IBM Cloud Delivers Quantum-Safe Cryptography and Hyper Protect Crypto Services to Help Protect Data in the Hybrid Era

IBM brings hybrid cloud leadership together with quantum and security research expertise to stay at the forefront of quantum cybersecurity

ARMONK, N.Y., Nov. 30, 2020 /PRNewswire/ — IBM (NYSE: IBM) today announced a series of cloud services and technologies designed to help clients maintain the highest available level of cryptographic key encryption protection to help protect existing data in the cloud1 and prepare for future threats that could evolve with advances in quantum computing. Pioneered by IBM Research scientists, the company is now offering quantum-safe cryptography support for key management and application transactions in IBM Cloud®, making it the industry’s most holistic quantum-safe cryptography approach to securing data available today.

IBM Corporation logo. (PRNewsfoto/IBM)

The new capabilities include:

  • Quantum Safe Cryptography Support: Through the use of open standards and open source technology, this service enhances the standards used to transmit data between enterprise and Cloud, helping to secure data by using a quantum-safe algorithm.
  • Extended IBM Cloud Hyper Protect Crypto Services: New capabilities are available to enhance privacy of data in cloud applications, where data sent over the network to cloud applications and sensitive data elements like credit card numbers, are stored in a database that can be encrypted at application-level – supported by the industry’s highest level of cryptographic key encryption protection with ‘Keep Your Own Key’ (KYOK) capability.

“As our reliance on data grows in the era of hybrid cloud and quantum computing capabilities advance, the need for data privacy is becoming even more critical. IBM now offers the most holistic quantum-safe approach to securing data available today and to help enterprises protect existing data and help protect against future threats,” said Hillery Hunter, Vice President and Chief Technology Officer, IBM Cloud. “Security and compliance remain front and center for IBM Cloud as we continue to invest in confidential computing and our leading encryption capabilities to help enterprises of all kinds – especially those in highly regulated industries – keep data secured.”

Preparing for future threats with Quantum-Safe Cryptography Support
While quantum computing aims to solve complex problems even the world’s most powerful supercomputers cannot solve, future fault-tolerant quantum computers could pose potential risks, such as the ability to quickly break encryption algorithms and access sensitive data. To mitigate these risks IBM has developed a clear strategic agenda to help protect the long term security of our platforms and services. This agenda includes the research, development and standardization of core quantum-safe cryptography algorithms as open source tools such as CRYSTALS and OpenQuantumSafe. It also includes the governance, tools and technology to support our clients as they start on the same journey to a more secure future.

Today, as the next step in that agenda, IBM is bringing its industry-leading encryption capabilities built by IBM Research cryptographers to help clients with a quantum-safe cryptography approach for their data-in-transit within IBM Cloud. The capabilities are designed to help enterprises prepare for future threats and can be useful against attacks in which malicious actors harvest encrypted data today with the intent to decrypt it later as quantum computing advances.

IBM Key Protect, a cloud-based service that provides lifecycle management for encryption keys that are used in IBM Cloud services or client-built applications, has now introduced the ability to use a quantum-safe cryptography enabled Transport Layer Security (TLS) connection – helping to protect data during the key lifecycle management.   

In addition, IBM Cloud is also introducing quantum-safe cryptography support capabilities to enable application transactions. When cloud native containerized applications run on Red Hat® OpenShift® on IBM Cloud or IBM Cloud Kubernetes Services, secured TLS connections can help application transactions with quantum-safe cryptography support during data-in-transit and protect from potential breaches.

Protecting sensitive data with IBM Cloud Hyper Protect Crypto Services
Enterprises also need to mitigate risks from external and internal threats, as well as to address regulatory compliance.

Today, IBM Cloud is also delivering new capabilities to help secure application transactions and sensitive data using IBM Cloud Hyper Protect Crypto Services, which offer the industry’s highest level of cryptographic key encryption protection by providing customers with ‘Keep Your Own Key’ (KYOK) capability. Built on FIPS-140-2 Level 4-certified hardware – the highest level of security offered by any cloud provider in the industry for cryptographic modules2 – this allows clients to have exclusive key control, and therefore authority over the data and workloads protected by the keys.

Designed for application transactions where there is a deeper need for more advanced cryptography, IBM Cloud clients can keep their private keys secured within the cloud hardware security module while offloading TLS to IBM Cloud Hyper Protect Crypto Services to help establish a secure connection to the web server. They can also achieve application-level encryption of sensitive data, such as a credit card number, before it gets stored in a database system.

