Quantum computing: The Data Security Conundrum

Clyde Williamson and Nathan Vega

14 March 2024

*In the field known as quantum computing – which according to one definition from IBM is a “rapidly-emerging technology that harnesses the laws of quantum mechanics to solve problems too complex for classical computers" – how does this technology (however or whenever it comes along) affect security? Cybersecurity is a major spending and operational concern for wealth managers and private banks. To explore this topic is Clyde Williamson, chief security architect, and Nathan Vega, vice president, product marketing and strategy at .*

*The editors of this news service are pleased to share these ideas; the usual disclaimers apply. Email tom.burroughes@wealthbriefing.com if you want to respond.*

Ensuring that operating systems and data are secure are among the greatest challenges of digital technology. In response to this, sophisticated algorithms have been designed to encrypt data and protect it through frameworks known as symmetric cryptography. While this has proven successful, advancements in quantum computing *–* which utilises quantum mechanics to solve complex problems faster than conventional computers *–* could potentially turn data security on its head.

IBM, Microsoft and Google have already turned their attention to quantum computing and, as a result, commercially viable quantum computers are not too far from becoming a reality. In fact, the global quantum computing market size in terms of revenue, which was estimated to be $866 million in 2023, is poised to reach $4.375 billion by 2028, growing at a CAGR of 38.3 per cent from 2023 to 2028.

This is raising concerns that these computers might pose a threat to current public-key cryptography algorithms and potentially expose sensitive data. As such, data security needs to be a step ahead, with more advanced cryptographic algorithms that minimise potential risks and ensure the safeguarding of data in a quantum computing world.

**A crack in our data security**

Quantum-resistant data security is a concern as current approaches to data protection use algorithms that traditional computing power would take several years to crack. The improved processing power of quantum computing would, however, reduce this time significantly and its ability to solve mathematical problems and speed up certain complex mathematical computations could result in the encryption algorithms that we use now becoming obsolete. This would create risk detrimental to businesses, universities, governments and more.

This is supported by a Forrester study that anticipates that quantum computers will be able to crack all current crypto systems in the next five to 30 years, with a majority claiming that there is an up to 70 per cent chance of this occurring in the next five years. As such, it is no wonder that Gartner has stressed the importance of preparing for quantum’s impact by encouraging the promotion of privacy-enhancing technologies in anticipation of the quantum era. This is a valid suggestion as some classical cryptography algorithms will not be able to stand up against quantum computing’s processing abilities and will succumb to a brute-force assault.

However, while quantum computing is widely considered a potential risk for data security, it could potentially also be a part of the solution, as quantum cybersecurity may provide a more robust and compelling opportunity to safeguard critical data.

**Quantum cyber security**

According to IBM, quantum computing can aid in providing a more robust way of safeguarding critical data than current offerings. In particular, quantum machine learning and quantum random number generation are believed to provide a viable solution to securing data while at the same time wielding the power to detect and deflect quantum-era cyber attacks before they can cause harm.

As encryption is often a key component of data security, adopting quantum-resistant cryptography will be critical to protecting people and adhering to privacy regulations. However, as quantum computing is not widely used as yet, it is unlikely that we will be able to harness quantum computing power to develop a quantum-proof approach to data security for a few years.

Thus, before quantum computing becomes widely adopted, most likely as Quantum-Computing-as-a-Service, it is critical to stay a step ahead of the potential threat and develop a quantum-proof solution now, rather than wait for quantum computers to break the current data encryption models.

**A quantum-proof approach to data security**

To prepare for the quantum revolution, companies need to assess their cybersecurity infrastructure and identify potential vulnerabilities to quantum computing. Some traditional forms of data security will be made obsolete with the mass rollout of quantum computing. However, it is believed that others are capable of withstanding the potential threats of this evolving technology.

Tokenization, which uses randomisation to substitute a real value for a token that conceals that value, is believed to be a viable data security option against quantum computing. This randomisation is a powerful data security tool which, unlike key-based encryption that uses mathematical formulae or proofs to ensure the integrity of the algorithm, stores data with random but reversible tokens which cannot be decrypted with a mathematical solution.

Furthermore, tokenization substitutes the real value with a token consistently across the enterprise which means that data can be joined in a protected state to power AI, ML, data analytics initiatives and other applications that require data from multiple siloes to drive business outcomes.

**Preparing for the quantum future**

The emergence of quantum computing is a double-edged sword. While it is expected to bring groundbreaking possibilities to data security, the risks it poses are equally concerning. As such, preparation for its arrival needs to be done today to keep data secure in the future. This is supported by IBM, which states that while quantum computers are not yet commercially available, there are significant advantages to initiating quantum-proof cybersecurity solutions now.

This is particularly true as terrorist networks have access to the same technologies that businesses do. While businesses may use these tools to improve customer experiences and reduce costs, malicious actors will use them to gain access to data for other purposes. Already it is believed that threat actors are scraping data, which means that they are stealing and holding onto data until quantum computers are more easily available to decrypt it. To overcome this threat, companies need to be implementing quantum-proof solutions today to ensure that data remains secure well into the future.

**Securing data today**

Although much is unknown about the impact quantum computing will have, we do know that we cannot wait for it to become commercially available before implementing more stringent security measures to withstand the threat of its computing power. As such, investing in data security today is critical to safeguarding data against emerging threats such as those presented by quantum computing.

To mitigate future privacy threats, companies need to rethink how they keep data secure. While quantum computing and data scientists are working to develop solutions that could potentially be quantum-proof, companies stand to benefit from implementing solutions today that are considered secure against threat actors and quantum computing alike as a first step to implementing a multi-layered approach to futureproofing data security.

This can only be achieved when companies prioritise data protection and move beyond only focusing on the perimeter. This is best achieved by partnering with a company, such as Protegrity, which has extensive experience in identifying and classifying sensitive data and safeguarding it with solutions that will stand up against quantum computing to keep data secure today and in the future.