2 days ago
Why Post-Quantum Cryptography Is The New Speed And Agility KPI
Jordan Rackie is the CEO of Keyfactor, an identity-first security solution for modern enterprises.
getty
Quantum computing has taken on an almost mythical status—its arrival is both feared and eagerly anticipated by those in business and technology circles. Fortunately, NIST's guidance on the implementation of post-quantum cryptography (PQC) has been a great guide for the conversation, offering a timeline for organizations amongst a chorus of voices debating when quantum will finally be realized.
While helpful, the debate over when exactly quantum will arrive has boards and executives distracted. Leaders and experts continue to debate the exact year that traditional encryption will crumble, missing the most important,real-world consequences of the impending arrival of quantum computing.
Whether Q-Day was yesterday or is tomorrow, the risks facing businesses are the same and require attention right now. Leadership often loses sight of the reality that hackers are harvesting encrypted data today, knowing they'll be able to decrypt it tomorrow when quantum tools catch up. If that data includes sensitive customer information, financial records or intellectual property of any capacity, they are in for a world of hurt and exposure.
As the CEO of an identity-first security solution company, I believe that the real business risk isn't when quantum hits; it's what you've done to prepare for it.
The organizations and leaders that could be able to navigate the post-quantum future successfully are those who understand this imperative to act now. Just as digital transformation and digital trust have become enablers of business success, so too will post-quantum cryptographic health. In fact, I believe it's certain that cryptographic readiness is going to be the next factor that determines pack leaders in all industries.
If we consider previous paradigm-shifting transitions in technology—the rise of the internet, generative AI's explosion and now quantum computing—businesses that have thrived through these disruptive forces have had one common denominator: agility. It's not about reacting to disruption; it's about staying ahead of it.
Considering PQC as the context, agility means being able to take the entire trust infrastructure of a business and shift it, without disruption or preventing innovation, to meet emerging threats. Much of the work is behind-the-scenes—updating certificates, keys and secrets—but intrinsic to efficient, secure and well-managed operations. Organizations that start now, even if making only very preliminary efforts, will avoid any disruption when quantum does arrive.
To get an organization moving on a PQC strategy, executives must have both a ground-up and top-down awareness of their risks.
Approaching from the foundation up, technology leaders should have 100% visibility in their assets. This means that all machine identities, like digital certificates and cryptographic keys, are accounted for. Imagine if an unseen certificate expired, exposing a business' sprawling network of digital data like an open door in a dark house. Frightening, right? Now imagine several open doors in your cryptographic house, and you forgot a flashlight to go look for them. In fact, you don't even own a flashlight.
Managing machine identities is impossible when you can't see them. For technology leaders, implementing an audit of cryptographic assets can be like turning the lights on in that dark house. Audits can tell technology leaders where keys are, what algorithms they use and how they're managed, even ranking them by greatest risk depending upon the depth of the assessment. An inventory like this ensures that trust is maintained across an organization's interconnected system,rather than pieced together in a patchwork of knowledge.
Looking from the top down is also important to building a scalable, secure enterprise that can be agile. This means that leadership—and not just your CISO—should be having regular discussions about the impacts of quantum computing on the organization. This might include a review of cybersecurity policies, checks on overall cryptographic health and conversations about practicable roadmaps for deploying quantum-safe algorithms.
By building PQC awareness through the board and C-suite, organizations can ensure that their cryptographic strategies are front and center in conversations about business health—a great place to start, considering that quantum is expected to impact all organizations in the near future. Quantum literacy for boards and stakeholders is becoming more integral to strategy, so addressing realities and risks head-on is key, especially if resources must be allocated to protect a business. Boards need to understand that this preparation is not for a theoretical future, but a fast-approaching reality.
Getting a business' cryptographic house in order is not an overnight project. It's a journey that demands planning, prioritization and proactivity. Since the transition to PQC is a major time- and work-intensive shift for businesses, it's of critical importance that they start now. Delaying discussions or even preliminary assessments of cryptographic risks will only further expose organizations when quantum does arrive. Denying or waiting for quantum's approach also means a smaller and smaller market share for those who procrastinate.
I believe preparation for a post-quantum world will only increase in importance in the next 12 months. Machine identities continue to proliferate, and PQC migrations will need to accelerate alongside this growth. There will not be time for organizations to scramble. If operations are stalled or disrupted due to a lack of a PQC strategy, that means sidelined goals and missed revenue for leadership. Enterprises need the right tools to maintain trust and scale securely, all while maintaining quantum agility.
Connectivity and trust are what keep an organization competitive. Those who can maintain this trust and move quickly, emphasizing proactivity over reactivity, are the ones who have the greatest competitive edge. Preparation for a quantum future is no different from other hurdles this industry has faced, though the stakes are much higher.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
