Kevin Bokek is Venaphy's Vice President of Environment and Community .
Over the past five years, the term “post-quantum cryptography” has become the “apocalypse hype” and the coming wave. Since then, I have encouraged preparedness by calling on industry to prepare for the quantum revolution. However, we find ourselves at a time when the hype around the preparation of quantum cryptocurrencies has reached a fever pitch, causing us to question whether we are concentrating in the right directions.
The damage caused by the quantum risk of overhyping in crypto is enormous. Valuable resources are wasted trying to detail things that mean nothing to most people and distract from the real problems we need to solve. The bottom line is that quantum cryptography readiness is not a concern for most cybersecurity professionals, and CIOs, CEOs, and boards of directors are overwhelmed with misplaced priorities. To meet this challenge facing business and enterprise leaders, we need to rethink our approach and the solutions available.
The Post-Quantum Security Solution: Abandoning Cryptoplasticity
In a post-quantum world, the key question is how can we protect ourselves from attacks, new technologies and threats from malicious actors? Contrary to current discussions, the answer does not lie in crypto-existence. The Global 5000 does not dictate crypto preferences. Instead, solutions are made through open source projects involving companies such as Microsoft, IBM, F5 and others in Silicon Valley and Redmond, creating applications for cloud services, as well as thousands of commercial software. The concept of quantum cryptoflexibility is essentially a farce.
Fears that security teams will swallow crypto quantum because they need to be efficient are misplaced. They have responsibilities for managing computer identities, such as TLS certificates and code signing certificates, which will inevitably be replaced. Your security teams do not choose the cryptocurrency, but are responsible for managing certificates that use this new cryptocurrency. The problem is not which algorithm to choose, but the replacement of application identifiers. To manage these smoothly, business leaders need to implement global governance and lifecycle management.
The importance of ensuring your own safety
Similar concerns exist in the context of potential quantum phenomena. Automation is the real goal. Regardless of the emphasis on quantum crypto-agility, our real goal is to partner with the Global 5000. How do we update applications? This is an ongoing challenge that requires automation and a proactive management approach.
Creating a business case today involves implementing the automation and management that exists today. This forward-thinking strategy provides preparation for a future in which quantum computers threaten the types of machine IDs in use.
It is important to remember that arguing about which cryptographic algorithm is better is pointless. Instead, focus on the automation needed to quickly adapt to the applications you use and change machine IDs. This arrangement will bring success today, not in the near future. Certificate lifecycle management and automation eliminates bottlenecks and improves efficiency in a world where we rely on certificates to validate the cloud, applications, and code. They are all highly scalable and scale well for modern businesses.
Its responsibilities include managing the identity of machines, without paying attention to the cryptographic basis. Remember SHA-1? A widely used hashing algorithm that doesn't require a quantum computer to crack is ubiquitous. Companies faced exit deadlines, but some persisted. The lesson here is clear: this is not about changing encryption; This includes verifying the identity of computers that need to be replaced when updating their applications.
Show the way forward
Quantum computing is predicted to begin breaking encryption by 2030 or earlier, forcing organizations and business leaders to actively prepare for a post-quantum world. There is no doubt that machine identity will be destroyed in a post-quantum world, and according to a recent McKinsey study, countries are committing billions of dollars to government quantum funds to prepare for and prevent massive economic fallout. and national security. It will be on earth. We are working with the Government of Canada on post-quantum readiness and as part of a three-pronged National Quantum Strategy.
While government agencies such as CISA, NIST, and the NSA are pushing for a “quantum readiness” roadmap, it is important to note that the Global 5000 are not the decision makers when it comes to cryptocurrencies. Security teams and business leaders must focus on protecting the identity of machines that can counter evolving threats. The path to a smooth transition is through end-to-end governance and automated lifecycle management, allowing security leaders to quickly adapt without manual changes. In this complex quantum landscape, our responsibility as business leaders is not only to adapt, but also to provide foresight and strategic management.
The Forbes Technology Council is an invitation-only community of CIOs, CTOs and world-class technology leaders. I'm right