As the countdown to the year 2000 began, business and IT executives around the globe held their breath, hoping that the years of work to locate and expand every truncated two-digit date to four digits—in every system and every application—would enable global commerce to keep functioning.
The diligent planning and deep investment of time and energy paid off. In the 18+ years hence, business and technology has accelerated at an astonishing rate, bringing with it cloud, data analytics, digital platforms and ecosystems, artificial intelligence, microservices, blockchain
and, most recently, the realization of quantum computers.
As exciting as these technology advancements are, the emergence of quantum computing also brings a new and much larger type of security issue—one that will eclipse Y2K in terms of the scale and scope of impact on infrastructure and storage, business transactions and platforms, and business-to-business (B2B) and business-to-customer (B2C) applications.
Put simply, quantum computing presents a direct threat to modern cryptography and crypto systems. Existing cryptography methods—public key encryption, digital signatures and key exchanges—are on the verge of extinction because quantum computing jeopardizes the strength of the underlying math.
All three of these methods (public key encryption, digital signatures and key exchanges) are largely based on Diffie-Hellman, Rivest Shamir and Adleman (RSA) and elliptic curve cryptography. Protection or cryptographic strength is achieved by making the math problem (such as Integer Factorization and Discrete Log problems) difficult and cumbersome to solve. However, through the quantum properties of matter and energy, quantum computing can perform these calculations very efficiently, rendering the intractable task instantaneously and exposing businesses to threat actors globally.
As such, quantum computing presents a major security challenge that scholars, researchers and entities like NIST are actively assessing. But this is much larger than an academic issue; NIST estimates it took approximately 20 years to field the modern public key infrastructure that powers businesses today.
While there are expected efficiencies in adopting new technologies going forward, companies should not underestimate the scale of the business challenge. Our existing cryptographic methods are the fabric of commerce, communications, identity and data protection at large—and all must be reviewed and potentially updated to continue conducting business safely and securely in a post-quantum world.