Organisations are aware of quantum computing security threats – but are not taking action yet

Quantum computing promises much – but are organisations secure enough to make the most of it? According to a new report from the Cloud Security Alliance (CSA), companies are aware of the risk of quantum computing but not yet ready to take action.

The alliance had previously put together the Quantum Safe Security Working Group (QSS WG) to assess the risks of the emerging technology. According to today’s report, which polled more than 100 CSA members with more than 90% working in either IT or information security, only 14% said they were not aware of quantum computing and its impact on data security. In contrast, only 12% said they were ‘very confident’ in their current security options to protect against quantum attacks.

Quantum computing differs from classical computing in that it has the potential to find patterns and insights based on data which does not exist, rather than finding patterns in vast amounts of existing data. Its potential applications include improving security through quantum physics and enhancements to machine learning and artificial intelligence. Readers of this publication will be aware of quantum computing through the work IBM – who, it has to be said, are experts when it comes to research and development of emerging technologies – is doing.

So what threats are there – and how are organisations taking measures against them? In essence, quantum computers will be able to break all public key systems and render them vulnerable. Yet only 40% of respondents today said they were working to future-proof their data to protect against the threat.

When it came to specific quantum-safe technologies, respondents were most likely to be aware of longer symmetric keys and longer hash functions, as opposed to quantum random number generation and key distribution. The report added that many respondents do not believe a one-size-fits-all solution yet exists to counteract quantum threats effectively.

It’s worth noting at this juncture that while the sample rate was comparatively low, the CSA argues the data provides a ‘valuable snapshot of the perception of quantum-safe issues in the industry.’

“While there is still a tremendous amount of work to be done in convincing the industry of the importance of including the threat of quantum computing in enterprise security strategies, the good news is that there is a great deal of interest in learning more about the threat quantum presents and how it can be mitigated,” said Jane Melia, CSA QSS WG co-chair in a statement.

“This latest report provides an excellent context for moving forward in our efforts to educate the industry.”

You can read the full report here (email required).