Sandbox began life as a secret department of Google’s parent company, Alphabet, in 2016, and in March 2022 it became a full-fledged company, Sandbox AQ. A is for synthetic intelligence and Q is for quantum, says CEO Jack Hidary.
The company plans to apply those technologies in the progression of software-as-a-service products for the company, addressing issues such as cybersecurity, navigation and drug discovery.
Hidary, a figure full of life, is a serial entrepreneur. With his brother, he co-founded internet design firm EarthWeb, leading the company through the acquisition of task board Dice. com and an initial public offering, and co-founded money research firm Vista Research and solar panel installer SambaEnergy. He also served on several directors’ forums.
In his current role at Sandbox AQ, he has also discovered time for a published author: his 2019 introductory guide, Quantum Computing: An Applied Approach, is now in its current edition.
One of the quantum computing programs he talks about in this e-book is Shor’s algorithm, which, if you have access to a functional quantum computer, makes it possible to crack many of today’s encryption algorithms, locating personal keys in seconds rather than in (billions of) years. It may only be a few years before quantum PCs that are up to the task are on the market, so the risk to corporate data is imminent.
Under Hidary’s leadership, Sandbox AQ will adopt a technique implemented for the use of quantum technologies in enterprise computing. Shortly after the company’s founding, Hidary spoke to CIO. com about his plans. Here are the edited highlights of this conversation.
Jack Hidary, CEO, Sandbox AQ
litter box control
CIO. com: What business issues will Sandbox AQ face?
Jack Hidary: The most important thing right now is post-quantum cryptography. This is due to the urgency around cybersecurity in general, which I know your readers are very familiar with. buy now-decrypt-later attack that is happening lately.
Companies in the Western world are attacked and encrypted knowledge is mined. This is the “store now” component. The “decrypt later” component is that when you have enough computing functions for those adversaries, they will decrypt it and have access to it.
Think of intellectual assets in terms of chemical formulas in goods of customers or chemical companies. Or formulas and technical knowledge and industry secrets in pharmaceutical and biotechnology companies. Not just the prescription drugs that are on the market: almost as vital or critical are the thousands of compounds with which each biotechnology is operating in expansion. It takes 10 or 15 years to expand some of those drugs, so if you have access to the intellectual assets of Novartis or Roche or Pfizer or Merck, you know them, it’s very, very valuable, even if it takes you a few years to figure it out when you have enough computing power.
We also want to think about sensitive monetary issues. We want to think about HIPAA. The definition of HIPAA will have to be replaced because we have to keep medical records for years, and right now they are encrypted with RSA, but unfortunately RSA is vulnerable to quantum attacks and the same with elliptic curve cryptography and with the Diffie-Hellman exreplace key.
The fundamental encryption algorithms we use to move knowledge and knowledge at rest are vulnerable to quantum attacks and, more specifically, and I must emphasize this, right now to buy now decrypt later. Know? CIOs ask us, do I deserve to act now? Can I wait until we’re on the verge of an RSA cracker?And the answer is, unfortunately, that one has to act now because of the attacks buy now decrypt later or hack now decrypt later.
If quantum computers can crack existing encryption algorithms, will all our knowledge be vulnerable?
Hidary: The good news is that the cyber network was combined about six years ago: several countries, Western and Eastern European countries, the United States, Canada, and other leading cybersecurity countries came together and shaped the NIST procedure to review, validate, and verify a number of protocols that can simply update RSA. More than 60 protocols were accepted in the first round. the NIST website. He came out after 3 rounds with the finalists and indicated last week that in the next two weeks we will see the specifications of the first protocols we can use.
(Hidary spoke to CIO. com in late March 2022, but participants in the NIST procedure continued to make adjustments to encryption algorithms until April and, at the time of writing, NIST had not drawn any conclusions. )
What do CIOs want to do to prepare?
Hidary: Now it’s time to migrate from RSA encryption to post-RSA encryption. If we had tried to do this 3 or 4 years ago, what would we have used?What would have been the new protocol? The news is that there is a review. There is no need to acquire new hardware.
However, the first step, when we put ourselves in the position of a CIO, would be the discovery, the discovery of encryption. We know that giant companies, no matter how hard they try to avoid it, are ad hoc patchwork of multiple networks, M&A transactions that have occurred over the years of the company, so there is encryption for both knowledge at rest as well as payment centers, transaction centers, and other knowledge points on the move.
What each and every giant business wants is a discovery process, software that travels across the network, discovers all the places where RSA or elliptic curve or other vulnerable protocols are used, catalogs them, inventories them, presents them to the CISO, presents them to the CIO, and then makes recommendations for migration plans. It takes years to migrate a giant company, so you want a plan to do so.
What we see now are governments launching various decisions, compliance deadlines, and milestones: on January 19, 2022, the U. S. federal government’s national security memorandum. The U. S. department of affairs orders sensitive U. S. agencies to start moving from RSA to post-RSA. The SEC proposed a cybersecurity compliance resolution on March 9, 2022, which will go into effect within 60 days. ANSSI, France’s national cybersecurity agency, issued a post-RSA on January 4, 2022. The British government has issued its statements. This is a global effort, a multi-stakeholder effort to bring the entire global RSA into the post-RSA era. There are 20 billion physical devices that will need a software update: of IoT devices, all of which will need software updates.
So the software service you offer is scan and query?
Hidary: Exactly. We have 3 pieces. One is the scanner, Sandbox AQ Discovery Tools. Many of our consumers want to keep this data for themselves, so we don’t manage it as a service. We license corporations where they can run them and see the effects for themselves. I do not desire its internal effects.
