Boston Consulting Group’s (BCG) recent article, Ensuring Online Security in a Quantum Future is a must-read for enterprise security professionals responsible for protecting critical data in transit and mimics many of our own beliefs and talking points here at Quantum Xchange – mainly, organizations must act now to prepare for the quantum era by embracing crypto-agility and deploying a dynamic crypto infrastructure capable of keeping pace with the evolving threat landscape.
Public Key Encryption, or PKE, is the traditional form of cryptography used by billions of Internet users to access, share, and store data safely. But the future of quantum computing means this traditional standard of cryptography will reign obsolete, as quantum computers are expected to soon have the ability to rapidly factor products of large prime numbers leading to a cryptographic break. BCG sets the stage with the following quote:
“Since PKE enables more than 4.5 billion Internet users to securely access some 200 million websites and engage in some $3 trillion of retail e-commerce annually, a lot is at stake. An estimated 20% of all IT applications, or more, rely on PKE. Furthermore, data currently transmitted based on RSA-2048 is vulnerable to ‘store now, break later’ attacks…”
Like most articles that cover the promise and the perils of quantum computers, BCG spends some time weighing the pros and cons of the two “camps” for combating the quantum threat: math via Post-Quantum Cryptography algorithms sponsored by the NIST project, and physics via Quantum Key Distribution (QKD).
BCG, like Quantum Xchange, is quick to point out that PQC algorithms that rely on a set of mathematical problems that have no currently known solutions using either quantum or classical computers could present considerable risk because PQC, like all encryption algorithms before it, is vulnerable to future advances in solving the mathematical problems or to implementation errors.
This is why Quantum Xchange encourages a defense-in-depth approach to future-proofing your data in motion and addresses the quantum threat architecturally with a simple overlay – or second, independent encryption platform featuring out-of-band key delivery protected by PQC (featuring all candidate algorithms), QKD, or both for true crypto agility.
BCG also highlights that past cryptographic transitions have taken years to complete. While NIST plans to release the PQC standards in the 2022-24 time frame, BCG warns: “This implies that the window for upgrading existing infrastructure is seven to 10 years – too short for such an ambitious goal.” The message is clear – the time to act is now!
What Should Companies Do?
- Embrace crypto-agility says BCG (and consequently Quantum Xchange). “Companies with a high degree of crypto-agility will be better equipped to handle the coming transition than those without it.”
- Identify and understand the criticality of their data assets. With a better understanding of their data inventory and risk tolerance levels, companies can take the necessary steps to increase their crypto-agility.
- Businesses need to prepare for the quantum future. BCG concludes, “Companies that deal with critical data, and those with higher risk profiles, should start piloting the integration of quantum-safe solutions now.”
Contact us to learn how Phio TX delivers infinitely stronger security today and quantum-safe protection from the threats of tomorrow.