Earlier this month, the Quantum-Safe Security Working Group (QSS WG) of the Cloud Security Alliance (CSA) published the results of its Quantum-Safe Security Awareness Survey*.
Awareness of the recent advances in quantum computing, and the potential impact the quantum evolution will have on data security, was high; with 60% of respondents either aware or very aware of the implications. This shouldn’t come as a surprise, as there have been a lot of quantum computing headlines over the past 12 months.
This level of awareness puts into context the degree of confidence stakeholders have in their current security provision’s ability to protect against a quantum-attack. Less than one third of respondents were confident their data would be safe.
Amongst stakeholders, awareness of quantum-safe solutions, such as Quantum Key Distribution and Quantum-Resistant Algorithms was also high. However, there was a lack of appreciation that these technologies would provide effective data protection in a post-quantum computing world.
It was, perhaps, surprising then to discover that just 40% of respondents were currently working towards future-proofing their data protection strategy.
As the QSS WG points out “There is clearly a disconnect between awareness of quantum security issues, in-depth understanding of the potential threats and willingness to act upon this knowledge effectively.”
This begs the question, why are organisations not implementing quantum-safe technologies now? According to the QSS survey results a large proportion (44%) just don’t see it as a priority. With a viable quantum computer likely to be a decade or more in the future, IT security professionals believe, falsely, that time is on their side.
What this ignores is the practice of “download now, decrypt later” being adopted by cyber-criminals. The long-term value of data available today means it can still prove profitable if a cyber-criminal download the data today and waits until the technology is available that can easily crack the encryption used to protect it.
Now is the time that security-aware organisations should be transitioning to quantum-safe solutions. And organisations should plan now for their transition to quantum-safe PKI, bearing in mind the transition time might be long.
A copy of the summary results can be found here.
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organisation with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
Bruno Huttner, IDQ’s QKD Satellite programme manager for the Quantum-Safe Security division, is also chairman of the Quantum-Safe Security Working Group (QSS WG) at the Cloud Security Alliance.
Set against a background of accelerated investment and advancement within the quantum computing sector, the QSS was keen to identify those areas of concern to stakeholders from the IT and information security sectors.
*The survey was conducted among CSA members to determine the overall awareness of quantum security risks within the cloud computing community