Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Preparing for a Safe Post-Quantum Computing Future
DigiCert released the results of a global study exploring how organizations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future. Key findings reveal that while IT leaders are concerned about their ability to prepare in the timeframes needed, they are hampered by obstacles which include lack of clear ownership, budget and executive support.

Quantum computing harnesses the laws of quantum mechanics to solve problems too complex for classical computers. With quantum computing, however, cracking encryption becomes much easier, which poses an enormous threat to data and user security. 

"PQC is a seismic event in cryptography that will require IT leaders to begin preparation now. Forward-thinking organizations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024," said Amit Sinha, CEO of DigiCert.

Study Highlights

Ponemon Institute surveyed 1,426 IT and IT security practitioners in the United States (605), EMEA (428) and Asia-Pacific (393) who are knowledgeable about their organizations' approach to post-quantum cryptography.

Key findings from the study, sponsored by DigiCert, include:

  • Sixty-one percent of respondents say their organizations are not and will not be prepared to address the security implications of PQC.
  • Almost half of respondents (49%) say their organization's leadership is only somewhat aware (26%) or not aware (23%) about the security implications of quantum computing.
  • Only 30% of respondents say their organizations are allocating budget for PQC readiness.
  • Fifty-two percent of those surveyed say their organizations are currently taking an inventory of the types of cryptography keys used and their characteristics.

Challenges organizations face to be ready for a safe post-quantum computing future

Key findings indicate that security teams must juggle the pressure to keep ahead of cyberattacks targeting their organizations while preparing for a post-quantum computing future. Only 50% of respondents say their organizations are very effective in mitigating risks, vulnerabilities and attacks across the enterprise. According to the research, ransomware and credential theft are the top two cyberattacks experienced by organizations in this study.

Forty-one percent of respondents say their organizations have less than five years to be ready. The biggest challenges are not having enough time, money and expertise to be successful. Currently, only 30% of respondents say their organizations are allocating budget for PQC readiness.

Many organizations are in the dark about the characteristics and locations of their cryptographic keys. Only slightly more than half of respondents (52%) say their organizations are currently taking an inventory of the types of cryptography keys used and their characteristics. Only 39% of respondents say they are prioritizing cryptographic assets and only 36% of respondents are determining if data and cryptographic assets are located on-premises or in the cloud.

Very few organizations have an overall centralized crypto-management strategy applied consistently across the enterprise. Sixty-one percent of respondents say their organizations only have a limited crypto-management strategy that is applied to certain applications or use cases (36%), or they do not have a centralized crypto-management strategy (25%).

To secure information assets and the IT infrastructure, organizations need to improve their ability to effectively deploy cryptographic solutions and methods. Most respondents say their organizations do not have a high ability to drive enterprise-wide best practices and policies, detect and respond to certificate/key misuse, remediate algorithm remediation or breach and prevent unplanned certificates.

Organizations recognize they are lacking the expertise to stay out in front of post-quantum requirements. As a result, hiring and retaining qualified personnel is the most important strategic priority for digital security (55% of respondents). This is followed by achieving crypto agility (51% of respondents), which is the ability to efficiently update cryptographic algorithms, parameters, processes and technologies to better respond to new protocols, standards and security threats, including those leveraging quantum computing methods.

To be ready for post-quantum computing, organizations need to have a strategy that includes backing by senior leadership, visibility into cryptographic keys and assets, and centralized crypto-management strategies that are applied consistently across the enterprise with accountability and ownership.

Read the Full Report: Preparing for a Safe Post-Quantum Computing Future

Published Wednesday, October 18, 2023 1:48 PM by David Marshall
Filed under:
Get This Featured White Paper: Revisting SDN - Why Your VMware Alternative Should Include Integrated Networking
You may also be interested in this white paper: Developing a Comprehensive Windows Application Strategy with Liquidware Essentials
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
capacity-europe
APIWorld
CGDC
HAF
IPSF
vExpert
Calendar
<October 2023>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234