Zero-Trust Network Access on IBM z/OS: Applying BeyondCorp Principles to Mainframe Perimeter Architecture

Authors

  • Rohit Kumar Shaw Infrastructure Engineer.
  • Artem Kulagin

DOI:

https://doi.org/10.70917/ijcisim-2026-2915

Keywords:

Zero-Trust Network Access, IBM z/OS Security, BeyondCorp Architecture, Mainframe Perimeter Security, RACF Access Control, z/OS Connect API Security

Abstract

Traditional perimeters for IBM z/OS depend on trusted zones, virtual private networks (VPNs), firewalls, and security assumptions that are static in nature. Hybrid cloud integration, z/OS Connect APIs, z/OSMF administration, and DevSecOps pipelines, however, have expanded the IBM z/OS attack surface. In this study, a conceptual Zero-Trust-Network-Access approach for IBM z/OS, including BeyondCorp and incorporating it into the mainframe perimeter architecture, is proposed. The design process adopted a mixed-method approach, dominated by qualitative methods such as document analysis, control mapping, gap analysis, architecture synthesis, and expert review. Evidence comprised practitioner, technical, academic, and standards documents, complemented by a purposive selection of key practitioner, technical, and standards documents and selected key mainframe security, IAM, and network security professionals. BeyondCorp principles could be applied to six z/OS security domains: identity verification, device posture, encrypted transport, session authorization, API mediation, and monitoring. RACF, SAF, MFA, AT-TLS, z/OSMF, z/OS Connect, SMF records, and SIEM integration provide strong foundations, while device posture scoring and adaptive access remain weak areas. The study provides a multi-layered modernization model that enables access to the mainframe while improving existing z/OS controls. The framework should be validated in future research through production-like tests that measure measurable latency, compliance, reliability, and risk-reduction parameters in enterprises.

Downloads

Download data is not yet available.

Downloads

Published

2026-07-09

How to Cite

Rohit Kumar Shaw, & Artem Kulagin. (2026). Zero-Trust Network Access on IBM z/OS: Applying BeyondCorp Principles to Mainframe Perimeter Architecture. International Journal of Computer Information Systems and Industrial Management Applications, 18(6s), 342–351. https://doi.org/10.70917/ijcisim-2026-2915

Issue

Section

Original Articles