Big Data Security In A Post-Quantum World
As we enter year two of the quantum decade, it’s time to act now. The computing world stands on the threshold of something equal parts exciting and alarming. The age of the quantum computer is almost upon us, and it is going to radically change the way we think about big data management and security. The “Quantum Revolution” is predicted to have a greater impact than the internet on all aspects of modern life.
Data is undeniably big, but it’s not all that clever. Quantum computers will offer significant advantages when it comes to data management. The exponential growth in computing power will reap myriad benefits in the fields of statistical modeling and medical research, for example. However, the same computational power creates a clear and present threat to the public key infrastructure much of the world depends on for data security.
It is, perhaps, already a cliché to talk about data as the oil of the Information Age. However, there’s no denying that in the digital economy, data is among the most precious assets of any organization because it yields opportunity. It informs all business decisions and can create a competitive advantage. But as organizations become increasingly data-rich, cybercriminals are becoming increasingly sophisticated and persistent. Our precious data resources are coming under attack.
Modern business depends on real-time access to data — anywhere, any time and on any device. Naturally, surfacing this volume of potentially sensitive data comes with challenges. Organizations need to make informed decisions about what data is available and where to ensure they provide their customers and users with the highest level of trust. At the same time, they need to balance regulatory compliance with the need for privacy and security.
Impact Of A Breach
Data breaches appear to have become a fact of life. It’s rare for a week to go by without another disclosure announcing thousands, if not millions, of records have been compromised. The breach landscape is changing, though. While accidental loss or human error still accounts for over a quarter of breaches, the main protagonists are malicious outsiders.
The modern face of cybercrime is far more organized and well-funded than you might expect. A recent report revealed that a significant proportion of malicious activity involved hostile states exploiting vulnerabilities exacerbated by the pandemic.
The impact of a breach may be wide-ranging. Setting aside the embarrassment factor, the average cost of a data breach last year (according to IBM) was $3.86 million. But how do we measure this cost? There are lost revenues arising from a disruption to operations and a lack of trust in the organization. There are remediation costs and potential financial penalties for a breach of regulatory compliance. There is the potential loss of proprietary data and intellectual property. In the case of negligence, there could even be criminal prosecution and imprisonment.
It is in the area of critical national infrastructure where the impact of a breach reaches another level. Hackers and rogue states have been increasingly targeting utility networks and public services in a high-stakes game that elevates risk to an existential level.
In the battle between cyberattack and defense, the defenders are frequently playing catch-up, evolving protection technologies like firewalls and anti-malware solutions to address emerging threats. With the arrival of the quantum computer, will this balance shift even more in favor of the cybercriminal, or does the quantum age offer something for the cybersecurity community, too?
Why Is Quantum Cryptography So Important?
The world’s cryptographic systems rely on complex algorithms and keys to protect data, both at rest and in motion. These codes are difficult to crack with classical computers but would pose significantly less of a challenge to a quantum computer.
A quantum computer’s ability to solve complex problems in a fraction of the time that a traditional computer could means it will also have the power to easily crack even the strongest encryption algorithms, undermining the public key cryptography we currently rely on.
While quantum computers are currently prohibitively expensive to build and run, players such as IBM and Google have demonstrated their practical applications, and it’s likely they will become mainstream in the next 5-10 years. What can we do now to secure data and systems against the future quantum threat? The answer lies in other quantum technologies that exploit the fundamental principles of quantum physics.
Cryptographic systems have two primary functions: ensuring the confidentiality and authenticity of data. A system’s security is determined by the strength of its encryption keys, and quantum technologies are already in use today to enhance the security of traditional encryption solutions.
Quantum key generation is changing the way organizations secure data. As key security is dependent upon entropy (the degree of randomness used to create the keys), quantum random number generators (QRNG) are being used as a genuine source of randomness to create secure keys and help protect the authenticity and integrity of data.
Confidentiality is addressed through quantum key distribution (QKD). QKD leverages the fundamental principle of quantum physics that observation causes perturbation. This means that if your key is intercepted (by a hacker) as it is transmitted within a communication network, you (the originator) are alerted to the fact. The corrupted key can then be discarded before it is used to encrypt data. At the end of the day, only valid secure keys are used, which ensures safe encryption and distribution of the data.
QKD networks have been deployed worldwide to secure data for banks and financial institutions, governments, communications networks, critical infrastructure and medical organizations; my company has been building commercial QKD solutions since 2007. QRNG solutions are also in place around the world, with our QRNG chip having recently been miniaturized for use in mobile and IoT applications, including secure mobile handsets and banking apps.
Quantum technologies are evolving at speed, with investment from state governments and global corporations helping to drive research and innovation across many sectors. One of the biggest markets for quantum computing will be the service sector, where QKD could be utilized for applications such as “cryptographic keys as a service,” helping secure financial transactions and data transmission.
As we march toward the bright new dawn of the Fourth Industrial Revolution, the demand for big data management and cryptocurrencies will only intensify. Quantum technologies will play a major role in how we manage and secure this data in the future, with the solutions for the ultimate security authentication in the virtual world being determined by physics. As the technology landscape continues to shift, new battle lines will be drawn between cybercriminals and cybersecurity professionals. For now, it looks like quantum technologies may hand the advantage back to the good guys.
This article originally appeared on forbes.com, to read the full article, click here.
Nastel Technologies helps companies achieve flawless delivery of digital services powered by middleware. Nastel delivers Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s Navigator X fuses:
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering tools for Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT, IBM Cloud Pak for Integration and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics