Our biggest fear is of the unknown, but don’t despair – prepare!
In the past, quantum computers may have been reserved for sci-fi movies, in scenes where they take over the world. But they already exist today, and demand for them is growing as organisations drive towards commercialisation. Google, IBM, Microsoft, and Amazon have already announced quantum computing available in the cloud as a service, to support researchers and developers for example.
Quantum computers are useful because they can solve problems that are too big, complex, or cumbersome for traditional computers, like climate modelling, renewable energy optimisation, and artificial intelligence. They offer much faster processing speeds, scalability, and energy efficiency.
That said, quantum computing also poses a major threat to cybersecurity with potentially catastrophic effects.
Here's how:
Breaking encryption
Quantum computers could break traditional encryption methods, quickly making them obsolete. Cryptography underpins modern internet communications and e-commerce, and the impact would be disastrous, creating a modern Cryptopocalypse of sorts.
Harvest now, decrypt later (HNDL)
HNDL attacks are already happening, where cyber attackers are collecting and storing encrypted data with the goal of decrypting it in the future using quantum computers.
Exposure of data with long lifetime value
With broken cryptography, data that needs to be protected for 10 years, including bank and financial data, private communications, personal health data, and intellectual property, is susceptible to exposure and will be of immediate interest to bad actors.
How Can We Avoid A Cryptopocalypse?
Well, Post-Quantum Cryptography (PQC) is a new set of algorithms that are strong enough to withstand an attack from a quantum computer. In 2024, NIST published a set of standardised PQC algorithms strong enough for organisations to be protected from quantum computing attacks.
Soon, across the globe, governing bodies have said that they’ll also issue compliance mandates based on the NIST PQC standardisation, which will trigger various compliance directives in the very near future.
Unfortunately, it’s estimated that it takes anywhere from 3 to 5 years for an organisation to make changes to its cryptography of this magnitude. The overhaul process is no small task. In fact, it’s a very complex one, due in part to recent transformations to the cloud, legacy technologies and systems. Added to this, 62% of enterprises have at least 5 enterprise key management systems, which will further hinder PQC and crypto agility (Thales 2023 Data Threat Report).
So, What’s The Plan?
Don’t Panic, Prepare. Start by making your plan now. By getting a head start, you’ll minimise disruption for your organisation and your customers, reduce costs and risks, and ensure business continuity during the transformation. While you plan, you can start to introduce interim solutions like using longer symmetric key lengths, or out-of-band keys. This will protect your organisation from HNDL today, and you’ll be better prepared to implement post-quantum cryptography when it’s available.
Suggested Planning Steps:
Conduct a PQC Risk Assessment
Create a Crypto Inventory
Set up a test environment
Test on priority applications
Remain flexible with Crypto Agility
Where Can You Get Help To Prepare Your Organisation For A Quantum Future, Today?
Exclusive Networks, in partnership with Thales, works with an expert network of partners ready to help you to better understand Post-Quantum Cryptography and introduce you to PQC solutions from Thales.
The Approach We Take:
Flexible
Proactive
Strategic
Thales PQC solutions have been purposely designed to help you be crypto-agile and Quantum-safe.
Crypto agility
Quickly change protocols, keys, and algorithms
Use flexible, upgradeable technology
Add to your tech stack with minimal to no disruption
Quantum safety
Hardware Security Modules (HSM) and High Speed Encryptor (HSE) network encryption solutions for data in motion
Comprising Quantum Resistant Algorithms (QRA), Quantum Key Distribution (QKD), and Quantum Random Number Generation (QRNG).
Future-proof
Quantum ready
NIST PQC algorithms
Flexible technology with built-in crypto agility
Business Benefits:
· Reduce immediate security risk of Harvest Now, Decrypt Later attacks
· Provide a future-proof solution for when Quantum computers are capable of attacks
· Help meet compliance with new compliance regulations coming soon
· Provide crypto agility to ensure flexibility to respond to any unforeseen attacks, not just Quantum
Resource Library
Assess For Yourself
Take our free 5-minute PQC Risk Assessment
Further Learning
To dive deeper into the world of quantum computing, tune into the Thales Security Sessions Podcast Episode, 'The Quantum Computing Cryptopocalypse – I’ll Know It When I See It’ for an entertaining and insightful discussion.
Secure what matters most
Take control of your security strategy. Thales and Imperva solutions safeguard applications, data, and identities from end-to-end in any location and at any scale, so customers can secure what matters most to their organisation.
Partner With Thales
Beginning a discussion with us about PQC as soon as possible will ensure a smoother transition and minimise the disruption that’s inevitable with any transformation.
