Armageddon! That was the tone of the first reactions at the start of January 2018 to the revelations that Google’s Project Zero had uncovered a major new category of hardware security breaches named Spectre and Meltdown affecting computer hardware, worldwide.
The bugs, which exploited critical vulnerabilities in computer processors, were the latest example of how our faith in the computers that increasingly run our daily lives was rocked to the core: Almost every single type of processor was at risk.
Fast forward a couple of weeks and although most systems have been patched, Spectre and Meltdown will cast a shadow for some months to come – because it’s almost impossible to ensure that every system, everywhere, is effectively patched.
We have seen a steady stream of updates from vendors and security specialists, either providing a fix, or promising that one is on its way, or indicating that certain groups of IT users are not affected.
There has been one particular group of systems that has been not been nearly as affected by Spectre and Meltdown, however – and that is mainframes. And even for Fujitsu mainframes that use the processors which are vulnerable, they are still safe – quite simply by design.
On Fujitsu mainframes, all the bugs have been ironed out – and you can’t just run some rogue code on a Fujitsu mainframe system, as all codes are monitored via system software. If you cannot execute malicious code, then you cannot gain un-authorized access to the system.
The robustness of their design is one reason to justify the upfront investment in mainframe systems. Organizations operating mainframes can feel proud that – when other systems around the world are under threat, the core machines running critical business infrastructure such as air traffic control, stock exchanges and banking systems can keep on running, on hardworking, durable enterprise platforms.
In the specific case of Fujitsu mainframes, our BS2000 series using /390 processors are not affected by either Spectre or Meltdown. Some BS2000 Mainframes do use Intel processors. However, they are also unaffected by this security issue, since the BS2000 operating system has, by design, security features in place to protect against these types of vulnerabilities. BS2000 applications are run by special system software, provided by Fujitsu, which transforms user-created BS2000 applications into x 86 programs that cannot exploit the flaws. Our BS2000 systems are therefore safe and secure even without additional security patches.
Some optional BS2000 server components, such as Application Units, use third-party operating systems or hypervisors other than BS2000 or VM2000. These customers should promptly deploy the BIOS corrections and patches provided by Fujitsu, as well as by the respective manufacturer.
You will understand why, at this point, many mainframe users (especially Fujitsu customers) could be forgiven for indulging in a moment of pride over their decision to remain with proven mainframe technology that has been already written off so many times by some parties. The temptation – not to mention the peer pressure – to jump onto the latest open source bandwagon can be intense at times. But there have been repeated moments, like now, when the long-term benefits of mainframe rise to the top yet again, justifying your decision to minimize risk by staying with the tried-and-tested technology, that experienced significant innovations during the last years.
Cost – understood as TCO – is not the least of these benefits. This might seem counter-intuitive to some parties in the industry, who only see the up-front cost of purchase and integration. Yes, you may spend a bit more out the outset on a mainframe server architecture, but once it’s up and running, it’s up and running. Over time though, the cumulative, hidden costs of supposedly “lower cost” open source-based systems become more obvious.
The costs of running mainframes are predictable and unaffected by hidden items such as unplanned maintenance, nor are they subject to the constant need for “technology refreshes” every 36 months.
You can never say never, of course, but in this particular instance, the benefits of mainframes that have served us all so well, and for so long, continue to pay back our trust in this proven technology.