The Coming Quantum Computing Storm: How can Identity best prepare?
During the last 20 years many areas of technology development seemed to speed up dramatically. Identity management as part of cybersecurity, has undergone an incredible transformation, at a rate which no one could have predicted.
But few areas moved as fast as quantum computing is developing today. The speed of progress is impressive with advances in capability, which once seemed near impossible, being achieved in relatively short time frames. This is no surprise as some of the largest technology companies in the world, as well as nation-states, from China to the US, are investing heavily in progressing quantum computing. As an example, in March this year, the UK announced a further £2.5 Billion investment to make the UK a leader in quantum computing.
Within a couple of years, we’re likely to be in a markedly different world from where we are today. This will be driven by the extent of data available today and the advance of AI technology, being combined with the potential of quantum computing increasingly becoming a reality.
The promise from quantum computing is two-fold: The first is the raw power which quantum computing brings, the exponential increase we’re likely to see in speed as a result of this increased power. The second - and possibly more impactful - is the kind of challenges which we can apply quantum computing to. Today, computing is based on binary systems, whereas quantum computing is multidimensional. Even with small, barely operating quantum computers, the work we can do is staggering.
As the largest organisations in the world and nation states are scrambling towards this technology due to the vast promise quantum computing brings, conversation and planning around quantum computing need to encompass both the positive impact and the potential for misuse. While quantum computing represents a seismic opportunity and a huge leap forward for computing capabilities, the challenges running parallel to these opportunities also need to be addressed.
Key Concern: Supercharged Attacks
One of the main concerns, from a security perspective, is that for most kind of attacks the associated computing might of quantum could supercharge these assaults, making them faster, and more efficient. It is likely to be easier to hide an attack within the noise of the huge data sets. Easier to jump across attack vectors, to move laterally, and to ultimately avoid detection or at least make it significantly more difficult. We know that identity is security’s frontline in 2023, which means identity is on the frontline of this challenge, too.
Preparation
While quantum computing undoubtedly introduces multiple challenges for security and identity teams, there are actions we can take today to start preparing.
Firstly, ensure that you have an awareness in your teams of the evolving real-life capability of quantum computing, and get familiar with some of the new technology ecosystem. Have an understanding in your teams of what quantum computing – realistically - can and cannot be used for today. Both in attack and defence. The technology is evolving rapidly, so that picture changes fast.
Just as important is to double down the focus on identity security best practice. Limiting access, especially privileged access. Effective governance. Linking detection and response with Identity security directly. Educating your teams on the evolving threat landscape and its implications for Identity Security and broader Cybersecurity.
We are yet to see a large-scale attack using quantum: The technology remains too embryonic for that. However, the kind of attacks which we are seeing are ones who prey on organisations not using appropriate authentication methods or failing to use least privilege or zero-trust models. The primary advice is to understand your own systems, applications and access systems and move towards a comprehensive identity-centric approach to security. The storm that is gathering will force this agenda and make applying best practices an even bigger priority for all.