There is growing excitement around quantum computing and its potential to radically improve IT processing power. But despite the buzz, the technology is still in its infancy; the concept of ubiquitous quantum computing is still at least 10 -15 years away even by the most optimistic of industry experts.
Alan Duric, CTO/COO at Wire.
So, with the rise of quantum and its associated cybersecurity risk being still relatively ‘far off’, why does quantum pose a threat to the security of data in current systems and why should enterprises be concerned about implementing post quantum resistance security technology today?
The power of quantum
Quantum computing uses the properties of quantum physics to store data and perform complex operations. While today’s ‘classical’ computers currently encode information in binary “bits” that can either be 0s or 1s, a quantum computer uses quantum bits or qubits as its basic unit of memory. Through a process known as quantum speed-up, qubits enable complex calculations or operations that would take bits or classical computers years to solve, to be done in seconds or tenths of seconds.
Quantum computing therefore promises to unleash a whole host of new possibilities. In the field of chemical and biological engineering, quantum will speed up modelling processes such as DNA and RNA. It has the potential to open up new opportunities in artificial intelligence; through combinatoric processing of very large quantities of data, enabling for example better predictions and decisions to be made from facial recognition or fraud detection technology. And in financial services and investments, where millisecond speed advantages in obtaining price information can be fundamental, quantum algorithms stand to bring significant disruption and progression in this field.
The security threat
Through enabling laser-quick calculations and combinatoric data processing, quantum computing promises to boost progress and innovation across industries. But it does however have a rather troubling downside; it holds the power to ‘crack’ current data security encryption codes within seconds.
Cryptography is at the heart of our global internet economy from online banking to guarding intellectual property as well as secure and private communications between individuals and organizations. As the fundamental security setting for government and enterprise communications, it plays an important role in national security. Ultimately, unless measures are taken to secure current data security processes, quantum computing stands to effectively unveil a wealth of super-confidential data, including enterprises’ intellectual property by making this data accessible when the technology comes into force.
Why should enterprises act now?
Industry experts believe that it will take at least another 10 years before quantum computers with very large numbers of qubits and capable of decrypting data security, become available. We are therefore a long way from a cryptographic Armageddon but both governments and enterprises need to be aware of the threat that quantum poses to data secured by current security technology and take steps today to secure their sensitive data so it stays safe for decades to come.
One key cause for concern is the rise of ransomware, a type of malware which threatens to publish a victim's data or perpetually block access to it, unless a ransom is paid. According to IDC’s 2021 Ransomware Study approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021. And the threat of ransom attacks is surging. A report by Verizon revealed that ransomware doubled in frequency in 2021 and accounted for 10% of all data breaches. With a growing volume of ‘bad actors’ proactively looking for sensitive and confidential data to use for ransom attacks, the threat from quantum in facilitating their criminal activity is cause for concern.
Ransomware aside, enterprises also need to act to protect their confidential data from being stolen. Only last month, a report by Tech consultancy, Booz Allen Hamilton, Chinese Threats in the Quantum Era, warned of the threat from Chinese groups in stealing high-value data, in order to decrypt it once quantum computers are able to break classical encryption. The report suggested that by the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals, and chemicals.
Enterprises therefore need to put technology in place that secures their data against both the threats of today and those of tomorrow. By moving to quantum-safe technology they can be assured that their data is protected for whenever quantum comes into force, but where do they start?
How to implement quantum-safe technology?
Many technology companies have been working on quantum-safe solutions for a number of years and are developing a number of diverse solutions; these include quantum key cryptography (QKC) or post-quantum algorithms (PQA), where the principles of quantum mechanics are used to encrypt data and transmit it in a way that cannot be hacked. In reality many of these providers will update their security levels in order to stay well ahead of the threat from quantum computing, thus removing the onus of upgrading to quantum-safe solutions from their customers. However, businesses need to ensure that the communications channels that they use across their organization are ‘enterprise-grade’ and that they provide both sufficient security and assurance. They also need to ensure that employees do not use consumer apps, which do not have adequate security for government communications and which stand to compromise the systems put in place.
Already today, some dedicated secure communications platforms will have technology in place that offers a more robust protection against the threat of quantum. Such architectures could be described as being “quantum-annoying” since they would take much longer for a quantum computer to decrypt than a platform with standard security encryption. One important protocol called Messaging Layer Security (MLS) is being developed by the MLS IETF working group (which includes the likes of Oxford University, Facebook, INRIA, Google, Twitter and Wire and looks set to provide an important basis for quantum resistant technology. MLS is the first protocol to allow end-to-end encryption for large groups and thus breaks with the paradigm of a server-centric architecture, prevalent in most collaboration tools today. The use of MLS in collaboration platforms therefore will mark an important milestone in protecting data against the threat embodied by the power of quantum computing.
To sum up, the advent of quantum computing looks set to bring about exciting innovations across industry sectors but enterprises today need to consider protecting their confidential data for when the technology matures. They need to implement policies that ensure their staff are using only ‘enterprise-grade’ platforms and partner with the technology experts who can provide the platforms to protect their data and offer peace of mind that the advances in technology do not lead to disclosing confidential enterprise data.