Continuing to address the security demands of clients and highly regulated industries
IBM has been investing in confidential computing technologies for over a decade and today delivers production-ready confidential computing to help clients protect data, applications and processes.

Furthering its commitment to security and compliance, IBM continues to collaborate with its industry peers to make further progress in standardization initiatives. For example, security best practices on IBM Cloud are now available as a Center for Internet Security (CIS) Foundations benchmark for IBM Cloud, and IBM Research cryptographers are key contributors to the QSC algorithms that are short listed in the National Institute of Standards and Technology (NIST).

IBM, the IBM logo, and IBM Cloud are trademarks or registered trademarks of IBM Corp., in the U.S. and/or other countries.

Red Hat® and OpenShift® are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.

About IBM Cloud
For further information visit: www.ibm.com/cloud/

CONTACT:
Kate Gazzillo
IBM Communications
kate.gazzillo@ibm.com 

Encryption keys and cryptographic operations are protected with highest level certified HSM –  with Hyper Protect Crypto services: FIPS 140-2 Level 4.

2 Based on IBM Hyper Protect Crypto Service, the only service in the industry built on FIPS 140-2 Level 4-certified hardware. FIPS 140-2 Security Level 4 provides the highest level of security defined in this standard. At this security level, the physical security mechanisms provide a comprehensive envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access.

SOURCE IBM

This post was originally published on this site



For enquiries, product placements, sponsorships, and collaborations, connect with us at hello@globalcloudplatforms.com. We'd love to hear from you!


Our humans need coffee too! Your support is highly appreciated, thank you!

