The world of cybersecurity is on the cusp of a paradigm shift. The looming threat of quantum computers poses a serious risk to current encryption standards, potentially rendering them obsolete.
In this VMblog Q&A, we speak with Karl Holmqvist, Founder and CEO of Lastwall, about their innovative solution, Quantum Shield. This interview will dive into how Quantum Shield leverages post-quantum cryptography to safeguard conventional network infrastructures and explores its impact on the evolving cybersecurity landscape.
VMblog: Tell me more about Lastwall and Quantum
Shield. How does it protect conventional network infrastructures with the
latest quantum cryptographic standards?
Karl Holmqvist: Lastwall is a leading
cybersecurity solutions provider specializing in highly secure,
identity-centric, and quantum-resilient technologies. Lastwall's core identity
platform has been deployed with the US Dept. of Defense since 2017. Our latest
innovation, Quantum Shield, is designed to protect conventional network
infrastructures using the latest quantum cryptographic standards. It leverages
a NIST pre-approved algorithm that integrates Post-Quantum Cryptography (PQC)
into the Transport Layer Security (TLS) layer of network traffic, significantly
enhancing security and ensuring resilience against emerging quantum threats.
VMblog: How does Quantum Shield integrate Post-Quantum
Cryptography (PQC) into the Transport Layer Security (TLS) layer and how does
it enhance security compared to traditional methods?
Holmqvist: Quantum Shield is a
drop-in Transport Layer Security (TLS) terminator with load balancing
capabilities. It replaces existing load balancers (using traditional
encryption) with minimal configuration and no ‘rip and replace' cost. Once
deployed, Quantum Shield immediately increases security by integrating PQC into
the TLS layer using a NIST pre-approved algorithm that provides quantum-safe
encryption. This integration ensures that even if a quantum computer capable of
breaking traditional encryption methods becomes a reality, the data protected
by Quantum Shield remains secure. By being crypto-agile, Quantum Shield can
quickly adapt to new algorithms approved by NIST, maintaining forward facing
compatibility and security.
VMblog: What specific challenges do 'Steal-Now-Decrypt-Later'
campaigns pose, and how does Quantum Shield address these threats more
effectively than current solutions?
Holmqvist: 'Steal-Now-Decrypt-Later'
campaigns involve intercepting and storing encrypted data with the intent of
decrypting it once quantum computers become capable of breaking current
encryption standards. By way of example, if a threat actor were to steal important
operational data about a power generation facility, they would be able to
decrypt that data in the coming years when a cryptographically relevant quantum
computer comes online. Given that this data will probably not change over the
course of the next 3-5 years, this is a pressing and urgent threat with
potential loss of life consequences. If this data were protected using Quantum
Shield, it would be resistant to decryption using quantum-safe algorithms,
stifling the success of the malicious actor or nation state
‘Steal-Now-Decrypt-Later' campaign. Quantum Shield addresses this threat by
using quantum-resistant cryptographic algorithms that are designed to withstand
attacks from quantum computers. This proactive approach ensures that
intercepted data remains secure right now, and in the future as new
technologies become available to those seeking to execute cyber attacks.
VMblog: With the impending release of updated guidance from NIST
on quantum-resilient algorithms, how does Quantum Shield ensure it remains
compliant and adaptable to these new standards?
Holmqvist: Quantum Shield is
designed to be crypto-agile, meaning it can rapidly update its cryptographic
algorithms with minimal configuration changes. This flexibility allows it to
stay compliant with evolving NIST standards and quickly adopt newly approved
quantum-resilient algorithms as they are released, ensuring ongoing protection
against emerging quantum threats.
VMblog: How does Quantum Shield's crypto-agile design allow for
rapid updates, and what measures are in place to ensure minimal configuration
changes during these updates?
Holmqvist: The product is released with auto updates enabled by default. It
has access to download both general and security updates from a private
repository where Lastwall engineers publish new releases. Lastwall's
customer success team is available to support users of Quantum Shield when
needed with questions related to product updates, while Lastwall's security
team ensures that the product remains current and secure as threats and attack
vectors continue to evolve.
VMblog: In what ways does Quantum Shield align with and support
Zero Trust principles, and how does this enhance its effectiveness in
protecting against advanced cyber threats?
Holmqvist: Zero Trust is a broad
topic, and depending on the reader, the definition can vary widely. In a broad
sense, the principle of Zero Trust can be interpreted as there exists no
implicit trust between two parties or services until they have mutually authenticated
with each other. This authentication procedure, and especially the data
contained within it, must remain confidential. If an adversary can spy on it,
they could intercept credentials and potentially impersonate a legitimate user.
Quantum Shield's TLS application of quantum resilient encryption keeps all data
safe, including the authentication session, ensuring that any data exchanged
cannot be decrypted and reused if intercepted. The integrity of Zero Trust
Architecture could be compromised by threat actors using stolen, valid
credentials. By ensuring encrypted data remains encrypted, Quantum Shield
prevents the efficacy of these attacks and bolsters true Zero Trust
Architecture.
VMblog: Can you share any case studies or success stories from
early adopters of Quantum Shield, particularly in the defense and critical
infrastructure sectors?
Holmqvist: While trial deployment
and capability testing has been conducted by the US Dept. of Defense, the
results are confidential. Given the increasing shift in cloud adoption and
IT digitization within government, defense, and critical infrastructure groups,
alongside current policy initiatives/mandates related to the implementation of
Zero Trust Architecture, Multi-Factor Authentication, Quantum Resilience, and
identity-centric security, Quantum Shield brings immediate value by bolstering
the security of these technology transitions and deployments.
VMblog: What sets Quantum Shield apart from other
quantum-resilient products in the market, and how do you foresee its adoption
impacting the overall cybersecurity landscape?
Holmqvist: Quantum Shield is
designed to ease the ever-increasing workload of CISOs, IT administrators, and
cybersecurity engineers by simplifying the process of achieving foundational
data security and quantum resilience at the transport layer. Used in
conjunction with other quantum resiliency products, it serves as the foundation
for true end-to-end quantum protection. As a first of its kind product, Quantum
Shield offers a fast, easy, and cost-effective solution for bringing enhanced
security while also matching the current operational and performance
characteristics of load balancers using traditional encryption. Delivered
directly to customers' AWS accounts via a one-click software installation,
Quantum Shield includes automatic updates, security patching, and easy
certificate management enabled by default.
The significant
importance of training and deploying quantum resilient solutions grows every
day as we inch closer to ‘Q-Day'; The day in which a cryptographically relevant
quantum computer is available. Quantum Computers fundamentally change the
underpinnings of the internet. Organizations that act now and move toward
quantum resilient IT infrastructure will have a strategic advantage in
operational security and forward facing threat mitigation while those who do
not will experience unparalleled disruption.
##