If you’re of a certain vintage, you’ll remember Y2K – the disaster-that-wasn’t because organizations around the world carefully prepared for what could have been a catastrophic disruption to digital systems.
As quantum computing technology matures, we’re primed to face another Y2K-like event: Q-Day, meaning the point at which quantum computers become capable of breaking traditional encryption, totally upending security as we know it.
As Q-Day looms, now is the time for companies to begin preparing their security strategies for a post-quantum future. And fortunately, there’s a relatively easy solution: Migrating vulnerable workloads to the cloud.
That’s not to say that cloud migration will totally mitigate all security risks in the quantum era. But it is arguably one of the best steps business can take today to get ahead of quantum security risks. Here’s why, along with tips on how to respond proactively to quantum security challenges starting today.
Security challenges in a post-quantum world
Let’s begin by discussing why quantum computers are poised to create deep security challenges for businesses around the world.
The reason is simple enough: Because quantum computers can perform tasks in seconds that would take classic computers tens of thousands of years to work through, quantum machines will render traditional encryption algorithms obsolete. They’ll be able to brute-force encryption keys by running through all of the possible permutations in a matter of minutes.
As a result, all data protected using traditional encryption will suddenly become vulnerable to attack. This includes both data at rest (meaning data that is stored on disks or other persistent media) and data in motion (meaning, primarily, information that travels across the network). Any data that attackers manage to access will become instantly readable to them on Q-Day if it is protected only through traditional encryption.
When will Q-Day happen?
Currently, quantum computers have not quite reached Q-Day. To create quantum computers that are reliable enough to crack encryption and perform other real-world tasks, researchers must overcome technical challenges like quantum interference, which means disturbances to data flowing within quantum devices.
It’s not yet clear exactly when those problems will be mitigated and quantum computers will become ready for prime time. Some folks argue that Q-Day won’t arrive until the 2030s, but others contend that it’s not far out.
The uncertainty surrounding the timing of Q-Day is part of what makes the quantum security threat so vexing. Unlike Y2K, which researchers could predict with absolute certainty, Q-Day could end up arriving just months from now.
On top of that, it’s possible that Q-Day will happen without drawing much attention. If threat actors manage to find a way to break conventional encryption using quantum machines, they’re not likely to hold a press conference to announce their achievement. Instead, they’ll quietly be decrypting sensitive data, likely without the knowledge of the companies they’re attacking.
Investing in quantum cryptography
This is why now is the time for businesses to begin preparing. If you don’t want to be among those caught unawares on the day when threat actors around the world can suddenly decrypt all of your sensitive data with ease, you want to invest in quantum security protections as soon as possible.
Those protections involve, above all, quantum cryptography – a fundamentally new approach to encryption that uses quantum physics to secure data. With quantum cryptography, it becomes impossible for unauthorized parties to read sensitive information without the knowledge of the legitimate senders and receivers of the data.
Unfortunately, like quantum computing in general, quantum cryptography is a technically complex endeavor that is still in the research stages. Implementing it requires very specialized expertise; only engineers with extensive knowledge of both cryptography and quantum mechanics are able to build this type of solution.
In addition, anyone who wants quantum encryption will need access to quantum computers where they can build their solutions. That’s a challenge because the number of full-scale quantum computers that exist around the world is still measured in the dozens.
Control over network infrastructure, too, is an important piece of the quantum cryptography puzzle. Organizations will need to be able to manage data as it flows over networks in complex ways to ensure quantum encryption remains in effect, but that the data is not lost or irreparably scrambled as it flows between different segments of the Internet (which, like all other components of classic computing infrastructure, was not designed with quantum security needs in mind).
Because of these requirements – specialized expertise, access to quantum devices and specialized control over network infrastructure – implementing quantum cryptography is likely to be beyond the reach of the typical organization for the foreseeable future.
How cloud migration can mitigate quantum security threats
But just because you can’t build quantum cryptography solutions in-house doesn’t mean you can’t take advantage of them. By migrating workloads to the cloud, businesses can protect against post-quantum security risks even if they are unable to implement quantum cryptography on their own.
This is because cloud hyperscalers – which include the major public cloud providers (like AWS, Azure and GCP) as well as other companies with large-scale technology infrastructure and investments (like Meta and IBM) – have the financial, personnel and infrastructure resources necessary to implement quantum cryptography. It’s a very safe bet that they’ll be among the first to bring this type of solution to market, and that they’ll make it available to businesses that use their platforms.
That said, the hyperscalers probably won’t be able to roll out quantum security protections overnight, or immediately accommodate the needs of everyone who suddenly wants to move workloads into their platforms to protect them after Q-Day arrives. For that reason, businesses should be looking to migrate now. They should identify which workloads will become vulnerable on Q-Day, then move them into hyperscale environments that will maximize their ability to keep the workloads safe in the post-quantum age.
Conclusion: A proactive approach to quantum security threats
On balance, of course, little about quantum computing is certain at this point, and it remains to be seen exactly which types of quantum security solutions the hyperscalers will roll out. But there is very good reason to expect that the organizations that come out ahead on Q-Day will be those that take full advantage of the cloud before Q-Day arrives.
After all, the cloud has long been the go-to solution for organizations seeking greater scalability, security and performance. The looming quantum security crisis makes the cloud all the more important to the future of digital resources.
You may also like…
IBM and Microsoft partner to help companies modernize security operations