Forrester report reveals ‘baby steps’ towards post-quantum encryption – Arqit comments
July 2024 by
Despite high-level awareness and mounting concerns about the impending quantum threat, a new Forrester report reveals that security leaders are still "taking baby steps" towards implementing post-quantum encryption (PQE), waiting for further developments, standards, and guidance. The report highlights the urgent need for organisations to prepare for Q-Day – the day when quantum computers will be capable of breaking current encryption methods.
Forrester observed that industry progress on PQE implementation has been slow. Although 71% of surveyed security leaders feel knowledgeable about quantum computing as an emerging technology, only 21% rank it among their top concerns. This underscores a significant gap between awareness and progress.
David Williams, Founder of Arqit, believes transitioning to quantum-safe encryption is non-negotiable for organisations:
"We talk about ’Q-Day’, but the threat to encryption is not in the future – it’s here right now. Hackers are already harvesting data for future decryption and release. Just last month, a group of criminals published extremely sensitive patient data online, including cancer blood test results, following an earlier cyberattack on an NHS testing database. But unfortunately, this report confirms what we all suspected – the risk is recognised, but follow-through in the Enterprise sector is lacking. Frankly, that’s like smelling smoke but waiting to see flames before evacuating.
"What we do know, from projects that Arqit has been able to announce and others, is that Government organisations are responding to The White House NSM-10 instruction and are implementing symmetric key protections now and others around the World are doing the same. Telecoms companies are also implementing symmetric key protections this year. This puts Arqit in a unique position because we have been able to demonstrate and announce that Arqit alone has software that creates quantum safe symmetric keys at end points that meet the requirements of relevant NSA CSFC and NIAP standards or components.
“Enterprises must act now, not take ’baby steps’. The White House has already urged NSS users to deploy symmetric key protections because new PQAs are not regarded as likely to achieve sufficient maturity in time. Why should large enterprises with critical infrastructure or information think differently? By waiting for new guidelines or industry progress, enterprises have become sitting ducks. Symmetric Key Agreement is the immediate answer to the problem and Arqit’s product is available globally through Intel, Fortinet, Juniper and others. When implemented as part of a zero-trust framework, this approach is entirely future-proof – removing the need for constant and costly upgrades as quantum computing advances, and also removes immediate threat vectors like spoofing because it delivers continually rotating authentication.
"It’s unrealistic to rely on a hope that quantum computers won’t break encryption within 3-5 years. Betting on a hunch that human progress will stall isn’t a rational way to protect critical data assets. Organisations need a solid strategy for data security, with symmetric keys at its core.”