Secondly, the migration plan development tool. Once you get the stock and the assessment, let’s put it all into software similar to a massive Gantt chart we have, a migration plans module. It is also a compliance report output module, which allows you to press a button, generate a compliance report report that you register with the corresponding regulatory bodies.
The third detail is the set of KEM [key encapsulation mechanisms] and encryption modules that instantiate and constitute the protocols resulting from the open multi-country procedure of the interested parties known as the NIST procedure. The good news is that we didn’t have to invent new algorithms. This has been done through the crypto community, mathematicians, cryptanalysts, for an era of 25 years since the publication of Peter Shor’s paper. They did their homework brilliantly.
So, the third detail of what Sandbox AQ offers is those actual encryption APIs and SDKs. Let’s say, for example, that you are a big bank and you have your banking applications so that your consumers can perform online banking, cellular banking, cellular brokerage. etc. These programmes should be updated immediately. If we want to protect this transactional data, this visitor data, we want to update the SDK found in the app and then update it at the app’s outlets so that additional communications are made through post-RSA encryption.
If those are open algorithms, what is the aggregate price you propose here?What can it offer that other corporations can’t?
Hidary: First of all, it’s a strong point that the algorithms are open. There is no source code there. It’s not open source, but they’re open algorithms and that’s the strength of the cybernetic network now: we only accept as true open algorithms, the ones that have been validated and tested through the open network.
The charged price we offer is that the discovery tool and encryption modules involve all of our device learning modules. Is it just goblin dust that we have to upload to everything?No. La explanation of why this is that, coming out of the NIST process, we don’t have a single protocol: we have valid post-RSA protocols.
For a giant enterprise architecture, we want an aircraft and a knowledge aircraft, and we want to separate the aircraft from the knowledge aircraft. The knowledge plan is the encryption plan. This is where encryption occurs using post-RSA protocols. is the learning of the device, to decide in real time the parameters and the protocol to be used. Some protocols are faster, others a little slower, some offer a little more security, some are sufficient but a little less. An ML style is sought to make those options possible in real time.
We will be offering a great additional price with our rich heritage of device learning and our wisdom and expertise there, imbued with our deep understanding and expertise in secure quantum cryptography. By bringing those two elements together, this is where the extra price lies.
To carry out the scan, clearly call a certain intelligence in the system. It can’t just be a stupid analysis: you may not be satisfied with the effects of a passive stupid analysis. You want smart analytics to perform analytics on giant enterprises on-premises, in the cloud, on mobile phones. A typical company would possibly have 200,000 mobile phones in the hands of its employees. It is mandatory to scan all those devices to know which encryption protocols are used.
Let me upload that detail of all this is telecommunications. It is mandatory to think about inventorying all the telecommunications products that we use in a giant company. An example would be VPN and SD-WAN.
Is that why you work with Vodafone Empresas and Softbank Móvil?
Hidary: Yes. These entities are moving forward with a VPN that supports post-quantum cryptography. This is a must-have component of the new infrastructure for the IOC, for the CISO and for the network administrator at each and every major global company, to have toolsets so that when a VPN supports PQC, one is sure that even if there is spying, even if there is infiltration, even if there is exfiltration of this knowledge when the VPN is active, one is sure that there is no store of vulnerabilities now, decrypt later. This is another detail of what we will be offering as added value: not only direct software for the end user, but also the option to allow our telecommunications components, which are essential in the complete communication link, to have Telecommunications products compatible with PQC. This is imperative for the long term of business-to-business telecommunications, commercial telecommunications.
With the new investment that accompanied the spin-off, how will it remain a target and disperse into a bunch of other projects?
Hidary: Well, you know, you have to set priorities. Cybersecurity is the priority right now, and we’re talking about that. You can see the first consumers we advertise, and we will have no doubts over time, whether they are strategic partners and consumers. there in cyber. You will see this as our main one on the outside.
As for the other parts of Sandbox AQ, they are more in development. I think it’s a healthy balance to have products in a position to be marketed and, at the same time, to have an R facility.
We have security in the brain and commercialized right now, and then we have, in development, quantum sensing and quantum simulation. Sensing includes, for example, navigation, it includes other programs for those quantum sensors under development, as we indicated, so it will take us several years to commercialize this.
And then, of course, we have the simulation, which simulates molecular interactions using quantum equations, but doing it on the current classical hardware, on GPUs. We’ve figured out tactics to leverage the computing power of the next generation of ASICs and GPUs from Nvidia, Google, so many companies and architects for the long-term hybrid, long-term I’ll have in computing, which will be CPU, GPU, QPU. It’s not classical computing as opposed to quantum computing: it’s hybrid. The fact that it is cloud native, introduced and born in the cloud, is very positive because this way you can integrate and hybridize computing.
The business simulation software we have designed aims to advance drug discovery faster. It takes 10 to 15 years to turn a single molecule into a drug. This is largely due to the fact that we don’t have enough simulation equipment to simulate molecular interactions of how this compound might interact with a target receptor in the body. And now we are providing new equipment in progression to the biotechnology and pharmaceutical sector.
So, those are two spaces that are more in progression in Sandbox AQ, but they are very promising for a significant impact. There is a healthy balance in our company between the recently announced products in cyber and the products in progression in the detection box. and simulation.
Peter Sayer covers programs for CIO. com.
News
comments
Buyer’s Guides
Blogs/Reviews
podcasts
Rewards Programs
view file