digital pattern

Understanding and planning for a post-quantum security ecosystem

By now, we hope that you understand that, sooner or later, your company will have to become quantum secure. In 2021, IBM announced ‘Eagle’, a working quantum computer with 127 quantum bits (or ‘qubits’) followed closely on the heels of China’s announcement of two quantum computers. Even the slowest of these new machines can perform calculations millions of times quicker than the fastest conventional supercomputers, meaning that many of the encryption techniques on which digital security is built could become insecure. Laboratories around the world are all chasing ‘quantum advantage’, the point at which a quantum computer can reliably do anything that a classical computer can – millions of times faster.

However, given how difficult quantum computers are to manufacture it may be decades before they are available commercially, and therefore can be misused at scale. This means that although we cannot predict exactly when digital crime will become a threat, we can realistically expect that the majority of companies will have at least five years to prepare.

So, how can your organisation best use the time you have to prepare effectively?

How quantum computing will impact businesses

Since we know what should be quantum-resistant, we can start to find out just how much work needs to be done to make a company’s assets safe. Some systems will simply need to be switched from using one encryption method to another – Transport Layer Security, for instance, can be made quantum-resistant, and post-quantum cipher suites have been available in Amazon Web Services for several years. This will mean information in transit, for example credit card details being sent from a customer to an eCommerce retailer, should be secured in any future transactions. This same principle could apply to important systems like Public Key Cryptography (PKC) – a (relatively) simple switch from one form of encryption to another should mean that future public key usage will be quantum-safe. 

However, there will still be a vast swathe of files encrypted with older, pre-quantum algorithms stretching back years, and these will be simple for a quantum computer to break into. This could mean that if an eCommerce company keeps records of previous transactions, those transactions could be decrypted and taken en masse, which perhaps won’t give criminals access to working payment cards, which would have expired, but could give them information that could be used for anything from creating synthetic identities to blackmail. Digitally signed documents created before a switch to quantum-resistant encryption would also be vulnerable, potentially invalidating millions of legal agreements unless they could be re-signed with better security. Even blockchains, which power the $2 trillion dollar cryptocurrency market and an increasingly large number of other applications, could be vulnerable to quantum computers. 

How to prepare for the transition

If your company hasn’t implemented quantum-resistant security yet, then how can you go about it? Because the threat is at an indeterminate point in the future, and we still don’t know exactly what quantum computers will be capable of, it can be daunting to transition an organisation to quantum-resistance. And even more difficult for security professionals to persuade management that it is a priority when current cybercrime threats are so pervasive. It is also the case that there is a serious skills shortage in the cybersecurity industry, and cybersecurity professionals who are currently working will rarely, if ever, have training or experience in quantum security.

Although every company will have its own challenges, the start will always be an audit of every instance of encryption that a company uses. You’ll need an overview of how each item is secured and what encryption methods are used for ‘moving’ information being transmitted to and from your organisation (like the aforementioned credit card details being sent to an eCommerce company). This audit would need to be extremely thorough, and hopefully in time, systems will be created that can carry out these audits automatically.

There is also the problem that quantum-resistant cryptography is not going to be implemented everywhere by the time that quantum computing is commercially available. Like an iceberg, much of the digital world is under the surface in the so-called ‘deep web’, which includes internal intranets and email servers. The contents of this part of the internet are often forgotten, abandoned or just obscure, so it is unlikely that it will be properly secured.

Security in a post-quantum world

Although we still don’t know when security threats from quantum computing will appear, the capabilities of quantum computers are well understood, and computer scientists are confident that they understand which forms of encryption can stand up to quantum computers. This means that we can prepare for post-quantum security now, and solutions are readily accessible. HSMs are one example of how quantum-resistance is available today, and combined with a thorough understanding of what is and isn’t quantum-resistant in a company’s infrastructure, it will be possible for any company to secure themselves long before quantum computing enters the mainstream.

Discover how you can future proof your infrastructure today with Utimaco Q-safe, a firmware extension adding quantum-resistance to your applications and use cases.

Productos relacionados

Productos relacionados

To find more press releases related with below topics, click on one of the keywords:

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.