Once considered unbreakable, today’s encryption algorithms could be vulnerable. Here’s how enterprises can become quantum resistant.
When AI bots went mainstream this year, there was no shortage of debate on whether this technology was simply amazing or downright alarming. But wherever you stand on bots, that conversation will be completely eclipsed by a mothership emerging on the horizon. When quantum computing comes to town (and it will), it could herald revolutionary advancements for mankind—and jaw-dropping identity and security threats.
While experts predict it might take a decade or more for “Q-day” to arrive (the day that a quantum computer breaks the internet), it’s not too early for enterprises to lock it on their radar, consider the impact of new quantum preparedness legislation, and build a roadmap toward a quantum-resilient ecosystem.
What Is Quantum Computing, Exactly?
In a nutshell, quantum computers can process vast amounts of data at unprecedented speeds. Think of it like a big puzzle: rather than putting the pieces together one at a time, quantum computing lets you simultaneously see all the different ways the pieces fit together. Qubits, the basic particle units of quantum computers, can represent multiple states at once and affect each other instantly, regardless of the distance between them. This enables it to solve complex problems currently impossible for classic binary computers.
This computational superpower has the potential to solve some of the world’s most complex scientific and engineering problems, ignite new discoveries in healthcare, and benefit society in ways we have yet to imagine.
There’s just one downside: quantum computers could (theoretically) break the most sophisticated encryption methods. As Quantum magazine noted, “if today’s cryptography protocols were to fail, it would be impossible to secure online connections — to send confidential messages, make secure financial transactions, or authenticate data. Anyone could access anything; anyone could pretend to be anyone. The digital economy would collapse.”
Countries across the globe are already aggressively pursuing quantum technologies at a pace that rivals the nuclear race of the 1940s. Late last year, President Biden signed HR 7535, the Quantum Computing Cybersecurity Preparedness Act, requiring government agencies to maintain an inventory of all the information technology that may be vulnerable to decryption by quantum computers.
The bill is a shot across the bow of any company relying on traditional encryption. It highlights the potential risks, the need for quantum-resistant cryptographic standards, and calls for collaboration between government and industry experts to ensure the United States is well ahead of this curve.
How Can Enterprises Protect Themselves?
Dustin Hoff, Global Partner at IBM Security, disagrees that quantum computing is fundamentally hostile. Large-scale quantum computers could actually significantly improve cybersecurity, detecting and deflecting quantum-era cyberattacks before they cause harm. However, he also believes enterprises should prepare for this new paradigm now.
“Too few enterprises grasp their future vulnerability because they haven’t completed simple discovery or inventory activities,” Hoff notes. Quantum resilience is all about being ready to upgrade protocols when the need arises. Preparation can start with some basic first steps.
1. Conduct an IT Estate Audit
To determine where you’re quantum-vulnerable, you should consider an estate audit of their entire IT infrastructure, including hardware, software, systems, and data. The purpose is to better understand where encryption is currently being used, how it’s being implemented, and where upgrades are needed. This not only lays the groundwork for transitioning away from vulnerable systems, it provides a snapshot of your compliance with data protection regulations (and a heads-up if you’re at risk of penalties or legal issues.)
2. Adopt Hybrid (Or Crypto-Agile) Security Approaches
In 2016, the National Institute of Standards and Technology (NIST) began running a competition to identify new quantum-safe encryption methods, and recently weighed in on what algorithms will become the new standard. Many companies are combining these updated algorithms with traditional encryption to ensure backward compatibility and interoperability. This is a smart approach for 2 reasons:
- Interoperability: In industries where data is shared between different organizations, or where multiple encryption systems are used within the same organization, a backward-compatible, hybrid security approach can help companies determine whether existing encryption systems are compatible with new quantum-resistant algorithms, and maintain connectivity between different systems.
- Future-proofing: Quantum computing is a rapidly evolving technology, with newer quantum-resistant encryption algorithms continuously coming online. A hybrid security approach can provide greater flexibility to adopt new technologies, while still maintaining functionality with existing systems.
3. Build an Encryption Roadmap: Follow the 6 Ds to Quantum Resilience
A basic encryption roadmap is a good first step in getting everyone steering in the same direction: toward quantum-resilient tech. A good map wraps all the elements we’ve discussed into these practical benchmarks:
- Data identification. What financial information, personally identifiable information (PII), health data, or other sensitive data currently rely on traditional encryption algorithms?
- Define requirements. What encryption algorithms, key sizes, and other parameters does your company need?
- Double-check compatibility. Determine potential issues that prevent your existing systems and infrastructure from migrating to quantum-resilient encryption.
- Develop a plan. Keep your teams on course by establishing a step-by-step migration guide (like this one) that steer toward new cryptographic protocols.
- Deploy encryption. Implement quantum-resilient software and hardware systems as they become available, configure settings, train employees on best practices, and complete final testing.
- Defend your deployment. Regularly review and update with software monitoring, policy updates, and ongoing maintenance.
As quantum computing inches closer, the identity and security threats grow more impressive—but so do the tools we’ll have to combat them.
According to IBM, “Quantum cybersecurity can provide more robust and compelling ways to safeguard critical and personal data than currently possible. It is particularly useful in quantum machine learning and quantum random number generation.
Are you ready for what’s next? Discover the eight tech trends we’re following in our 2023 Trends Ebook. Get insider knowledge from cybersecurity leaders, along with concise, actionable steps you can take now to future-proof your Identity and Access Management (IAM) strategy.
Sie haben Fragen? Sie möchten mehr erfahren? Ihre Kontaktmöglichkeit für DACH ist Ralph Kreter*
Do you have questions? You would like to learn more? Your contact for DACH is Ralph Kreter*