Regardless of the push to cloud, mainframes proceed to energy world finance. Jennifer Nelson explains why modernization requires steadiness, not abandonment.
Jennifer Nelson is CEO of izzi Software program.
Uncover prime fintech information and occasions!
Subscribe to FinTech Weekly’s e-newsletter
Learn by executives at JP Morgan, Coinbase, Blackrock, Klarna and extra
In an business obsessive about the most recent wave of expertise, it’s simple to neglect that a few of the strongest pillars in monetary infrastructure have stood for many years. Whereas fintech innovation is usually framed as a race towards the long run, the spine of world banking quietly stays anchored in techniques many wrongly dismiss as relics: the mainframe.
This isn’t only a matter of nostalgia or company inertia. Mainframes nonetheless course of the majority of the world’s monetary transactions, with a reliability and scale unmatched by many more recent platforms. Their skill to deal with huge volumes of information in actual time, with out compromising safety, has made them indispensable in a monetary system that relies on each velocity and belief.
But, for all their important function, mainframes are sometimes misunderstood. In at the moment’s local weather, the place “cloud-first” is the default mantra, it might probably really feel counterintuitive to defend older applied sciences. However calling the mainframe a legacy system oversimplifies a way more advanced reality. To know why, we have to study the steadiness between heritage techniques and the fashionable push towards hybrid infrastructures.
The Case for Modernization with Warning
Monetary establishments are underneath relentless strain to modernize. Traders, clients, and regulators anticipate seamless digital companies, hardened safety, and ever-faster efficiency. For a lot of leaders, the temptation is to pursue change aggressively — to shed outdated techniques and transfer wholesale to the cloud.
However modernization isn’t merely a technical mission. It’s a strategic endeavor that carries dangers when accomplished swiftly. Information that has lived securely inside a mainframe setting for many years turns into uncovered the second it’s transferred elsewhere. Purposes optimized for the mainframe could stumble when migrated, leading to pricey latency points. These dangers are greater than hypothetical — they threaten every day operations, regulatory compliance, and even shopper belief.
The lesson is evident: true modernization isn’t about ripping out the outdated in favor of the brand new. It’s about integrating strengths, phasing updates rigorously, and making certain that the following step ahead doesn’t destabilize what already works.
A Expertise Hole with Actual Penalties
Expertise evolves quicker than the experience required to keep up it. Nowhere is that this extra obvious than within the mainframe house. For years, banks and monetary establishments have relied on a pool of engineers with deep institutional data of IBM Z techniques and associated platforms. As a lot of these consultants retire, the following era has but to totally change their talent set.
This creates a severe problem. A shallow bench of experience will increase the chance of pricey errors, even when protections are in place. The resilience of mainframes can’t absolutely compensate for the human issue. Till new engineers are educated and mentored, banks will face vulnerabilities not due to the expertise itself, however due to the narrowing pool of pros who know use it safely.
Safety Is Nonetheless About Individuals
When conversations about cybersecurity come up, a lot of the main focus is on instruments and defenses. But, again and again, the true weaknesses stem from human habits. Within the mainframe world, this typically comes right down to how permissions are granted, managed, and revoked.
Builders who don’t absolutely perceive the implications of elevated permissions could go away doorways open, not out of malice, however out of incomplete coaching or comfort. Firms that fail to replace entry when workers shift roles can expose delicate knowledge unnecessarily. Even with subtle expertise, the fundamentals of safety hygiene stay important — and too typically missed.
Introducing Jennifer Nelson
To place these challenges and alternatives in context, we turned to Jennifer Nelson, CEO of Izzi Software program. Nelson has constructed her profession round mainframe techniques, spending 15 years at Rocket Software program and 5 years at BMC earlier than broadening her perspective by senior engineering roles exterior the IBM Z ecosystem. In 2024, she based Izzi Software program, an organization devoted to buying and rising companies constructed on IBM Z and IBM Energy platforms.
Her vantage level — spanning conventional mainframe engineering and trendy software program management — makes her a uncommon voice in at the moment’s dialog about expertise technique in monetary companies.
Benefit from the interview!
