IBM today announced it is offering new cloud services and quantum-safe cryptography support for key management and application transactions in IBM Cloud. The new capabilities will help partners and customers better protect existing data and prepare for future threats, according to a statement from the company.
The new capabilities include Quantum Safe Cryptography Support, IBM Key Protect and extended Hyper Protect Crypto services for IBM Cloud, which will allow partners and customers to better protect sensitive data in the cloud, keep encryption keys secure throughout the entire lifecycle and secure data in transit, according to the statement.
New Cloud, Encryption Key and Quantum Cryptography Support
Quantum Safe Cryptography Support, which uses open standards and open source technology to create and leverage quantum-safe algorithms as data moves between enterprises and the cloud, according to the statement. IBM said this will mitigate the risk that hackers could harvest encrypted data today and then decrypt it later as quantum computing advances.
IBM Key Protect is a cloud-based service that provides lifecycle management for IBM Cloud services or client-built applications’ encryption keys. IBM Key Protect now allows for the use of quantum-safe cryptography enabled Transport Layer Security (TLS) connection – helping to protect data during key lifecycle management.
In addition, IBM Cloud is also introducing quantum-safe cryptography support capabilities to better enable application transactions. With these new capabilities, cloud native containerized applications running on Red Hat OpenShift on IBM Cloud or IBM Cloud Kubernetes Services can leverage secured TLS connections with quantum-safe cryptography support during data-in-transit to protect from potential breaches, according to the statement.
Extended IBM Cloud Hyper Protect Crypto Services
IBM also announced technology to enhance privacy of data in cloud applications, where data sent over the network to cloud applications and sensitive data elements, like credit card numbers, are stored in a database that can be encrypted at the application level, according to the company. This is supported by the industry's highest level of cryptographic key encryption protection with 'Keep Your Own Key' (KYOK) capability, according to IBM.
KYOK is built on FIPS-140-2 Level 4-certified hardware – the highest level of security offered by any cloud provider in the industry for cryptographic modules, IBM said. This gives customers and partners exclusive control over their encryption keys and authority over the data and workloads protected by those keys, IBM said.
IBM Cloud clients can keep their private keys secured within the cloud hardware security module while offloading TLS to IBM Cloud Hyper Protect Crypto Services to help establish a secure connection to the web server, IBM said. They can also achieve application-level encryption of sensitive data, such as a credit card number, before it gets stored in a database system, according to the statement.
"As our reliance on data grows in the era of hybrid cloud and quantum computing capabilities advance, the need for data privacy is becoming even more critical. IBM now offers the most holistic quantum-safe approach to securing data available today and to help enterprises protect existing data and help protect against future threats," said Hillery Hunter, vice president and chief technology officer, IBM Cloud. "Security and compliance remain front and center for IBM Cloud as we continue to invest in confidential computing and our leading encryption capabilities to help enterprises of all kinds – especially those in highly regulated industries – keep data secured."