Enterprise Security: Getting Ready for Q-Day and PQC

Q-Day: The day quantum computers can render all current encryption methods meaningless. 

 If you are not yet familiar with the terms Q-Day and PQC, you should be starting today.  PQC or ‘Post Quantum Computing’ refers to the next wave of potential security headaches coming your way in the next decade if not sooner. The industry already has coined a term for it, called Q-day, which is when your current security that revolves around cryptography will be rendered irrelevant. So, this may be one area where being an early adopter has far less risk than being a laggard. The good news is that we seem to have some time to prepare for this change (more time than say the Y2K switch) given the current state of innovation around quantum computing. That said, this is one area that it will pay to stay vigilant as our sense is that once the dam breaks on this technology, it will be everywhere in the wrong hands and quickly. 

What is Quantum Computing? 

I blame Max Planck, one the leading German scientists who pioneered quantum theory leading to quantum mechanics, which is the underlying principle of quantum computing. Our ‘classical computing’ machines rely on the old trustworthy system of binary bits and bytes (1’s and 0’s) to calculate and manage data, whereas quantum computing uses a system called qubits.  The really cool thing about qubits, however, is that they too use 1’s and 0’s but have a third state called ‘superposition’. Qubits are created using physical systems, like the spin of an electron or the orientation of a photon. These systems can be in many different arrangements all at once, known as this quantum superposition. This is where all that science from Max Planck (and many others) comes in. Superposition takes advantage of quantum entanglement such that qubits can be represented by 1’s, 0’s, or both at the same time. So, to us laymen, it just means that a quantum computer can take on thousands more computations at the same time than classical computing. 

Why QC a threat to the data security status quo? 

For many years, we’ve been protecting our data with AES (Advanced Encryption Standard) using 128-bit to 256-bit encryption technology. These varying cipher lengths are used to encrypt and decrypt blocks of data. The beauty of this technology has been that in order for a system to hack or break this encryption, would require ‘classical computing’ systems years solve. The sheer computing power required to break the code makes the possibility so remote that no effort would be practical, even for thieves. Who can wait thirty or more years just to see information that is will likely be irrelevant by then?   

Now comes the QC. As referenced earlier, QC is able to process data and computations exponentially faster than classical computing. In fact, exponential does not begin to describe the impact QC will have in terms of computational capacity. Google's Quantum Computer in their lab was reported last year to be about 158 million times faster than the world's fastest supercomputer (IBM Summit). So in essence, this means in theory that a quantum computer could crack our current day standard encryption in minutes, if not seconds. To say that there will be a transition needed to maintain encryption technology and standards to stay well ahead of this would be an understatement. 

What should you be planning for? 

The current state of quantum computing suggests that we are far from having commercial applications and mainstream quantum computing hardware. There are many barriers to overcome in this space, not the least of which is the science behind manufacturing them. Engineers are still working out the best methods and processes to effect quantum computing in real life, and investments are on the rise to help them do that. The good news is that the US Commerce Department’s NIST (National Institute of Standards and Technology) have released the results of a six-year competition to devise methods that could resist or withstand QC attacks. According to them, the results are promising, for now. 

We advise Clients to keep an eye on PQC (post quantum computing) and stay informed! You don’t want to be caught in a situation where you are having to ‘binge buy’ security technology because PQC readiness was underwater.  There are already companies offering to future proof you with quantum encryption capabilities. We look at these skeptically in terms of when to purchase given what’s secure against QC today – may not be tomorrow. 

So, while you may not need this technology now, rest assured that very soon you will be making investments in post quantum security to ensure you are protected. Some are projecting just in the Banking industry alone that Billions will be spent soon to thwart any threats. Today there aren’t any real commercial QC applications or hardware, but there will be bad ‘state’ actors who will have QC technology well before the world knows about it and try to use it on unsuspecting enterprises running 256-bit encryption thinking they are ‘safe’.   

If you need a review of who the players are in this post-quantum security world, let us know and we’d be happy to discuss your situation. 

About NET(net)

Founded in 2002, NET(net) is the world’s leading IT Investment Optimization firm, helping clients find, get and keep more economic and strategic value. With over 2,500 clients around the world in nearly all industries and geographies, and with the experience of over 25,000 field engagements with over 250 technology suppliers in XaaS, Cloud, Hardware, Software, Services, Healthcare, Outsourcing, Infrastructure, Telecommunications, and other areas of IT spend, resulting in incremental client captured value in excess of $250 billion since 2002. NET(net) has the expertise you need, the experience you want, and the performance you demand. Contact us today at info@netnetweb.com, visit us online at www.netnetweb.com, or call us at +1-866-2-NET-net to see if we can help you capture more value in your IT investments, agreements, and relationships.

NET(net)’s Website/Blogs/Articles and other content is subject to NET(net)’s legal terms offered for general information purposes only, and while NET(net) may offer views and opinions regarding the subject matter, such views and opinions are not intended to malign or disparage any other company or other individual or group.

Read similar posts below