WP What is Quantum Computing, and Why Should Security Professionals Care? | Imperva

What is Quantum Computing, and Why Should Security Professionals Care?

What is Quantum Computing, and Why Should Security Professionals Care?

Quantum computing basics

Quantum computing embraces the laws of quantum mechanics to solve those problems that are currently too challenging for even the most high-performance modern computers. Across the board, it is a fundamental shift in computing with the potential to alter the way business is done, change financial modeling, massively speed up cryptocurrency processing, support the fight against illness, create new and more accurate climate models, use massive data sets on operational failures to alter manufacturing processes for success, help us in the creation of custom materials, and change informational processing in a million other ways as yet unforeseen.

This rapidly-evolving area of study focuses on the development of information processing technologies around such principles as interference, superposition, and entanglement. The ongoing efforts toward creating physical quantum computers aim to harness such sciences as ion traps, transmons, and topological quantum matter, in an attempt to create high-quality qubits – quantum bits akin to the binary digits of traditional computing, though changeable and volatile in nature (one, zero, or both at the same time). It is a whole new way of computing that will require a whole new way of thinking.

Tomorrow is already here

While it’s still early days for quantum computing, the recent “The Next Tech Revolution: Quantum Computing” report [McKinsey & Company] predicts that industries like finance may begin to realize gains from this new technology as early as 2025, with other sectors soon to follow their example. The report estimates there could be 2,000 to 5,000 quantum computers around the globe by 2030, though the additional software and hardware required will mean it will be closer to 2035 before they are ready to tackle complex business issues. Much of this will be decentralized and cloud-based, and will further roll out rapidly as one of the biggest digital disrupters ever – alongside AI, machine learning, and in an increasingly connected world of devices and services.

In computing, and particularly in cybersecurity, eight to thirteen years is no time at all. Any company with a product shelf life beyond 2025 needs to consider quantum computing as a current threat, despite the myriad of unknown factors. For example, automotive manufacturers developing today’s connected vehicles, with the necessarily robust security standards to safeguard users’ security and privacy, have long development and production cycles – around six to eight years. With the average vehicle lifespan in the US being twelve years [Bureau of Transportation Statistics], the wireless delivery of new software to these vehicles may be especially sensitive to evolving quantum threats. Considering the security ramifications of quantum computing is something we need to do now, not when it’s too late.

In the hands of the enemy

It only takes one nation-state bad actor – entities that are notoriously well-funded early adopters – to gain access to this technology, and it will warp the cybersecurity protection landscape on a quantum level. With quantum computers capable of factoring the prime numbers (used in asymmetric encryption algorithms) which form the basis of current cryptography systems, in just a few years, any standard public-key cryptosystems will no longer be enough. Public-key cryptosystems are used to protect data from unauthorized alteration, guarantee its confidentiality, and authenticate its source. This will have severely disruptive implications for securing information both in transit and at rest.

Talk in cybersecurity and development forums postulates that bad actors may even be stealing private data now, and storing that data to decrypt it in the future using quantum computing technology.

While the US National Security Agency/Central Security Service (NSA) isn’t promoting the use of Quantum Resistant Cryptography immediately, they have released this interim policy to offer organizations guidance, and are taking quantum computing’s threat to cybersecurity extremely seriously.

Looking ahead

Organizations must allow for future quantum computing developments by being sure that they have the appropriate resources now for cybersecurity updates in the future. Data and security architecture will need to be kept appropriately modular, for maximum flexibility. Post-quantum cybersecurity is something CISOs need to be considering today, balancing immediate costs with potential risks in the years to come. Departments need to allocate financial resources, to facilitate the evolution with minimal interruption. High-performance demands might need new and high-performance hardware and solutions. Security leaders need to get this in front of their C-suite, their developers, their decision-makers, and those who hold the purse strings – to raise awareness now.

While this is currently a cryptography matter, it is a part of our mission to stay ahead of developments in the cybersecurity space and to be cognizant of emerging technologies. Our product development team at Imperva is considering the challenges of quantum computing protection as we are expanding our portfolio of new and ever-evolving solutions. We are working towards real remedies today, to mitigate problems on the horizon – considering a defense-in-depth approach with multiple layers of quantum-aware protection.

Organizations need an interim solution so that, when quantum-resistant algorithms and solutions become available, they can embrace the latest developments painlessly and migrate with minimal business disruption. It is also inevitable, as with any new and pervasive technology, that there will be a skill shortage in this field, and trained graduates will be in high demand. It is important for security leaders to consider the development of threat-aware products and systems now, to mitigate future risk. We believe that making relationships between organizations and cybersecurity providers like ourselves, who are thinking about quantum computing as an attack vector, will be crucial to future business protection and success in the years to come.