Does cryptography offer data protection a quantum of solace?
Quantum computers currently sit at the five-year horizon of market-ready products. For now, they are the preserve of well-funded research environments, which in this country means locations like University of Cambridge Computer Laboratory, where some of the results of £300 million in Government funding into quantum research were unveiled last week as part of the CW (Cambridge Wireless) Technology and Engineering Conference.
What emerged during the event is the enormous potential which quantum computers represent, with the technology already outpacing Moore’s Law (which states that compute power doubles every two years). Quantum could help other technologies that are still trying to find their adoption point, like the internet of things, become reality because the back-end data output will be capable of being processed, analysed and therefore turned into value.
But there’s a problem. Those well-funded research environments are not restricted to good actors, like the UK government, but are also being run by bad actors, from rogue or suspect governments through to organised crime with an eye on even bigger financial returns.
Little wonder that one of the themes to emerge from the conference was a warning about the need to improve how those data flows are protected. “The massive processing capabilities found in quantum computers will challenge our current beliefs around complexity and security,” said Michael Brown, CTO at ISARA Corporation, who posed the case for “quantum-safe cryptography”, which is resistant to quantum algorithm attack. Brown warned that, “we need to be making changes now to protect data in the future.”
If you have watched almost any crime or thriller film recently, you will already have seen this scenario played out. Hero or villain needs to access some information which is behind a firewall or encrypted. Step up the computer specialist who launches a brute force attack - running through every possible combination of the encryption codes. Usually, the desired information gets unlocked in seconds. In the real world, currently, it could take hours, days, weeks or even years. With quantum, that could shrink to the real-time timeframe seen in fiction.
Even the best information security layers right now are expected to crack under the weight of bad actor attacks within three to five years, meaning almost any data asset will soon be wide open. With quantum computing in the wrong hands, that tipping point is brought forward to the next 12 to 24 months.
But just as black hats are often the most-rapid adopters of new technology, the cultural change taking place across business and government right now, especially in the UK, can put the white hats ahead of their charge. With the funding in place and the co-ordination taking place within groups like CW - a not-for-profit community of companies involved in the research, development and application of technology - that window of opportunity is real and now.
For businesses on the sidelines of this technology arms race, there is no reason to panic - only to look once again at existing data protection processes and consider whether they are future-proof. Data minimisation, anonymisation where possible, adoption of customer-managed information procedures and even (eventually) blockchain-based transactions are part of making sensitive information safe. Nobody can have 100% secure data, but each quantum of improvement helps.