1. As fintech races towards cloud-native all the pieces, you’ve argued that the mainframe stays important to world banking stability. What do you assume most innovators get unsuitable concerning the function of older techniques at the moment?
The very first thing they get unsuitable is to name the mainframe a legacy system; that as a result of they had been launched greater than 60 years in the past they’re one way or the other out of date. That’s like calling the Home windows working system a legacy platform. It’s simply not actuality. Mainframes are extra related at the moment than after they had been first invented.
Everyone needs knowledge on the velocity of sunshine. They need knowledge returned to them as quickly as they press the button, regardless of the place that knowledge sits. And rightly so as a result of the top shopper wouldn’t know, and shouldn’t need to know, the complexities of their request, reminiscent of the place the information sits. However solely mainframes can provide the efficiency and safety in a hybrid setting.
Mainframes can ingest knowledge anyplace it sits, analyze it, and report it again, full with suggestions, higher than some other platform, and quicker. Present me one other system that may ingest knowledge from all throughout a worldwide community, analyze it, detect anomalies in real-time, and ship it proper again to the caller.
He who is aware of his knowledge finest wins as a result of knowledge is as treasured as money capital. When innovators dismiss mainframes as legacy techniques, they’re dismissing their velocity and energy, and the flexibility to course of large portions of information on the velocity required for real-time threat detection.
Individuals assume the cloud was game-changing and trendy, and that mainframes are outdated by comparability. The idea of cloud computing throughout a community is certainly trendy and game-changing for a lot of. However in the event you’re acquainted with mainframe expertise, customers will acknowledge it has lots of the identical traits as cloud. For instance, once you log into the mainframe you’re logging in to TSO, brief for “time sharing possibility”. You will have your personal TSO session, or Microsoft Groups ‘occasion’.
You’re all utilizing the identical processors on the mainframe. However once you’re not operating a program or batch job, capability is given to those that want it. You are also logging into an LPAR, or logical partition, full with devoted storage, safety and privateness. Customers on one LPAR can’t entry knowledge on one other LPAR, except particularly configured to take action. That’s what the cloud is at its core; sharing sources once you aren’t utilizing them, and securing knowledge devoted to your occasion. However the mainframe’s been utilizing these ideas for years.
2. Hybrid infrastructure—mixing mainframes with newer cloud layers—is turning into the norm. Out of your expertise, what are the true threat elements launched when organizations attempt to modernize too shortly or superficially?
Of the a number of threat elements, I can boil it down to 2.
The primary threat is knowledge consumption. The information on a mainframe is a few of the most safe knowledge anyplace. If you take it off the mainframe or make it seen to somebody ingesting that knowledge, there is a threat to knowledge privateness and regulation. Who’s it? The place is it going when it leaves the mainframe?
The second threat is in optimizing purposes to run in a hybrid setting. Purposes optimized for the mainframe could find yourself operating sub-optimally on one other server. Latency and efficiency points may hurt productiveness.
3. You’ve raised the alarm a few abilities hole in mainframe experience. How severe is the institutional threat when fewer engineers know function and safe the techniques monetary establishments nonetheless rely on?
The chance is extreme. Newer builders — not simply youthful, however these new to the business — will be taught and develop their experience. However till the following era catches up, there might be an publicity at monetary establishments for a while when institutional data shouldn’t be as deep because it must be.
Of us with a shallow depth of expertise or data could do issues inadvertently to trigger threat to knowledge or to an working system. These techniques are resilient and have a number of layers of safety in opposition to human error, however there’s nonetheless a good quantity of threat till abilities are the place they should be. Banks are already battling this abilities hole at the moment.
4. Safety conversations typically concentrate on instruments, however you’ve got identified that individuals are nonetheless the frontline. What operational blind spots have you ever seen emerge most frequently within the administration of mainframe environments?
Managing related environments often facilities round elevated permissions. When a software program engineer is writing code, they generally want an elevated permission to do one thing particular on the working system, the place they’ll allow this system to do one thing extra delicate. If the engineer misunderstands the developer’s finest practices when writing software program, they gained’t know when to go out and in of that elevated approved state. That state brings extra threat, so engineers gained’t keep in it lengthy sufficient to totally perceive the very best practices when creating for that system.
