IBM this week announced IBM Guardium Data Security Center, a new offering featuring both AI and quantum security software to protect organizations from the new security threats presented by these technologies as they try to leverage both–sometimes together–to unlock their potentially game-changing benefits.
Guardium comes as the hybrid cloud ecosystem is urgently trying to get enterprises to move beyond initial generative AI proof-of-concept projects to broader commercial deployment. At the same time, quantum computing has been advancing at a rapid rate, with error correction capabilities that could allow it to be commercialized sooner than some have imagined. But while both technologies promise great benefits, it could be hard for organizations dabbling with them to keep up with the security threats they present, and the protective measures that should be taken against those threats.
For example, all of the excitement around generative AI may obscure the security vulnerabilities presented by new technology movement, such as the potential for data governance policy violations, as well as the risk of "shadow AI," the use of AI tools and applications that have not been approved by an organization's IT department, and could prove to be vessels for malware and other threats.
Meanwhile, quantum computing is proceeding at its own fast rate to maturity. Companies like AWS, Google, and yes, IBM, have made strides in improving the stability and accuracy of these machines. Even though the market’s headiest days are still to come, quantum computers are already being deployed alongside classical supercomputers to tackle previously intractable problems. But quantum computers also present a massive security threat with their potential ability to demolish current encryption standards like RSA. There have been recent reports that Chinese researchers were able to use a quantum machine to break RSA encryption. Though many experts have dismantled this particular claim, the threat is real.
IBM said that with the Guardium it is providing an integrated approach to addressing these AI and quantum threats. It offers a single dashboard view allowing organizations to monitor data assets, empower their security teams to integrate workflows, manage data governance compliance, AI security posture and quantum-safe cryptography management.
The center features IBM Guardium AI Security, a software product to help protect organizations' AI deployments from shadow AI security vulnerabilities and data governance policy violations. Guardium AI security protects sensitive data, and also works to discover unsanctioned AI use and shadow AI models. It shares this information with IBM watsonx and other generative AI SaaS providers to improve data governance efforts.
Guardium also features IBM Guardium Quantum Safe, software that helps clients to protect encrypted data from the potential risk of future cyberattacks driven by bad actors who gain access to cryptographically relevant quantum computers, IBM said. The latter includes support for the post-quantum cybersecurity algorithms recently standardized by the National Institute of Standards and Technology–algorithms that IBM itself had a huge role in developing.
Part of getting ready for the threat presented by quantum involves assessing the risk profiles of different organizational assets, as well as the different security encryption and other measures currently in use to protect them. In tandem with the software offering, IBM Consulting's Quantum Safe Transformation Services leverages these technologies to help organizations define risks, inventory and prioritize them, and scale up protective measures against them.
"Generative AI and quantum computing provide immense opportunities, but they also bring new risks," says Akiba Saeedi, Vice President, IBM Security Product Management. "During this transformative time, organizations need to improve their crypto-agility and carefully monitor their AI models, training data, and usage. IBM Guardium Data Security Center – with its AI Security, Quantum Safe, and other integrated capabilities – provides comprehensive risk visibility."