• Wed. Nov 29th, 2023

    Critical Thought

    Critical thoughts on quantum technologies

    A New Era: Transitioning to Quantum-Resistant Cryptography

    BySam Figg

    Nov 19, 2023
    A New Era: Transitioning to Quantum-Resistant Cryptography

    With the imminent threat of quantum computers being able to break current encryption algorithms, organizations must prepare for the inevitable. However, according to a recent study by the Ponemon Institute, 61% of surveyed IT and IT security practitioners expressed concerns about their organization’s readiness to address the security implications of post-quantum computing. The challenges identified include lack of time, money, and skilled personnel, as well as uncertainties surrounding post-quantum cryptography, ongoing standardization efforts, and unclear ownership of the transition process.

    To successfully transition to post-quantum cryptography, organizations must tackle several obstacles. First and foremost, they need to determine who holds the budget for the transition and who will drive the effort. In addition, they must establish clear lines of responsibility within the organization. This is especially challenging because public key infrastructure (PKI) often exists across multiple departments, making it difficult to centralize responsibility and ownership.

    One potential solution is to centralize cryptographic activities under a single department and leadership. Alternatively, organizations can form committees with stakeholders from various departments to influence the direction of their cryptographic programs. Collaboration between technology and business leaders is crucial in designing the most effective organizational path forward.

    While the lack of standardized quantum-resistant algorithms may seem daunting, organizations can take advantage of draft standards, explore and test algorithms on different systems, and use the results to devise implementation plans in advance.

    Moreover, organizations need to shift their mindset around quantum cryptography. Executives must recognize that the threat to data privacy and confidentiality exists even without cryptographically relevant quantum computers currently available. Threat actors can employ strategies to steal data now and decrypt it later once quantum computers become a reality. Thus, it is essential to secure software and devices with quantum-safe keys to protect data and users in the long term.

    The urgency to prepare for the post-quantum era cannot be overstated. The integrity of relationships, whether in business or personal contexts, relies heavily on trust. Companies that demonstrate investment in quantum readiness will build trust with customers and business partners, while those that neglect to prioritize this transition may face consequences.

    The transition to post-quantum cryptography is not solely a technological requirement but also a critical component of long-term business strategies. By taking the opportunity to adopt more efficient and secure approaches to managing cryptographic assets during this transition, companies can enhance their overall security posture.

    Now, the question arises: to what extent are companies willing to invest in maintaining trust with their partners, customers, and employees? The time to act is now, as there is a global concerted effort to proactively mitigate data confidentiality risks associated with post-quantum computing.

    To get started, senior leadership must fully comprehend the implications of post-quantum computing on data security and allocate the necessary resources to prepare for it. Currently, only 30% of respondents in the Ponemon study reported that their organizations are allocating any budget for post-quantum cryptography readiness, and 22% have no plans to allocate budget at present.

    Ideally, organizations should have a central hub that handles all internal PKI matters. The allocated budget can be utilized to engage experts who will test post-quantum algorithms and facilitate the transition to quantum-resistant cryptography. Creating and maintaining an inventory of cryptography keys in use is a crucial step. This inventory helps organizations identify key characteristics, locations, and usage purposes, allowing them to prioritize protection efforts and create a detailed plan of action.

    To establish an effective centralized crypto-management strategy, organizations can turn to guidance from respected sources, such as NIST’s Migration to Post-Quantum Cryptography. Implementing systems that deliver crypto-agility, such as automated certificate and key management, will streamline operations and enable quick and sequential responses to emerging threats in the post-quantum era.

    The transition to quantum-resistant cryptography is not without its challenges, but with careful planning, collaboration, and investment, organizations can navigate this new era with confidence. By proactively embracing the future of data security, companies can safeguard their valuable assets and maintain trust in an increasingly digital world.


    What is post-quantum cryptography?

    Post-quantum cryptography refers to cryptographic algorithms that are resistant to attacks from quantum computers, which have the potential to break current encryption algorithms.

    Why is transitioning to post-quantum cryptography important?

    Transitioning to post-quantum cryptography is crucial because quantum computers have the capability to render current encryption algorithms vulnerable. This transition ensures that data remains secure in the face of advancements in computing technology.

    What are the main challenges in transitioning to post-quantum cryptography?

    The main challenges include the lack of time, budget, and skilled personnel. There is also uncertainty surrounding the implications of post-quantum cryptography and the ongoing standardization process. Additionally, organizations struggle with determining clear ownership and responsibility for the transition.

    How can organizations prepare for the transition to post-quantum cryptography?

    Organizations can start by identifying who holds the budget and driving the effort for the transition. They should establish a centralized approach to cryptographic activities and collaborate between technology and business leaders to devise the best organizational path forward. It is also crucial to explore and test quantum-resistant algorithms, create an inventory of cryptography keys in use, and develop a detailed plan of action based on recognized guidance.

    Why should organizations prioritize quantum readiness?

    Organizations should prioritize quantum readiness to maintain trust with customers, partners, and employees. Investing in quantum-resistant cryptography enhances business resiliency and demonstrates a commitment to data security in an evolving digital landscape. Ignoring the transition could lead to reputational damage and loss of valuable relationships.