Total
0
Shares
Previous Article

Built With The Google Maps Platform Gaming Solution

Next Article

Tune up app performance and cost efficiency

Related Posts

IBM Reveals Next-Generation IBM POWER10 Processor

ARMONK, N.Y., Aug. 17, 2020 /PRNewswire/ -- IBM (NYSE: IBM) today revealed the next generation of its IBM POWER central processing unit (CPU) family: IBM POWER10. Designed to offer a platform to meet the unique needs of enterprise hybrid cloud computing, the IBM POWER10 processor uses a design focused on energy efficiency and performance in a 7nm form factor with an expected improvement of up to 3x greater processor energy efficiency, workload capacity, and container density than the IBM POWER9 processor.1   Designed over five years with hundreds of new and pending patents, the IBM POWER10 processor is an important evolution in IBM's roadmap for POWER. Systems taking advantage of IBM POWER10 are expected to be available in the second half of 2021. Some of the new processor innovations include: IBM's First Commercialized 7nm Processor that is expected to deliver up to a 3x improvement in capacity and processor energy efficiency within the same power envelope as IBM POWER9, allowing for greater performance.1 Support for Multi-Petabyte Memory Clusters with a breakthrough new technology called Memory Inception, designed to improve cloud capacity and economics for memory-intensive workloads from ISVs like SAP, the SAS Institute, and others as well as large-model AI inference. New Hardware-Enabled Security Capabilities including transparent memory encryption designed to support end-to-end security. The IBM POWER10 processor is engineered to achieve significantly faster encryption performance with quadruple the number of AES encryption engines per core compared to IBM POWER9 for today's most demanding standards and anticipated future cryptographic standards like quantum-safe cryptography and fully homomorphic encryption. It also brings new enhancements to container security. New Processor Core Architectures in the IBM POWER10 processor with an embedded Matrix Math Accelerator which is extrapolated to provide 10x, 15x and 20x faster AI inference for FP32, BFloat16 and INT8 calculations per socket respectively than the IBM POWER9 processor to infuse AI into business applications and drive greater insights. "Enterprise-grade hybrid clouds require a robust on-premises and off-site architecture inclusive of hardware and co-optimized software," said Stephen Leonard, GM of IBM Cognitive Systems. "With IBM POWER10 we've designed the premier processor for enterprise hybrid cloud, delivering the performance and security that clients expect from IBM. With our stated goal of making Red Hat OpenShift the default choice for hybrid cloud, IBM POWER10 brings hardware-based capacity and security enhancements for containers to the IT infrastructure level." IBM POWER10 7nm Form Factor Delivers Energy Efficiency and Capacity Gains IBM POWER10 is IBM's first commercialized processor built using 7nm process technology. IBM Research has been partnering with Samsung Electronics Co., Ltd. on research and development for more than a decade, including demonstration of the semiconductor industry's first 7nm test chips through IBM's Research Alliance. With this updated technology and a focus on designing for performance and efficiency, IBM POWER10 is expected to deliver up to a 3x gain in processor energy efficiency per socket, increasing workload capacity in the same power envelope as IBM POWER9. This anticipated improvement in capacity is designed to allow IBM POWER10-based systems to support up to 3x increases in users, workloads and OpenShift container density for hybrid cloud workloads as compared to IBM POWER9-based systems. 1 This can affect multiple datacenter attributes to drive greater efficiency and reduce costs, such as space and energy use, while also allowing hybrid cloud users to achieve more work in a smaller footprint. Hardware Enhancements to Further Secure the Hybrid Cloud IBM POWER10 offers hardware memory encryption for end-to-end security and faster cryptography performance thanks to additional AES encryption engines for both today's leading encryption standards as well as anticipated future encryption protocols like quantum-safe cryptography and fully homomorphic encryption. Further, to address new security considerations associated with the higher density of containers, IBM POWER10 is designed to deliver new hardware-enforced container protection and isolation capabilities co-developed with the IBM POWER10 firmware. If a container were to be compromised, the POWER10 processor is designed to be able to prevent other containers in the same Virtual Machine (VM) from being affected by the same intrusion. Cyberattacks are continuing to evolve, and newly discovered vulnerabilities can cause disruptions as organizations wait for fixes. To better enable clients to proactively defend against certain new application vulnerabilities in real-time, IBM POWER10 is designed to give users dynamic execution register control, meaning users could design applications that are more resistant to attacks with minimal performance loss. Multi-Petabyte Size Memory Clustering Gives Flexibility for Multiple Hybrid Deployments IBM POWER has long been a leader in supporting a wide range of flexible deployments for hybrid cloud and on-premises workloads through a combination of hardware and software capabilities. The IBM POWER10 processor is designed to elevate this with the ability to pool or cluster physical memory across IBM POWER10-based systems, once available, in a variety of configurations. In a breakthrough new technology called Memory Inception, the IBM POWER10 processor is designed to allow any of the IBM POWER10 processor-based systems in a cluster to access and share each other's memory, creating multi-Petabyte sized memory clusters. For both cloud users and providers, Memory Inception offers the potential to drive cost and energy savings, as cloud providers can offer more capability using fewer servers, while cloud users can lease fewer resources to meet their IT needs.  Infusing AI into the Enterprise Hybrid Cloud to Drive Deeper Insights As AI continues to be more and more embedded into business applications in transactional and analytical workflows, AI inferencing is becoming central to enterprise applications. The IBM POWER10 processor is designed to enhance in-core AI inferencing capability without requiring additional specialized hardware. With an embedded Matrix Math Accelerator, the IBM POWER10 processor is expected to achieve 10x, 15x, and 20x faster AI inference for FP32, BFloat16 and INT8 calculations respectively to improve performance for enterprise AI inference workloads as compared to IBM POWER9,2 helping enterprises take the AI models they trained and put them to work in the field. With IBM's broad portfolio of AI software, IBM POWER10 is expected to help infuse AI workloads into typical enterprise applications to glean more impactful insights from data. Building the Enterprise Hybrid Cloud of the Future With hardware co-optimized for Red Hat OpenShift, IBM POWER10-based servers will deliver the future of the hybrid cloud when they become available in the second half of 2021. Samsung Electronics will manufacture the IBM POWER10 processor, combining Samsung's industry-leading semiconductor manufacturing technology with IBM's CPU designs. Read more about how IBM POWER10 is expected to impact the enterprise hybrid cloud market, here: https://newsroom.ibm.com/Stephen-Leonard-POWER10. About IBM For more information about IBM Power Systems visit: https://www.ibm.com/it-infrastructure/power Red Hat, Red Hat Enterprise Linux, the Red Hat logo and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. CONTACT: Sam Ponedal sponeda@us.ibm.com  1 3X performance is based upon pre-silicon engineering analysis of Integer, Enterprise and Floating Point environments on a POWER10 dual socket server offering with 2x30-core modules vs POWER9 dual socket server offering with 2x12-core modules; both modules have the same energy level. 2 10-20X AI inferencing improvement is based upon pre-silicon engineering analysis of various workloads (Linpack. Resnet-50 FP32, Resnet-50 BFloat16, and Resnet-50 INT8) on a POWER10 dual socket server offering with 2x30-core modules vs POWER9 dual socket server offering with 2x12-core modules. SOURCE IBM