Preparing for the Quantum Future: The Urgent Need for Post-Quantum Cryptography

In a rapidly evolving digital landscape, the advent of quantum computing poses a significant threat to traditional encryption methods. Despite the National Institute of Standards and Technology (NIST) recently publishing its first three finalized post-quantum encryption standards, many organizations remain unprepared for the impending quantum threat. A new report from the Entrust Cybersecurity Institute highlights this alarming gap, revealing that a substantial number of organizations have yet to take action.

The NIST Standards: A New Era of Quantum Cryptography

In August 2023, NIST took a monumental step by releasing its post-quantum encryption standards, which provide essential guidelines for organizations looking to safeguard their data against the capabilities of quantum computers. These standards mark the beginning of a new era in cryptography, where traditional methods may no longer suffice against the computational power of quantum systems.

However, the report from Entrust indicates that while 36% of organizations globally are inclined to implement a strict post-quantum cryptography (PQC) plan, a significant portion is opting for a hybrid approach (31%) or merely conducting initial internal testing of PQC (26%). This hesitance to fully commit to PQC strategies raises concerns about the readiness of organizations to face the quantum threat.

The Current State of Readiness

Entrust’s findings reveal a stark reality: less than half of the surveyed organizations are actively preparing for the transition to post-quantum cryptography. More troubling is the fact that over one-third of respondents lack the necessary scale or technology to make this transition feasible. This lack of preparedness could leave organizations vulnerable to quantum attacks, which could compromise sensitive data and disrupt operations.

Samantha Mabey, Director of Digital Solutions Marketing at Entrust, emphasizes the shift in industry sentiment regarding post-quantum readiness. "While the questions around the post-quantum threat used to be ‘is it real’, the questions as of late are now ‘what do I need to do’ and ‘how’,” she states. This change in perspective underscores the urgency for organizations to act swiftly and decisively.

Barriers to Transitioning to Quantum Cryptography

The Entrust 2024 PKI and Post Quantum Trends Study identifies several significant barriers that organizations face in transitioning to quantum cryptography. Among these challenges, ownership, skills, and inconsistent requirements emerge as the top obstacles.

A staggering 51% of respondents reported a lack of clear ownership over the transition to PQC. This ambiguity can lead to confusion and inaction, as organizations struggle to determine who is responsible for implementing necessary changes. Additionally, 43% of organizations cited difficulties in inventorying their cryptographic assets, highlighting a critical lack of visibility into their current security posture.

Mabey notes, “Organizations know that the threat of post-quantum is inevitable and impactful, but they lack the cryptographic visibility, skills, and computing power needed to effectively activate a plan.” This gap between awareness and action is concerning, especially as the quantum threat looms larger on the horizon.

The Path Forward: Activating Plans for a Quantum-Safe Future

As organizations grapple with the challenges of transitioning to post-quantum cryptography, it is crucial for them to prioritize the activation of their plans. The findings from Entrust’s study suggest that a major focus for organizations in 2025 will be on bolstering their visibility into cryptographic assets and preparing their teams for a quantum-safe future.

To effectively navigate this transition, organizations must invest in training and upskilling their workforce to ensure they possess the necessary expertise to implement PQC solutions. Additionally, establishing clear ownership and accountability for the transition process will be vital in driving progress.

Conclusion

The publication of NIST’s post-quantum encryption standards marks a pivotal moment in the fight against the quantum threat. However, the Entrust Cybersecurity Institute’s report reveals a concerning lack of readiness among organizations to embrace these changes. As the quantum landscape continues to evolve, it is imperative for organizations to take proactive steps to prepare for a future where traditional encryption methods may no longer suffice. By addressing the barriers to transition and prioritizing the activation of their PQC plans, organizations can better safeguard their data and ensure resilience in the face of emerging quantum challenges.