Quantum is coming…is your security function ready?
Companies currently rely on public key encryption, digital signatures and key exchanges to protect business commerce, communications, identity and data. These cryptographic schemes are underpinned by a set of vetted algorithms, and the level of protection is based on the strength of the underlying math and difficulty of calculation.
Existing cryptographic methods are the fabric of commerce, communications, identity and data protection at large—and all must be reviewed and potentially updated to continue conducting business safely and securely in a post-quantum world.
Quantum computing provides the processing hardware necessary to run Shor’s Algorithm at scale and perform even the most difficult underlying math problems very efficiently. Quantum also offers the power to identify secret cryptographic keys in an extremely efficient way. This could potentially expose businesses to threat actors globally—and all at once.
This disruption eclipses the diligent planning and deep investment that went into Y2K preparations. It is an immense, high-impact event that will override existing cryptography methods and make current infrastructure and application protections irrelevant.
Timing is critical as companies will not have the full eight years until 2025 to de-risk. This huge change management effort will take at least two to four years to implement once there is a viable proven algorithm announced somewhere between 2022-2024.
Steps to maintain secure communications and encryption:
By June 2019
Assess scope—Evaluate the cryptographic risks across business processes and assets, including current crypto methods, key lengths and where stored in the enterprise and within the partner ecosystem.
By January 2020
Develop mitigation strategies—Update existing crypto methods (i.e., lengthen key sizes), explore other data protection controls, evaluate current quantum-resistant lattice-based and hash-based cryptography.
By end of 2025
Plan and implement migration—Update systems with quantum-proof cryptography methods across all prioritized enterprise assets and third parties. Develop new policies, methods and procedures to support.