Data breaches and exposures
all invite the same lament: if only the compromised data had been
encrypted. Bad guys can only do so much with exfiltrated data, after
all, if they can't read any of it. Now, IBM says it has a way to encrypt
every level of a network, from applications to local databases and
cloud services, thanks to a new mainframe that can power 12 billion
encrypted transactions per day.
The processing
burden that comes with all that constant encrypting and decrypting has
prevented that sort of comprehensive data encryption at scale in the
past. Thanks to advances in both hardware and software encryption
processing, though, IBM says that its IBM Z mainframe can pull off the
previously impossible. If that holds up in practice, it will offer a
system that's both accessible for users, and offers far greater data
security than currently possible.
Encryption Conniption
According
to IBM, hackers have compromised around nine billion digital data
records since 2013, a third of them medical. A meager four percent of
that data was encrypted, though, meaning those credit card numbers, user
names and passwords, and social security numbers passed easily onto
dark-web criminal exchanges.
Even encrypted
data often ends up compromised, because companies don't always opt for
hacker-proof cryptography. Cybercriminals don't mind putting in the
effort; the data people bother to encrypt tends to be valuable, which
means putting resources into decrypting it usually pays off.
A
system that encrypts virtually all data, though, makes it much more
difficult for criminals to identify worthwhile targets. Enter IBM Z. All
it takes is a massive amount of computing power.
Remember the Mainframe
The
IBM Z mainframe locks data down with public 256-bit AES encryption—the
same robust protocol used in the ubiquitous SSL and TLS web encryption
standards, and trusted by the US government for protecting classified
data. But the company's breakthrough lies less in quality than it does
quantity. Thanks to some proprietary on-chip processing hardware, IBM Z
can encrypt up to 13 gigabytes of data per second per chip, with roughly
24 chips per mainframe, depending on the configuration.
"This represents a 400 percent increase in silicon
that’s dedicated specifically to cryptographic processes—over six
billion transistors dedicated to cryptography," says Caleb Barlow, vice
president of threat intelligence at IBM Security. "So for any type of
transaction system we can now get the safety that we’re all after, which
just hasn’t really been attainable up to this point."
For
a better sense of why that all-encompassing encryption matters, compare
it to something like a typical banking website interaction. The service
likely encrypts your browsing session on the site, but that encryption
may not endure in the backend of the application and the network
operating system. Some point in the workflow lacks encryption, and
that's where your data becomes vulnerable.
IBM
Z, by contrast, keeps data encrypted at all times unless it is being
actively processed, and even then it is only briefly decrypted during
those actual computations, before being encrypted again.
"It
can process 12 billion transactions per day on one machine. If you take
something like Cyber Monday there’s probably about 30 million
transactions that go on," says Barlow. "So one of these machines can
process that kind of crazy workload without even breaking a sweat in
less than a day."
No comments:
Post a Comment