Regardless of the push to cloud, mainframes proceed to energy international finance. Jennifer Nelson explains why modernization requires steadiness, not abandonment.
Jennifer Nelson is CEO of izzi Software program.
Uncover high fintech information and occasions!
Subscribe to FinTech Weekly’s publication
Learn by executives at JP Morgan, Coinbase, Blackrock, Klarna and extra
In an business obsessive about the most recent wave of expertise, it’s straightforward to neglect that a few of the strongest pillars in monetary infrastructure have stood for many years. Whereas fintech innovation is usually framed as a race towards the longer term, the spine of worldwide banking quietly stays anchored in methods many wrongly dismiss as relics: the mainframe.
This isn’t only a matter of nostalgia or company inertia. Mainframes nonetheless course of the majority of the world’s monetary transactions, with a reliability and scale unmatched by many more recent platforms. Their skill to deal with huge volumes of knowledge in actual time, with out compromising safety, has made them indispensable in a monetary system that will depend on each pace and belief.
But, for all their important position, mainframes are sometimes misunderstood. In in the present day’s local weather, the place “cloud-first” is the default mantra, it might probably really feel counterintuitive to defend older applied sciences. However calling the mainframe a legacy system oversimplifies a way more complicated fact. To grasp why, we have to look at the steadiness between heritage methods and the fashionable push towards hybrid infrastructures.
The Case for Modernization with Warning
Monetary establishments are underneath relentless stress to modernize. Buyers, clients, and regulators count on seamless digital companies, hardened safety, and ever-faster efficiency. For a lot of leaders, the temptation is to pursue change aggressively — to shed previous methods and transfer wholesale to the cloud.
However modernization isn’t merely a technical challenge. It’s a strategic endeavor that carries dangers when completed swiftly. Knowledge that has lived securely inside a mainframe surroundings for many years turns into uncovered the second it’s transferred elsewhere. Functions optimized for the mainframe might stumble when migrated, leading to pricey latency points. These dangers are greater than hypothetical — they threaten each day operations, regulatory compliance, and even client belief.
The lesson is evident: true modernization isn’t about ripping out the previous in favor of the brand new. It’s about integrating strengths, phasing updates fastidiously, and guaranteeing that the subsequent step ahead doesn’t destabilize what already works.
A Expertise Hole with Actual Penalties
Expertise evolves sooner than the experience required to take care of it. Nowhere is that this extra obvious than within the mainframe area. For years, banks and monetary establishments have relied on a pool of engineers with deep institutional data of IBM Z methods and associated platforms. As a lot of these specialists retire, the subsequent era has but to totally change their talent set.
This creates a critical problem. A shallow bench of experience will increase the danger of pricey errors, even when protections are in place. The resilience of mainframes can’t totally compensate for the human issue. Till new engineers are educated and mentored, banks will face vulnerabilities not due to the expertise itself, however due to the narrowing pool of execs who know tips on how to use it safely.
Safety Is Nonetheless About Individuals
When conversations about cybersecurity come up, a lot of the main target is on instruments and defenses. But, repeatedly, the true weaknesses stem from human conduct. Within the mainframe world, this usually comes right down to how permissions are granted, managed, and revoked.
Builders who don’t totally perceive the implications of elevated permissions might depart doorways open, not out of malice, however out of incomplete coaching or comfort. Corporations that fail to replace entry when workers shift roles can expose delicate knowledge unnecessarily. Even with subtle expertise, the fundamentals of safety hygiene stay important — and too usually neglected.
Introducing Jennifer Nelson
To place these challenges and alternatives in context, we turned to Jennifer Nelson, CEO of Izzi Software program. Nelson has constructed her profession round mainframe methods, spending 15 years at Rocket Software program and 5 years at BMC earlier than broadening her perspective by senior engineering roles outdoors the IBM Z ecosystem. In 2024, she based Izzi Software program, an organization devoted to buying and rising companies constructed on IBM Z and IBM Energy platforms.
Her vantage level — spanning conventional mainframe engineering and fashionable software program management — makes her a uncommon voice in in the present day’s dialog about expertise technique in monetary companies.
