Why Quantum Computing Threat Will Impact 'Absolutely Everyone' In Security: Experts
In this news
by Kyle Alspach, CRN
For cybersecurity teams continually bombarded with new threats, turning their attention toward an uncertain, future risk like quantum computing can feel a bit ridiculous.
The question — "'why are we even talking about this?'" — is not at all uncommon when it comes to the potential data security threat from ultra-powerful quantum computers, according to veteran cryptography specialist Jason Soroko.
"There are so many problems in front of a CISO right now that something that's even six months away sounds like forever," said Soroko, senior fellow at Sectigo, a provider of digital certificate management. "Something that's five years away — that's an eternity."
As has been known for years, the advancement of quantum computers — an entirely new form of computing power based on the principles of quantum mechanics — could render existing data encryption methods obsolete in the future.
However, the date when this unprecedented threat to data could manifest, referred to as "Q-Day," is impossible to predict. That has made preparing for the transition to post-quantum cryptography difficult to prioritize for many organizations.
What many don't realize is that preparations need to begin well in advance if organizations want to have a chance of protecting their data from potentially quantum-empowered threat actors of the future, experts told CRN.
Supply Chain Considerations
Among other things, the post-quantum preparedness of vendors and supply chains will need to be assessed as well, said Naasief Edross, chief security strategist at World Wide Technology, No. 9 on CRN's Solution Provider 500 for 2025.
"No amount of work that a customer does [on post-quantum encryption] will hold the security fabric together, if a supplier that they use is not going to do that," Edross said.
For example, if an organization transfers their data to a supplier — but the supplier hasn't transition to quantum-resistant encryption — "then my data that's transferred out of my walls, that was secure, is now vulnerable," he said.
Therefore, "you have to ask the question of your vendors, of your suppliers — 'How are you dealing with getting to quantum-safe levels of encryption?'" Edross said.
Coming To Contracts?
Eventually, the shift to post-quantum encryption may be obligatory for organizations if only for the sake of winning or keeping business with clients, experts told CRN.
While it's still a bit early for quantum-resilient cryptography to become part of due diligence and contractual processes, this is certainly a possibility for the future, according to Edross.
"I think that it could show up on security questionnaires," he said. "A facet of the security questionnaires could be, 'Tell us what you're doing to get to quantum-resistance.'"