– Article in partnership with IBM –
Almost daily, our global news cycle runs stories about cyber-attacks on our systems. Whether it’s stealing data or seeking ransom, these reprehensible acts make us feel, at best, insecure, and perhaps even hostage to hackers. Of course, they also carry a significant cost to the companies that must reclaim their data, restore public trust, and pay the penalty for violating privacy and protection laws. This is compounded when the data is considered ‘sensitive’ and isn’t de-identified, as in the case of financial or health data. How do we protect ourselves? IBM offers us great support with the new Power10 processor. Let’s see what the benefits are.
Zero Trust security model: what it is and how it works
The target market for hackers is highly sophisticated and lucrative – a market that relies on well-established business models, strategic operations, and extensive technological and human resources.
We, executives and entrepreneurs, to mitigate consequences, train employees to recognize the scale of the problem so that they can identify early warning signs, just as we invest heavily in technological resources to monitor, prevent, and block nefarious users. Globally, large techno players are innovating systems to make them less vulnerable to attack.
For instance, the Zero Trust Security Model requires all users – whether they fall within or outside an organization’s network – to be authenticated, authorized, and continuously validated before they can access applications and data. Essentially, Zero Trust assumes that there is no network edge: networks can be local, in the Cloud, or a combination thereof, with resources anywhere as well as workers in any location.
Granted, it may seem absurd to ask our colleagues to confirm their identities, but the alternative makes it easy to assume the identity of a known network device and steal data. Obviously, the model must be implemented in such a way that it doesn’t create bottlenecks for IT services. For this, we need the businesses and organizations who produce the systems to collaborate. Only then can systems be designed in such a way that they meet the needs of safety and performance.
IBM's Zero Trust Governance model is based on four principles: context definition; verification and enforcement; rapid response; and analysis and improvement. Click To Tweet
The new IBM Power10: a solid and reliable ecosystem
This is exactly what I learned through IBM’s in-depth webinar on their new Power10 processor, a solid and reliable security ecosystem that “protects your data from core to cloud”. As my regular followers know, I’ve already written about IBM’s Zero Trust Governance model, but I’ll take this opportunity to summarize their vision – which is based on four principles:
- context definition: it is important to discover and rank resources based on risk. In addition, you must coordinate actions across the ecosystem to make them consistent with context;
- verification and enforcement: you must protect the organization by quickly and consistently validating, enforcing, and implementing Zero Trust policies and controls;
- rapid response: resolution and remediation of security incidents must be timely to minimize the impact on the business;
- analysis and improvement: the level of security will need to be continuously improved by adjusting policies and practices.
In my experience, to prevent organizational thrash, it’s vital to combine this governance model with the hardware features that enable users to avoid bottlenecks. After all, cryptography has become all but mandatory in the complex scenario of adopting Cloud computing – which becomes increasingly articulated with Edge architecture, the Hybrid Cloud model, and Multi-Cloud deployment.
Here’s a visual depiction of this incredible synergy:
The role of Transparent Memory Encryption
It’s worth underscoring the fact that Transparent Memory Encryption (TME) plays a fundamental role here. In this context, “transparent” means that you don’t notice its presence because the response times are the same as if the data were not encrypted. In other words, it has no impact on performance and requires no operational management to be put in place. It functions seamlessly.
More importantly, TME is highly responsive, opens up new future scenarios, and gives us the arrows and agility to shoot in the face of likely quantum computing challenges. Remarkably, IBM Power systems already support quantum-safe cryptography and full homomorphic encryption in the here and now, allowing users to perform operations on data that is still encrypted.
While quantum-safe cryptography strengthens systems for the future of computing by creating the basis for tomorrow’s security today, in my opinion, homomorphic encryption is a fundamental step towards the proper management of sensitive data. Being able to process data without the need to decrypt it opens up the possibility of sharing without the fear of violating privacy.
Coming full-circle, IBM has given us a new way to approach IT security by uniting organizational models and technology. Said another way, the tech giant has allowed us to continue on our path of technological progress, undaunted by nefarious users. The dawn of Zero Trust security has provided us with certainty in an IT world that is increasingly striving to build trust.