Benefit from the interview!
1. As fintech races towards cloud-native all the things, you’ve argued that the mainframe stays important to international banking stability. What do you suppose most innovators get mistaken concerning the position of older methods in the present day?
The very first thing they get mistaken is to name the mainframe a legacy system; that as a result of they have been launched greater than 60 years in the past they’re one way or the other out of date. That’s like calling the Home windows working system a legacy platform. It’s simply not actuality. Mainframes are extra related in the present day than after they have been first invented.
All people desires knowledge on the pace of sunshine. They need knowledge returned to them as quickly as they press the button, irrespective of the place that knowledge sits. And rightly so as a result of the tip client wouldn’t know, and shouldn’t need to know, the complexities of their request, equivalent to the place the information sits. However solely mainframes can provide the efficiency and safety in a hybrid surroundings.
Mainframes can ingest knowledge wherever it sits, analyze it, and report it again, full with suggestions, higher than another platform, and sooner. Present me one other system that may ingest knowledge from all throughout a world community, analyze it, detect anomalies in real-time, and ship it proper again to the caller.
He who is aware of his knowledge greatest wins as a result of knowledge is as valuable as money capital. When innovators dismiss mainframes as legacy methods, they’re dismissing their pace and energy, and the flexibility to course of large portions of knowledge on the pace required for real-time danger detection.
Individuals suppose the cloud was game-changing and fashionable, and that mainframes are outdated by comparability. The idea of cloud computing throughout a community is certainly fashionable and game-changing for a lot of. However when you’re accustomed to mainframe expertise, customers will acknowledge it has lots of the identical traits as cloud. For instance, while you log into the mainframe you’re logging in to TSO, brief for “time sharing choice”. You’ve your individual TSO session, or Microsoft Groups ‘occasion’.
You’re all utilizing the identical processors on the mainframe. However while you’re not working a program or batch job, capability is given to those that want it. You are also logging into an LPAR, or logical partition, full with devoted storage, safety and privateness. Customers on one LPAR can’t entry knowledge on one other LPAR, until particularly configured to take action. That’s what the cloud is at its core; sharing assets while you aren’t utilizing them, and securing knowledge devoted to your occasion. However the mainframe’s been utilizing these ideas for years.
2. Hybrid infrastructure—mixing mainframes with newer cloud layers—is turning into the norm. Out of your expertise, what are the true danger elements launched when organizations attempt to modernize too shortly or superficially?
Of the a number of danger elements, I can boil it down to 2.
The primary danger is knowledge consumption. The information on a mainframe is a few of the most safe knowledge wherever. While you take it off the mainframe or make it seen to somebody ingesting that knowledge, there is a danger to knowledge privateness and regulation. Who’s it? The place is it going when it leaves the mainframe?
The second danger is in optimizing purposes to run in a hybrid surroundings. Functions optimized for the mainframe might find yourself working sub-optimally on one other server. Latency and efficiency points may hurt productiveness.
3. You’ve raised the alarm a few expertise hole in mainframe experience. How critical is the institutional danger when fewer engineers know tips on how to function and safe the methods monetary establishments nonetheless rely upon?
The danger is extreme. Newer builders — not simply youthful, however these new to the business — will be taught and develop their experience. However till the subsequent era catches up, there will likely be an publicity at monetary establishments for a while when institutional data will not be as deep because it must be.
People with a shallow depth of expertise or data might do issues inadvertently to trigger danger to knowledge or to an working system. These methods are resilient and have a number of layers of safety towards human error, however there’s nonetheless a good quantity of danger till expertise are the place they have to be. Banks are already battling this expertise hole in the present day.
4. Safety conversations usually concentrate on instruments, however you’ve got identified that individuals are nonetheless the frontline. What operational blind spots have you ever seen emerge most frequently within the administration of mainframe environments?
Managing related environments often facilities round elevated permissions. When a software program engineer is writing code, they generally want an elevated permission to do one thing particular on the working system, the place they’ll allow this system to do one thing extra delicate. If the engineer misunderstands the developer’s greatest practices when writing software program, they gained’t know when to go out and in of that elevated approved state. That state brings extra danger, so engineers gained’t keep in it lengthy sufficient to totally perceive the perfect practices when growing for that system.