There are additionally some elementary safety finest practices to make use of in any IT community. If you give particular authorization to somebody in a sure function, you want a transparent course of in place to take away that authorization after they change roles, to make sure you take away entry. A lot of the time it’s not a difficulty, in the event that they’re both nonetheless an worker of the corporate or not a nasty actor. However there’s at all times a threat when leaving an excessive amount of delicate knowledge accessible to individuals who now not want it.
Moreover, mainframe system-level knowledge units permit customers to do elementary issues to a system. You solely need sure customers to have entry to these features. For instance, sure safety controls can solely be toggled on the deeper ranges of the working system. You’ll be stunned at how typically corporations go away fundamental safety rules unchecked. There are methods for engineers to do their jobs with out gaining access to these root-level sources, but it surely’s simpler to work with that stage of entry, so corporations go away the backdoor open greater than they need to.
Most workers could be trusted, however these are elementary rules some monetary establishments go away open and neglect about.
5. Ransomware assaults are concentrating on not simply endpoints, however core infrastructure. What makes legacy techniques each uniquely susceptible—and, in some instances, extra resilient—than newer platforms?
Mainframes have built-in layers of safety that almost all servers simply lack. Simply because you may log into the mainframe does not imply you now have entry to business-critical knowledge, which is what ransomware often locks down. You then need to know the place the information is, and entry that knowledge. After which the information may be compartmented, so an invader solely has entry to a section of the information and never all the pieces they want for a profitable ransomware assault. And if you do not have entry to the storage gadget, you may’t see the information on that gadget.
6. Out of your expertise, what does efficient modernization truly seem like for monetary establishments that may’t afford to “rip and change” however should be future-proofed?
Modernization means various things at completely different corporations due to the place they’re with the purposes they run. Whether or not B2B or B2C, corporations are modernizing frequently, upgrading servers and laptops.
The identical factor occurs with enterprise important purposes. A enterprise would possibly periodically replace these purposes, however as a result of conventional mainframe purposes had been developed generations in the past, the very best factor corporations can do is absolutely assess what every software does end-to-end. That means they’ll section their modernization in manageable items.
Firms can compartmentalize an software, breaking it into items so the completely different options and features get upgraded and rewritten slowly over time as is inexpensive. When you take a look at modernization as an ongoing course of, the urge to enhance and iterate turns into continuous.
Leaders ought to at all times have a proactive mindset. The questions must be: “What can we do now? What can we comprise this 12 months? What can we comprise within the subsequent two years?” That’s a greater strategy than “how can we rewrite this entire factor?”
It’s important to iterate on techniques and construct them out over time. Begin by rewriting one characteristic of a business-critical software, then construct on that by including the remainder of the options as you may. Section modifications in a little bit at a time.
Rip-and-replace is one possibility. It sounds uncooked and brutal, however all it actually means is to cease utilizing one system to make use of one other. However management must have the abdomen for a giant change abruptly, and has to approve the price range. The reality is, it’s extra simply “change,” as a result of it might probably take years to finish the process.
7. For tech leaders coming from a cloud-first mindset, what would you say is a very powerful shift in pondering when partaking with mission-critical mainframe techniques?
Be taught what the mainframe is definitely doing. The Hippocratic Oath says to first do no hurt, so be taught what the mainframe is chargeable for to maintain from making dangerous errors. As soon as these with a cloud-first mindset perceive the totality of what transactions are coming into the mainframe, the character of these transactions, and the way a lot their firm’s income relies on these transactions, they’re going to perceive and know keep away from damaging their firm’s efficiency and profitability.
About Jennifer Nelson
Jennifer Nelson has spent essentially the most of her profession within the mainframe house, together with 15 years at Rocket Software program and 5 years at BMC. In 2019, she transitioned into senior engineering roles at world expertise companies exterior the Z Techniques ecosystem, broadening her perspective and talent set. In early 2024, Nelson started laying the inspiration for what would change into Izzi Software program, an organization centered on buying and rising software program companies constructed on IBM Z and IBM Energy platforms.
