To bat­tle hack­ers, IBM wants to en­crypt the world

The Denver Post - - BUSINESS - By Brian Fung

There are only two types of com­pa­nies, it is com­monly said: those that have been hacked, and those that just don’t know it yet.

IBM, the com­put­ing gi­ant, wants to get rid of both. The com­pany said Mon­day that it has achieved a break­through in se­cu­rity tech­nol­ogy that will al­low ev­ery busi­ness from banks to re­tail­ers to travel-book­ing com­pa­nies to en­crypt their cus­tomer data on a mas­sive scale — turn­ing most if not all of their dig­i­tal in­for­ma­tion into gib­ber­ish that is il­leg­i­ble to thieves with its new main­frame.

“The last generation of main­frames did en­cryp­tion very well and very fast, but not in bulk,” said Ross Mauri, gen­eral man­ager of IBM’s main­frame busi­ness. Mauri es­ti­mates that only 4 per­cent of data stolen since 2013 was ever en­crypted.

As the num­ber of data breaches af­fect­ing U.S. en­ti­ties steadily grows — re­sult­ing in the leak­age ev­ery year of mil­lions of peo­ple’s per­sonal in­for­ma­tion — IBM ar­gues that uni­ver­sal en­cryp­tion could be the an­swer to what has be­come an epi­demic of hack­ing.

The key, ac­cord­ing to IBM of­fi­cials, is an up­date to the com­puter chips driv­ing the pow­er­ful main­frame servers that house cor­po­rate or in­sti­tu­tional in­for­ma­tion and process mil­lions of trans­ac­tions a day world­wide, from ATM with­drawals to credit card pay­ments to flight reser­va­tions.

Cryp­tog­ra­phy, the science of turn­ing leg­i­ble in­for­ma­tion into coded gob­bledy­gook, is al­ready com­monly used among cer­tain email providers and stor­age ser­vices. But be­cause of the enor­mous com­pu­ta­tional power needed to quickly en­crypt and de­crypt in­for­ma­tion as it passes from one en­tity to an­other, many busi­nesses use en­cryp­tion only se­lec­tively if at all. A De­cem­ber re­port by the se­cu­rity firm Sophos found that while 3 out of 4 or­ga­ni­za­tions rou­tinely en­crypt cus­tomer data or billing in­for­ma­tion, far more do not en­crypt their in­tel­lec­tual prop­erty or HR records. Sixty per­cent of or­ga­ni­za­tions also leave work files cre­ated by em­ploy­ees un­en­crypted, the study found.

But the same tech­nol­ogy could frus­trate law en­force­ment, which in re­cent years has waged a fu­ri­ous bat­tle with Sil­i­con Val­ley over en­cryp­tion tech­nol­ogy and how ex­ten­sively it should be used.

In a high-pro­file dis­pute last year with Ap­ple, the Jus­tice De­part­ment ar­gued that the com­pany should help of­fi­cials break into an en­crypted iPhone used by one of the San Bernardino shoot­ers. Ap­ple re­fused, say­ing that de­vel­op­ing tools to break en­cryp­tion would un­der­mine its cus­tomers’ se­cu­rity, par­tic­u­larly if the tools were to fall into the wrong hands. Ap­ple’s con­cern is not the­o­ret­i­cal: This year’s Wan­naCry ran­somware at­tack, which held thou­sands of PCs hostage, has been linked to a Win­dows vul­ner­a­bil­ity that was se­cretly dis­cov­ered and ex­ploited by the Na­tional Se­cu­rity Agency long be­fore it leaked into the wild.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.