Why Mainframes in Finance Demand Equal Cyber Controls

More than 90% of financial services firms rely heavily on mainframes for their core operations, and over 90% of credit card transactions involve a mainframe. As mainframes integrate with modern digital ecosystems, they face growing exposure to threats. But many organizations continue to view them as inherently secure, said Tim Hill, vice president of software engineering at Rocket Software.

See Also: Identity and Access Management (IAM) Market Guide 2025

New York State Department of Financial Services Part 500 requires firms to deploy multifactor authentication and vulnerability scanning equally across mainframes and distributed systems. The regulation targets integrity vulnerabilities – code flaws that let attackers bypass security controls regardless of perimeter strength. Hill said these vulnerabilities enter systems whenever vendors deliver patches or updates, making regular scanning during deployment essential.

“If you have a vault, a three-foot-thick vault door on the front of your entire ecosystem, but you can bypass that and go through a screen door, a bad actor can do that,” Hill said. “That’s a problem. You’ve got to lock down that door as well.”

To stay audit-ready for 23 NYCRR 500 readiness, read the checklist.

In this video interview with Information Security Media Group at the Fraud Prevention and Financial Services Cybersecurity Summits in New York, Hill also discussed:

• Why MFA adoption must extend to mainframe login, not just network access;
• How scanning tools identify code sequences that violate integrity rules;
• The shift from viewing mainframes as obscure targets to recognizing their $3 trillion daily commerce exposure.

Hill oversees software modernization, cloud, DevOps and AI efforts at Rocket Software, focusing on enterprise systems in the IBM Power and mainframe space. He has more than 10 years of experience leading global engineering teams.