software companies that handle the ports and can make fixes to packages in time to mitigate security risks,” he says.

Parkin says most of the security concerns with OSS are common regardless of what platform they’re running on. “Even at the deeper levels where the differences between a mainframe and commodity platforms matter, the concerns with open-source software are the same that any developer faces,” he says.

That requires use of industry-standard best practices for secure coding and considering any unique requirements of the platform.

Cipot says one thing that everyone must consider is that OSS is likely already (or will soon be) implemented in your company, in one form or another, and you must be prepared to take care of it.

“This means you must catalog the open-source software you are using and follow its development so you can mitigate any security issues that arise,” he says.

As was the case with Log4J last December, companies that were prepared for the issue were the ones that not only knew they were using that specific open-source software component but were also knowledgeable about how to handle the situation of a security hole in affected systems.

“It is all about maturity of using open-source software,” Cipot says.

What to Read Next:

When to Justify a Legacy Upgrade

The Staying Power of Legacy Systems

IT Modernization: Ask Not Why, But Why Not?

About the Author(s)

Nathan Eddy

Freelance Writer

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights