Light Dark
September 8, 2021 By Jennifer Gregory 3 min read
Cloud Security
Data Protection

Have you ever sat in traffic and cursed the town planners? For years, you may have watched as the town approved new subdivisions and stores along the roads you drive often. And you wondered when they would add a new lane, extend a road or install a new stoplight. But think about this: If you’re skipping over news articles about quantum computing and post-quantum cryptography, you’re doing the same thing in relation to your business that town planners seem to do relative to new construction — waiting for the negative impacts before fixing the issue.

Much (if not most) of the time, these changes only happen after negative impacts come in force. People will go to council meetings over accidents and stop-and-go traffic. Have you ever wondered why town planners don’t proactively improve the roads before the new construction is finished? I’ve never understood why they wait.

But instead of clogged roads, your business or agency is more likely to face data breaches and cyberattacks. In turn, these can cause financial loss, reputation damage and business disruption.

For decades, the tech industry has held up encryption as the key to keeping your data secure. With more companies changing the way they work in the pandemic, data security has become even more important. Not only do we have more transactions performed online now, but a wider range of tasks are also now online.

Quantum Computing: A Different Algorithm

At the same time the volume and type of data increased online, researchers have been focusing on developing and perfecting quantum computing. It’s widely known that quantum computing is faster and can handle higher volumes than computational computing. However, not everyone knows why that’s true, or why it matters for post-quantum cryptography.

It’s because the algorithm takes a totally different approach. Instead of computing only with the traditional bit of a 1 or 0, quantum computing uses quantum bits, or qubits, which can also include superposition of 0 or 1. This increases the number of computations performed in the same amount of time.

Because quantum computers are out of the budget for most companies, and likely always will be, IBM and others developed a range of tools and systems that allow them to develop applications in the quantum environment without having to purchase cost-prohibitive hardware. The goal is frictionless quantum computing with developers using advanced hardware with a cloud-based application programming interface, working seamlessly with high-performance computing resources.

Developing Post-Quantum Cryptography

Making quantum computing accessible and feasible opens many doors, especially in the fields of health and science. People will be able to solve problems they never could before. However, attackers will have access to quantum computing as well. This means they will be able to use it for harm. This is Q-Day, or the moment in which quantum computing will render any of today’s encryption methods, including those that protect systems like financial markets and public infrastructure, obsolete.

Using quantum computing, attackers can likely break even the most advanced encryption methods. The greatest concerns are Shor’s Algorithm and Grover’s Algorithm, which are two of the most touted capabilities of quantum computing. Once these are easy for attackers to obtain, they will be able to use these algorithms to break existing symmetric, and asymmetric, defenses. This means that in a post-quantum cryptography world encryption protected with RSA or elliptic-curve cryptography (ECC) can easily be cracked, opening up sensitive data to breaches and attacks.

The issue is so critical that the National Institute of Standards and Technology launched a post-quantum cryptography project to address this specific issue. The NIST started with 82 candidates for post-quantum cryptography algorithms and recently announced at the IBM cryptography meeting that it hopes to have a small number selected for standardization at the beginning of 2022. The goal is to have a final version finished around 2024.

Living in a Post-Quantum Cryptography World

Because encryption is everywhere — affecting every device, browser and application — updating encryption algorithms to be quantum-proof is a huge task. Writers often liken it to fixing the Y2K bug. And that’s accurate. Once the solution exists, organizations will need to update their encryptions in everything they’ve developed. Every person and business must ensure that all the devices and applications they use are updated.

Now is the time to be doing what we all wish town planners would do. Once the algorithm comes out, you likely won’t have much time. After all, the threat actors will have access to it, too.

Start making notes of all the areas where the systems and applications you develop use encryption. And keep a close eye on the changes happening in quantum computing.

You can then be ready to spring into action — and know exactly what to do — when post-quantum cryptography technology starts to affect you. Instead of dealing with accidents and traffic jams, your customers and employees will be driving down the road smoothly with their encrypted data well protected.

 |  | 
Jennifer Gregory
Cybersecurity Writer

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature