Tuesday, 18 July 2017

Washington Post/Brian Fung: To battle hackers, IBM wants to encrypt the world

The Washington Post
Democracy Dies in Darkness

The Switch

To battle hackers, IBM wants to encrypt the world
By Brian Fung July 17 at 10:09 AM

There are only two types of companies, it is commonly said: those that have been hacked, and those that just don't know it yet.

IBM, the computing giant, wants to get rid of both. The company said Monday that it has achieved a breakthrough in security technology that will allow every business, from banks to retailers to travel-booking companies, to encrypt their customer data on a massive scale — turning most, if not all, of their digital information into gibberish that is illegible to thieves with its new mainframe.

“The last generation of mainframes did encryption very well and very fast, but not in bulk,” Ross Mauri, general manager of IBM's mainframe business, said in an interview. Mauri estimates that only 4 percent of data stolen since 2013 was ever encrypted.

The Switch newsletter

The day's top stories on the world of tech.

As the number of data breaches affecting U.S. entities steadily grows — resulting in the leakage every year of millions of people's personal information — IBM argues that universal encryption could be the answer to what has become an epidemic of hacking.

The key, according to IBM officials, is an update to the computer chips driving the powerful mainframe servers that house corporate or institutional information and process millions of transactions a day worldwide, from ATM withdrawals to credit card payments to flight reservations. The company's latest mainframe processor devotes 6 billion transistors — the digital switches that allow computers to run calculations — to encryption alone, reflecting a four-fold increase over today's standards, said Mauri.

Cryptography, the science of turning legible information into coded gobbledygook, is already commonly used among certain email providers and storage services. But because of the enormous computational power needed to quickly encrypt and decrypt information as it passes from one entity to another, many businesses use encryption only selectively, if at all. A December report by the security firm Sophos found that while 3 out of 4 organizations routinely encrypt customer data or billing information, far more do not encrypt their intellectual property or HR records. Sixty percent of organizations also leave work files created by employees unencrypted, the study found.

All of these represent opportunities for digital criminals, said Austin Carson, executive director of the technology think tank TechFreedom.

“One of the big problems is that way too much information is stored in clear text,” he said. But universal or pervasive encryption, he added, could help ensure that even if hackers successfully broke into a company's network, any information they found there would be impossible to decode. “That would be a huge step forward just in terms of protecting a much larger body of information,” Carson said.

But the same technology could frustrate law enforcement, which in recent years has waged a furious battle with Silicon Valley over encryption technology and how extensively it should be used. In a high-profile dispute last year with Apple, the Justice Department argued that the company should help officials break into an encrypted iPhone used by one of the San Bernardino shooters. Apple refused, saying that developing tools to break encryption would undermine its customers' security, particularly if the tools were to fall into the wrong hands. Apple's concern is not theoretical: This year's WannaCry ransomware attack, which held thousands of PCs hostage, has been linked to a Windows vulnerability that was secretly discovered and exploited by the National Security Agency long before it leaked into the wild.

In its push to expand universal encryption, IBM is taking Apple's side in the debate.

“IBM fully supports the need for governments to protect their citizens from evolving threats,” the company said in a statement on the issue. “Weakening encryption technology, however, is not the answer. Encryption is simply too prevalent and necessary in modern society.”

For IBM, encryption is also a massive business opportunity. Businesses spend over $1 trillion a year making sure that their security meets government standards, according to company officials. One aspect of IBM's new approach to mainframes is the concept of automating that compliance work, using artificial intelligence to check that what's being protected passes regulatory muster in various industries. In doing so, IBM expects to turn a chunk of that annual compliance spending into revenue for itself. And that's on top of the roughly $500,000 it expects to charge new customers for using IBM's newest mainframe technology. Most businesses, said Mauri, will be upgrading from an existing setup, so the cost for those clients could be less.

For some small businesses, that may still be too expensive. Still, the history of technology suggests that with time, those prices may fall.

“This is the turning point. The idea here is that you can start to encrypt all data,” said Mauri. But even as IBM makes encrypting everything a priority, security experts like Mauri already have their eyes set on the next holy grail: the ability to securely edit and manipulate encrypted files without ever having to decrypt them in the first place.

     Share on FacebookShare
      Share on TwitterTweet
    Share via Email

Brian Fung covers technology for The Washington Post, focusing on telecommunications, Internet access and the shifting media economy. Before joining The Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.
Follow @b_fung


    This Woman 'Treat' Her Nail Fungus in 10 Minutes, Watch How This Woman 'Treat' Her Nail Fungus in 10 Minutes… healthnewstips.today

Recommended by
Most Read

    ‘AMERICAN NIGHTMARE’: Australians react to fatal police shooting in ‘risky’ United States
    A video of a woman in a skirt sparks outrage in Saudi Arabia
    Analysis The blockade of Qatar is failing
    Why Jared Kushner has had to update his disclosure of foreign contacts more than once
    U.S. certifies that Iran is meeting terms of nuclear deal

The story must be told.
Subscribe to The Washington Post.

The Switch newsletter

The day's top stories on the world of tech.
Market Watch
DJIA -0.04%
NASDAQ 0.03%
Get quote
Last Update: 07/18/2017(DJIA&NASDAQ)

    © 1996-2017 The Washington Post
    Help and Contact Us
    Terms of Service
    Privacy Policy
    Print Products Terms of Sale
    Digital Products Terms of Sale
    Submissions and Discussion Policy
    RSS Terms of Service
    Ad Choices

Post a Comment