Generative Artificial Intelligence and Quantum Computing Pose New Data Security Challenges
An organization’s data hold the key to making smarter business decisions, personalizing customer interactions and even increasing revenue. Organizations that do not keep each piece of data secure not only miss out on these benefits, but often suffer from reputational damage, operational downtime and compliance-related fines. While organizations are increasingly focusing on data security, new challenges arising through generative artificial intelligence (GenAI) and quantum computing require new strategies to keep data secure.
Quantum Computing Poses Risks to Encrypted Data
Quantum computing isn’t simply a new technology; it’s a new paradigm of computing altogether that evolved from cryptography in the 1970s. Because quantum computing can process very large data sets, organizations are turning to this type of computing for modeling optimizations, such as 3-D chemical molecule analysis for drug discovery.
However, threat actors can employ quantum computing for malicious purposes, using it to breach encrypted and exfiltrated data. According to Gartner, applications, data and networks protected by asymmetric cryptography will be unsafe by 2029. Experts predict that quantum computing will break these models by 2034. In preparation, the White House recommends that all federal government agencies and vendors begin focusing on becoming quantum safe.
“By beginning to make the transformation now, organizations can start replacing their existing cryptography with Quantum Safe cryptography,” says Ray Harishankar, IBM fellow and VP, IBM Quantum Safe. “Organizations should also focus on the basic data hygiene around data security to prevent whole data detection and response use case in the future. Understanding your cryptography posture now across the organization helps you determine what you need to do.”
GenAI Provides New Exposure Points
The rapid use of GenAI for a wide range of use cases brought many new data security challenges, such as what AI models are used, what data sources the models connect to and which associated applications have vulnerabilities. Even organizations with enterprise policies about only using approved models often do not have a way to enforce those requirements. By using a governance platform, such as watsonx.governance, organizations have the framework needed to manage the new risks of AI models in the enterprise.
“Data security is fundamental to trust around AI because the models themselves can be manipulated, creating another point of data exposure, such as a chat interface,” says Akiba Saeedi, vice president, IBM Security Product Management. “The training data consolidated in one location is also a gold mine. Organizations must ensure that AI model data is protected and not misconfigured, to protect against public data exposure.”
Reduce Data Silos with a Single Platform
With data security increasingly a top focus, many organizations purchased multiple tools to address issues, such as separate tools for DLP, data governance and monitoring. With these segregated tools, organizations inadvertently created a new challenge—fragmentation and data silos. Companies looking to meet compliance requirements while also addressing the new challenges introduced by quantum computing and GenAI should consider consolidating data security into a single data security platform (DSP).
“DSPs make it possible to get rid of data silos and see data from a common place while sharing context and intelligence across tools,” says Saeedi. “With many organizations using both on-premises data centers and cloud computing, organizations need visibility in a common place, not two different locations. When the data assets are in one place, we can enrich the picture around the data, making it more insightful and therefore actionable by the organizations.”
IBM Guardium Managing New Data Security Challenges
For the past 15 years, IBM Guardium has focused on data monitoring and compliance for on-premises environments, with the ability to detect malicious activity and show auditors security controls. With the increased reliance on cloud computing, combined with the new challenges introduced by GenAI and quantum computing, IBM recently evolved Guardium toward a DSP by adding a new data security center and quantum-safe capabilities.
Instead of sending logs, Guardium provides analysis and prioritization to provide context around the data. By being able to detect potential issues and provide a response, organizations can regain visibility and control of data that has moved into SaaS applications and cloud stores.
“DSPM [data security posture management] is about really getting shadow data on the cloud, getting control of all your data that’s now moved into SaaS applications and cloud stores that organizations have lost complete visibility to,” says Saeedi. “AI security is all about the new risks around deploying generative AI models, the data that feeds them, the models themselves as well as the applications and the usage that are connected to those models.”
IBM Guardium also focuses on cryptography to ensure data is quantum safe while helping organizations understand their cryptography posture. By putting all the data security features in a single place, the DSP continually monitors data for data and cryptography for changes. Organizations can then map back to their compliance requirements and policies so they can easily fix violations.
“IBM Guardium gives enterprises an aggregated view of cryptographic posture with an inventory of all cryptography used within their enterprise, identifying both where and what it is,” says Harishankar. “The platform also provides enterprises with the ability to manage this posture on an ongoing basis and drive and monitor actions of remediation.”
The Future of Data Security
Data security is in a state of transformation as we move from structured databases and on-premises environments to the new world with AI and quantum computing, which were not on the radar even a few years ago. Because experts do not know what is on the horizon in terms of technology, threats and use cases, organizations that move to a DSP position themselves to manage what comes next.
“We see key areas for the future as secrets management and crypto agility,” says Saeedi. “As an industry, we need to answer what technology addresses these issues and how do we handle encryption going forward. IBM plans to evolve our own portfolio to address these new and evolving challenges.”