Cyber nerd | Research Analyst at InvoZone.
Quantum computing and the future of enterprise security
In the continuously evolving cyber threat landscape and recent advancements in quantum computing, the cybersecurity game will transform, making the standard encryption solutions obsolete. Enterprises will become easy targets of attackers as quantum computers can break many asymmetric data encryption algorithms easily. The recent quantum supremacy breakthrough by Google has revolutionized the speed and ease of doing computation.
Google has developed a quantum computing machine named Sycamore that has outperformed the world’s fastest supercomputers. For example, Sycamore computed a mathematical calculation in 200 seconds that would take 10,000 years by a supercomputer! This is a fascinating advancement, opening doors for new opportunities in the field of IT. However, with quantum computing, the cyber threat landscape will also change. Quantum computing will allow hackers and attackers to break the standard encryption algorithms within hours! Therefore, enterprise security demands that the data encryption algorithms should be quantum-safe.
Quantum computing is a product of interdisciplinary research – quantum physics and computer science. Quantum computers work differently than traditional computers, as they make use of the laws of quantum mechanics. We know that traditional computers usually work with binary bits where one bit has two states (zeros and ones). However, instead of regular binary bits, quantum computers work on qubits where the states grow exponentially with the number of qubits!
These states are also called quantum states - which are non-deterministic. Unlike binary bits, qubits do not just represent on and off (0 or 1). They could be both on and off at the same time or have some state between 0 and 1. This ability of quantum bits to be in multiple states at the same time is called superposition. Suppose you are spinning a coin. Normally the coin is in two states after falling: heads or tails.
In quantum physics, the nature of coin toss is different. It is based on the famous Schrödinger’s cat experiment. Here instead of a cat that is both alive and dead, the final state of coin flip can simultaneously be heads and tails.
Too much physics in the article? Do not worry. Just understand that quantum computers are extremely faster than traditional computers due to differences in their intrinsic nature. Quantum technology can perform highly complex computations quite swiftly. For many years, there were debates about the practicality of quantum computers. Many scientists were doubtful if making such a machine is possible. However, IT giants such as Google, Microsoft, and IBM have jumped on the bandwagon of quantum computing technology development.
The recent advances in quantum technology have shown that quantum computers are real and here to revolutionise information technology. As discussed earlier, Google has recently claimed a quantum breakthrough, where the quantum computer computed a highly complex calculation within a few minutes, beating the fastest supercomputers by far.
Quantum computing will transform many fields, such as Artificial Intelligence (AI), scientific research, chemical industries, finance, healthcare, safety-critical systems, cyber-physical systems, and transportation. However, it also poses an extreme danger to cyber and digital security. Enterprise data will be easily prone to brute-force attacks, and the standard encryption algorithms will not protect the data. Before going into details, let us understand what encryption is and why it is necessary for enterprise cybersecurity.
Every organisation has sensitive private and financial information stored in the form of data. Such data can be stored in physical locations such as data centres or the cloud. This data is constantly prone to cyber-attacks. Hence, enterprise data security is an essential requirement for every business. One of the key ways to secure the data in an enterprise is data encryption. Encryption is the process of converting regular data (plaintext) into an unrecognisable form (ciphertext).
This adds an extra layer of security. Even if the hacker manages to access the data, he is not able to understand it. Hence, data encryption is considered essential in the enterprise cybersecurity framework. With the rise of quantum computing technology, many standard encryption algorithms have become stale.
Now let us understand how most of the encryption algorithms are doomed due to quantum technology.
Most of the enterprises use encryption solutions developed on standard cryptographic techniques. These include RSA (based on factorization), DSA (discrete logs), and ECC (based on elliptic-curves). Once quantum computers become the new normal, the threat actors and attackers would easily break such encryption solutions. Hence, quantum computing will entirely change the encryption game.
Organisations will become an easy target of attackers. This will lead to huge financial and reputation losses. The latest research by RAND highlighted that consumers have low awareness of quantum computing in general. Hence there is low awareness of the threats associated with quantum computing and cybersecurity as well.
This is true even among the IT informed age group, which includes 18-to-35-year-olds. We must understand that now is the right time to be informed on the quantum threat landscape and switch to quantum-safe encryption solutions.
There is no doubt that quantum supremacy would change the cyber threat landscape entirely. Timely pro-active measures can save organizations from quantum threats. Microsoft, Google, and AWS are already implementing this technology as a cloud service. Therefore, quantum-aware and quantum-safe technology will soon become an inevitable requirement of cybersecurity.
Quantum-aware standards and cyber risk management
IT strategists must keep in view the implications of quantum computing on cyber-security starting now. It is imperative that sensitive data, risk management procedures, identity management systems, and connected technology must be made quantum-safe.
Hence quantum-aware standards, policies, and risk management should be adopted to ensure enterprise cyber-security. In this regard, NIST and ETSI are playing a pivotal role in standardising quantum-safe cyber security.
Post-quantum cryptography and cryptographic agility
Enterprise security solutions must shift to Post Quantum Cryptography techniques. As the name suggests, post-quantum cryptography algorithms are designed to fight quantum technology. Hence, these encryption algorithms are deemed as quantum-resistant or quantum-safe.
For example, lattice-based cryptography or AES-256 are considered quantum- resistant. Furthermore, the transition from standard cryptography to quantum-resilient cryptography requires cryptographic agility. It means that organisations must be ready to evolve the cryptographic solutions with the evolving threat landscape.
To start a quantum-safe journey, organisations must adopt quantum-aware standardisation, post-quantum cryptography solutions, and cryptographic agility. The key to surviving cyber-attacks in the quantum era is a proactive and adaptive approach towards potential threats!
Create your free account to unlock your custom reading experience.