There are additionally some elementary safety greatest practices to make use of in any IT community. While you give particular authorization to somebody in a sure position, you want a transparent course of in place to take away that authorization after they swap roles, to make sure you take away entry. A lot of the time it’s not a problem, in the event that they’re both nonetheless an worker of the corporate or not a foul actor. However there’s all the time a danger when leaving an excessive amount of delicate knowledge accessible to individuals who not want it.
Moreover, mainframe system-level knowledge units permit customers to do elementary issues to a system. You solely need sure customers to have entry to these capabilities. For instance, sure safety controls can solely be toggled on the deeper ranges of the working system. You’ll be stunned at how usually corporations depart fundamental safety ideas unchecked. There are methods for engineers to do their jobs with out getting access to these root-level assets, however it’s simpler to work with that degree of entry, so corporations depart the backdoor open greater than they need to.
Most workers might be trusted, however these are elementary ideas some monetary establishments depart open and neglect about.
5. Ransomware assaults are concentrating on not simply endpoints, however core infrastructure. What makes legacy methods each uniquely weak—and, in some circumstances, extra resilient—than newer platforms?
Mainframes have built-in layers of safety that the majority servers simply lack. Simply because you may log into the mainframe does not imply you now have entry to business-critical knowledge, which is what ransomware often locks down. You then need to know the place the information is, and tips on how to entry that knowledge. After which the information may be compartmented, so an invader solely has entry to a phase of the information and never all the things they want for a profitable ransomware assault. And if you do not have entry to the storage system, you may’t see the information on that system.
6. Out of your expertise, what does efficient modernization really appear like for monetary establishments that may’t afford to “rip and change” however have to be future-proofed?
Modernization means various things at totally different corporations due to the place they’re with the purposes they run. Whether or not B2B or B2C, corporations are modernizing regularly, upgrading servers and laptops.
The identical factor occurs with enterprise important purposes. A enterprise may periodically replace these purposes, however as a result of conventional mainframe purposes have been developed generations in the past, the perfect factor corporations can do is totally assess what every utility does end-to-end. That means they’ll section their modernization in manageable items.
Corporations can compartmentalize an utility, breaking it into items so the totally different options and capabilities get upgraded and rewritten slowly over time as is inexpensive. In the event you have a look at modernization as an ongoing course of, the urge to enhance and iterate turns into continuous.
Leaders ought to all the time have a proactive mindset. The questions must be: “What can we do now? What can we include this 12 months? What can we include within the subsequent two years?” That’s a greater method than “how will we rewrite this complete factor?”
You must iterate on methods and construct them out over time. Begin by rewriting one characteristic of a business-critical utility, then construct on that by including the remainder of the options as you may. Section adjustments in just a little at a time.
Rip-and-replace is one choice. It sounds uncooked and brutal, however all it actually means is to cease utilizing one system to make use of one other. However management must have the abdomen for an enormous change suddenly, and has to approve the finances. The reality is, it’s extra simply “change,” as a result of it might probably take years to finish the process.
7. For tech leaders coming from a cloud-first mindset, what would you say is crucial shift in pondering when participating with mission-critical mainframe methods?
Be taught what the mainframe is definitely doing. The Hippocratic Oath says to first do no hurt, so be taught what the mainframe is accountable for to maintain from making dangerous errors. As soon as these with a cloud-first mindset perceive the totality of what transactions are coming into the mainframe, the character of these transactions, and the way a lot their firm’s income will depend on these transactions, they will perceive and know tips on how to keep away from damaging their firm’s efficiency and profitability.
About Jennifer Nelson
Jennifer Nelson has spent essentially the most of her profession within the mainframe area, together with 15 years at Rocket Software program and 5 years at BMC. In 2019, she transitioned into senior engineering roles at international expertise companies outdoors the Z Methods ecosystem, broadening her perspective and talent set. In early 2024, Nelson started laying the muse for what would change into Izzi Software program, an organization targeted on buying and rising software program companies constructed on IBM Z and IBM Energy platforms.