TechRadar 2023 Hot Topic – Trust and Cybersecurity
This article is a selection of the 2023 Devoteam TechRadar, it’s designed to introduce the context of the chapter by covering a hot topic in the industry.
This year’s focus is on the Cloud Native era – a new era where technology and business are more interconnected than ever. Companies must prepare for disruptive models built with, in, and for the cloud. The technologies in TechRadar 2023 are mostly all participating in this movement.
How can organisations deal with the post-quantum risk?
What if we told you that In a few decades, a quantum computer that is realistically robust might be able to decrypt virtually all of today’s encrypted data on the Internet? It’s time to be ready.
Quantum computers will be able to break certain types of current cryptography that are important to enable trust in a digital economy and that protect confidential intellectual property from being leaked. Electronic signatures, secure key exchanges, or authentication based on Public Key Infrastructure could all be defeated. Previously secure messaging applications, protected websites or VPNs may be compromised.
There is no reason to panic as quantum computers will take years to be strong enough to break current cryptography. Still, security issues may become relevant much earlier for organisations that need long-term protection of data confidentiality or integrity.
The National Institute of Standards and Technology (NIST) is currently selecting new quantum-safe cryptography standards, with the goal of publishing
standardisation documents by 2024.
Even though it is not clear when quantum computers will be ready to break current cryptography, organisations should evaluate their risk and start planning for the post-quantum cryptography area as the process of defining and executing a post /quantum cryptography strategy may take several years.
Devoteam’s Recommendation to get started on Post-quantum Threat
There are many ways to build a quantum computer resistant cryptosystem, but how do you know which is the best? Quantum-resistant security should definitely use hybrid solutions that combine conventional and quantum-ready technologies. This ensures that existing security stays intact while adding new post-quantum cryptography techniques.
Organisations need to first assess their existing cryptosystem solutions and proceed to build a concrete strategy that incorporates quantum computer cybersecurity resilience into the organisation’s existing cybersecurity risk assessments. Steps to achieve this should consider the following elements:
- Create awareness among decision makers and IT leaders to understand what is different with new quantum-safe cryptography and what the implications are for an organisation.
- Assess the risk to enable your organisation to understand exposures to quantum-based cryptography attacks.
- Create strategic guidance and education to prioritise quantum-safe initiatives for organisations tailored to organisational risk, IT strategy, supply-chain dependencies, and ecosystem operations.
- Create a migration plan towards agile and quantum-safe cryptography to enable organisations with modern and flexible paradigms, such as cryptographic services.
Managing the transition once enough strategic maturity is achieved is possible through partnerships with solution providers that offer cryptographic agility and a proven migration path that avoids collateral damage and lock-in situations.