Financial institutions and almost every other industry must quickly prepare for a post-quantum world, a new blueprint from the Info-Tech Research Group suggests. The paper can be downloaded here.
The alarm was sounded due to anticipated advancements in fault-tolerant quantum computers that will surpass existing encryption algorithms and cryptographic systems, which are expected to materialize sooner than projected. Because of that, data presently deemed secure faces potential vulnerability due to the emergence of harvest-now-decrypt-later strategies.
While ensuring the security of corporate data assets should be of utmost importance for organizations, the complexity involved challenges organizations to incorporate quantum-resistant cryptography into their current IT infrastructure.
According to Info-Tech Research Group, a robust approach to post-quantum security entails implementing well-defined policies, effective technical defences and comprehensive education initiatives. Organizations may also consider implementing new cryptographic algorithms or upgrading existing protocols to incorporate future-proof encryption methods.
“Emerging quantum technology holds the potential to tackle valuable problems that even the most powerful supercomputers will never be able to solve,” says Alan Tang, principal research director, security and privacy at Info-Tech Research Group. “As we venture further into the era of quantum mechanics, organizations relying on encryption must contemplate a future where these methods no longer suffice as effective safeguards. Organizations must proactively prepare for the development of countermeasures and essential resilience measures to attain a state of being ‘quantum-safe.'”
The transition to more resilient cryptography demands significant effort and time. A lack of comprehensive understanding regarding the cryptographic technologies currently employed in existing IT systems poses further difficulties in identifying and prioritizing systems needing upgrading.
Info-Tech Research Group has outlined a five-phase approach to developing quantum-safe cryptography, beginning with preparation.
Obtain buy-in from the leadership team, educate the workforce about the upcoming transition, and create defined projects to reduce risks and improve crypto-agility.
Determine the extent of exposed data, systems, and applications, then establish an inventory of classical cryptographic use cases.
Assess the security and data protection risks posed by the technology, followed by assessing the readiness for transforming existing classical cryptography to quantum-resilient solutions.
Prioritize transformation plans based on criteria such as business impact and near-term technical feasibility and effort. Establish a roadmap.
Implement mitigations, decommission old technology and validate and test products incorporating the new standard.
“A task that currently takes 10 years to crack through in a brute force attack could be accomplished by a quantum computer in under five minutes, rendering the many existing security measures utterly ineffective,” Tang said. “The utmost priority for organizations as we head into the quantum era remains data security and safeguarding sensitive information.”
Info-Tech Research Group advises IT leaders that embedding quantum resistance into systems during the modernization process requires collaboration beyond the scope of a chief information security officer alone. It is a strategic endeavor shaped by organization leaders and external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.