Three things you can do now to prepare for a post-quantum future
(ForbesTechCouncil) With bad actors hard at work on quantum computing decryption and harvesting encrypted data for delayed attacks, you have a choice: 1. Wait, hit the panic button in a few years and rush the installment of a post-quantum solution as the threat timeline shortens, or 2. Get ahead of the curve by doing small — but impactful — preparation for post-quantum security now that can pay massive dividends down the line.
Anudeep Parhar, CIO at Entrust, a global provider of trusted identities, payments and data protection provides
a few steps you can immediately take to future-proof your company’s security with post-quantum cryptography. IQT-News summarizes his suggestions:
1. Take inventory of cryptography. Work with your internal IT and security teams and/or collaborate with an outside consultant to perform a cryptographic inventory of your systems. This process will help you understand which cryptographic algorithms are being used across your IT environment. With a complete picture of your cryptography, you can better understand how easy or difficult certain algorithms are to switch to a post-quantum solution and build a timeline for post-quantum transition.
2. Talk to technology providers about their post-quantum plans. Reach out to your IT vendors, such as email, database and antivirus providers, to understand the steps they’re taking to adapt to a post-quantum future. Vendor partners should be able to outline a clear strategy for their post-quantum plan. Your vendors’ success in transitioning to post-quantum security directly affects your security — delays in post-quantum updates on systems can impact the performance of the tools your organization relies on and leave your data unsecured. Assessing vendors’ approaches to post-quantum security planning will ultimately help you decide if they’re the right partners to keep in this transition or if it’s time to look at others.
3. Test possible solutions. Currently, there are no standardized post-quantum algorithms and implementations approved by the National Institute of Standards and Technology (NIST). However, you can still test open-source post-quantum implementations and approved proof of concepts within systems to make your eventual migration easier. Testing can help identify any bottlenecks in systems, helping save migration time once NIST-approved post-quantum cryptography solutions come to market.
Play The Long Game
Bad actors are playing the long game in their plans for quantum attacks, and you should play the same game with post-quantum preparation. Time is still on your side in establishing a powerful post-quantum security and cryptography plan. T