Melvin Koh | Head of Sales Engineers, ASEAN
Businesses throughout the world are responsible for protecting an array of confidential information, from intellectual property and financial projections to customer data and contract details. For years, encryption has served as the primary tool for defending this information, both on-premises and in the cloud.
But just as enterprises are responsible for safeguarding their sensitive information, they must also protect the encryption methods themselves. The coming arrival of quantum computing poses an existential threat to today’s encryption methods, as their overwhelming computing power could break encryption keys through brute force in a matter of minutes. However, a majority of organizations have failed to recognize the coming challenge: according to a recent white paper from IDC, only “26% of organizations globally are in the process of operationalizing their quantum computing plans”.
Encryption under threat
Some of the most common tools and practices used in modern cybersecurity could be rendered obsolete by quantum computing, including:
- Root certificate authorities (CAs) - Root CA keys have long lifetimes, putting certificates at risk if they have been signed with a key that is rendered obsolete by quantum computers
- Data retention requirements - Enterprises must store and protect data for a prescribed period of time, maintaining security even in the face of future quantum threats
- Data transferred over transport layer security (TLS) - This data could be at risk of decryption in the future with perfect forward secrecy
- Document signing solutions - Documents signed today will not maintain their integrity against future quantum devices
- Code signing certificates - The use of code signing has increased together with the growth of DevOps and cloud computing, but these codes could be compromised (with disastrous consequences) by quantum computers
Encryption is a key aspect of these tools, as well as fundamental internet utilities like email, messaging, web browsing and online banking. The ubiquity of encryption has led many security teams to consider it a “set and forget” technology, overlooking the complexity and critical importance of this widespread solution. Encryption only comes to the fore in the event of a breach, when enterprises suddenly recognize the financial and reputational implications of maintaining strong security practices.
But while encryption’s longevity and widespread adoption have long demonstrated the tool’s effectiveness, this longevity will soon become a weakness. The advent of quantum computers will require security organizations to audit their tools, identifying how and where encryption is being deployed to determine what upgrades need to be made for long-term security.
Cryptographic keys establish digital trust
As we move towards the era of quantum computing, cryptographic algorithms will need to adapt to keep pace with new and emerging threats. Additionally, enterprises must ensure the integrity of cryptographic keys within secure environments such as hardware security modules (HSMs), and practice crypto agility, which enables the quick reaction to cryptographic threats by implementing alternative methods of encryption.
Thales Luna HSMs are designed to provide future-proof security for many of the world’s most security-conscious businesses and organizations. Luna HSMs act as trust anchors by securely managing, storing and processing keys inside a FIPS 140-2 Level 3 validated tamper-resistant device, while leveraging crypto agility to remotely update device roots, keys and certificates; change, migrate and be agile for a wide of range of applications; and add new and custom mechanisms within the secure confines of the HSM.
To learn more about quantum-safe crypto key management, please download this recent IDC white paper.