Funtap - stock.adobe.com
New IBM encryption tools head off quantum computing threats
IBM rolled out a series of cloud-based services that improve hybrid cloud users' cryptographic key protection, in part to future-proof incursions by quantum computers.
The messages surrounding quantum computers have almost exclusively focused on the sunny side of how these machines will solve infinitely complex problems today's supercomputers can't begin to address. But rarely, if ever, have the masters of hype focused on the dark side of what these powerful machines might be capable of.
For all the good they promise, quantum systems, specifically fault-tolerant quantum systems, are able to crumble the security that guards sensitive information on government servers and those of the largest Fortune 500 companies.
Quantum computers are capable of processing a vast number of numerical calculations simultaneously. Classical computers deal in ones and zeros, while a quantum computer can use ones and zeros as well as achieve a "superposition" of both ones and zeros.
Earlier this year, Google achieved quantum supremacy with its quantum system by solving a problem thought to be impossible to solve with classical computing. The system was able to complete a computation in 200 seconds that would take a supercomputer about 10,000 years to finish -- literally 1 billion times faster than any available supercomputer, company officials boasted.
Quantum computers' refrigeration requirements and the cost of the system itself, which has not been revealed publicly, make it unlikely to be a system IBM or other quantum makers could sell as they would supercomputing systems. But quantum power is available through cloud services.
Defending against quantum power
Faced with this upcoming superior compute power, IBM has introduced a collection of improved cloud services to strengthen users' cryptographic key protection as well as defend against threats expected to come from quantum computers.
Building on current standards used to transmit data between an enterprise and the IBM cloud, the new services secure data using a "quantum-safe" algorithm. Though quantum computers are years away from broad use, it's important to identify the potential risk that fault-tolerant quantum computers pose, including the ability to quickly break encryption algorithms to get sensitive data, IBM said.
Part of IBM's new strategic agenda includes the research, development and standardization of core quantum-safe cryptography algorithms as open source tools such as Crystals and Open Quantum Safe grow in popularity.
Judith HurwitzPresident, Hurwitz & Associates
The agenda also includes the standardization of governance tools and accompanying technologies to support corporate users as they begin integrating quantum systems alongside existing classical systems.
Some analysts applaud IBM for extending support for the new cloud services beyond the security needs of existing hybrid cloud users to quantum computers as a way of future-proofing the new offerings.
"With emerging technologies like quantum computing, users can't accurately predict how long it will be before they need services like this," said Judith Hurwitz, president of Hurwitz & Associates. "But prices [of quantum systems] could come down and the technology mature quicker than you anticipate, so you may need services like this to work across platforms. It could also be IBM just wanting to show how far ahead of everyone else they are."
While fault-tolerant quantum computers are a long way from reality for the vast majority of hackers, some analysts point out that adversarial governments could access such systems sooner rather than later to break the security schemes of the U.S. military and other federal government agencies.
"There could be legitimate concern about some well-organized and funded nation-states using quantum computers to crack algorithms to get at sensitive information, but there is little chance cybercriminals can get access to a quantum system anytime soon," said Doug Cahill, vice president and group director of cybersecurity with Enterprise Strategy Group. "But the short-term benefit here is future-proofing for mission critical workloads."
The need for data privacy is more critical as users become increasingly dependent on data, said Hillery Hunter, vice president and CTO of IBM Cloud, in a prepared statement. Security and compliance remain central to IBM's Confidential Computing initiative, Hunter said, as it is for corporate users in highly regulated industries where it's critical to keep proprietary data secure.
IBM also delivered an improved version of its Key Protect offering, designed for lifecycle management for encryption keys used in IBM Cloud services or in applications built by users. The new version has the ability to use quantum-safe cryptography-enabled Transport Layer Security (TLS) connections, which helps protect data during key lifecycle management.
The company also unveiled quantum-safe cryptography support features that enable application transactions. For instance, when cloud-native containerized applications run on Red Hat's OpenShift or IBM Cloud Kubernetes Services, secured TLS connections contribute to application transactions with quantum-safe cryptography support during data-in-transit protecting against breaches.
IBM's Cloud Hyper Protect Crypto Service provides users with Keep Your Own Key features. The offering is built on FIPS-140-2 Level 4-certified hardware, which gives users exclusive key control and authority over data and workloads that are protected by the keys.
"What I like about this is you get to keep your own [encryption] keys for cloud data encryption, which is unique," said Frank Dzubeck, president of Communications Network Architects. "No one but you -- not even cloud administrators -- can access your data."
The product is primarily meant for application transactions where there is a more essential need for advanced cryptography. Users are allowed to keep their private keys secured within the cloud hardware security module and, at the same time, offload TLS to the IBM Cloud Hyper Protect Crypto Services, thereby creating a more secure connection to the web server. Users can also gain application-level encryption of sensitive data, including credit card numbers, before it gets stored in a database system.