Back to Blog Home

Quantum security in a post-quantum world

While quantum computing seems like a technology of the future, organizations need to start planning for what quantum security they will need with this technology. Read on learn more about what companies can do to avoid being left behind.

Quantum computing seems like a technology that is off in the distant future, but the reality is, significant progress is being made and it is becoming a pressing concern for government agencies and major corporations alike.

To avoid being left behind, companies must look closely at the kinds of encryption they have deployed and begin to plan for quantum computing which will require quantum security. Wise leaders will take steps to shore up their existing security protocols and eliminate weaknesses so that when quantum computing is more affordable, their data remains safe.

Read on to learn why today’s cryptography will be tomorrow’s weakness and what companies can do to address the risk of quantum computing.

Tomorrow’s technology

Imagine a world where new medicines are discovered in a fraction of the time needed today, or climate modeling achieves a new level of accuracy never seen before. Sounds exciting, doesn’t it? Quantum computing allows us to handle incredible amounts of data and perform complex calculations much faster than conventional computers.

Some other applications of the technology include:

  • Finance – Assisting with stock portfolio management, risk quantification, and financial trading.
  • Aircraft development – Performing rapid calculations that allow for more accurate simulations and quicker rendering times.
  • Machine learning – Quickly analyze massive data sets to allow for better decisions and predictions.
  • Automotive – Predicting the best routes to a destination or providing information on upcoming traffic congestion.

Unfortunately, the side effect of increased computational power for organizations is that bad actors can use those same tools for their purposes. Companies must prepare for the risks of technology advancements to minimize the risk to the company and their impact.

Also read: Improving enterprise security with zero trust principles

Laying the security foundation

While affordable quantum computing is still a few years off, the truth is that when it arrives, today’s encryption algorithms will have weaknesses that criminals and nation states will exploit. This is because the advancements in computational power will allow bad actors to quickly factor large prime numbers that are used in modern encryption, like RSA and Diffie-Hellman. These encryption algorithms are found in key exchange, data encryption, and digital signatures.

Currently, Advanced Encryption Standard (AES) encryption protects data from being accessed by criminals and nation states. The good news is that AES uses symmetric key exchange and will remain resistant to quantum computing attacks. The bad news is that asymmetric encryption can be attacked by quantum computers. Algorithms such as RSA, Diffie-Hellman, and Digital Signature Algorithm will all be subject to quantum computing attacks, which means criminals and nation states will have a clear way to access to sensitive data.

Also read: The fundamentals of SASE and zero trust security

Quantum security: A long to-do list

Data has a long shelf life. The longer companies hold onto data, the likelier it is that this data will become vulnerable. A common practice today for removing old data is to delete the key associated with it or just delete the data itself; however, future computation advancements will make this data vulnerable to quantum computer attacks.

Companies need to take a measured, focused approach to all their data, where it is stored, what are the encryption tools used to secure the data and then determine which data needs to be secured from quantum computer attacks. They should develop a quantum security plan and take steps to address any weakness identified. Here are some key points to incorporate:

  • Update encryption algorithms – Aim to align with National Institute of Standards and Technology (NIST) guidelines.
  • Investigate vendors – Question security vendors about their plans for a post-quantum world to ensure companies use vendors that are ready to meet the challenges that are coming.
  • Perform an inventory and risk assessment of your environment – Identify and create an inventory of confidential, sensitive, and public data so that you can outline what security controls you need to have for each class of data. Consider deleting old data that is no longer needed by your organization. This should be a part of your data retention policy.
  • Be ready – New quantum-resistant encryption standards are being developed to address weakness with current cryptograph. Be prepared to implement them as they become available.
  • Have a plan – Be proactive, assemble a task force of internal staff and external vendors to begin identifying vulnerable technology.

Also read: Strengthen your IT security foundation with these patch management best practices

Expert advice is already here

Inside the CISO’s Office: Forrester insights on post-quantum security

For more insights on quantum security, listen to the recent Inside the CISO’s Office episode with John Bruggeman, Consulting CISO, and Heidi Shey, Principal Analyst of Security and Risk at Forrester. Their conversation used data from the Planning for Post-Quantum Security Report from Forrester. Read the full report for detailed insights on ensuring your organization stands ready for the technological leaps ahead.

OnX Canada knows companies will need further guidance as they take on the challenge of investigating their digital health and shoring up weak points. Get in touch with an expert from OnX today to help kickstart your quantum security journey.While quantum computing seems like a technology of the future, organizations need to start planning for what quantum security they will need with this technology. Read on learn more about what companies can do to avoid being left behind.