Why identity needs to be quantum-safe
We all know by now that quantum computers are likely to offer the capability to tackle some of the most challenging problems classical computers cannot solve today. But these devices are also altering the way we approach and think about cybersecurity.
Within the coming years, Quantum computers will pose an existential threat to the encryption standards that we all rely on for email, secure banking and other critical communication systems. Adding to this challenge is that quantum decryption can be applied retrospectively, in that the groundwork for a ‘collect now, decrypt later’ attack could be laid today.
The risk of quantum code-breaking is so pressing that the National Institute of Standards and Technology (NIST) has launched a process to develop the next generation of cryptography, and our algorithm (now known as Classic McEliece and developed in partnership with Professor Daniel Bernstein’s team) is the only ‘code-based’ finalist.
Yet, several misconceptions about post-quantum security still remain. Chief among them is that it’s only transmission infrastructure that will require an encryption upgrade to protect against the quantum threat, but this is a mistake. Even if a company has upgraded its transmission infrastructure, attackers will quickly realise that the identity system offers an easy weakness that can be exploited by a quantum attack.
Put another way: you could secure all your other encryption, but if an attacker can gain access to an identity system so they can impersonate an employee, then it’s plain sailing as they have ‘legitimate’ and hard to detect access into a variety of onward systems.
But making identity quantum-safe won’t be an overnight fix. For companies seeking to modernise identity management, it’s important to consider the additional effort, time and expense needed to retrofit an identity platform with quantum-safe encryption. Migrating to an identity platform now that isn’t engineered for the quantum-era could lead to exposure down the road as a skills crunch ensues that is likely to lead to a backlog of companies scrambling to be meet the quantum threat.
This is why we have built our sister company – Nomidio – to be the only identity provider to have developed a future-proof, quantum-ready identity service. No matter which algorithms eventually form the standard developed by NIST, our crypto-agile and backward compatible service means Nomidio can be made quantum-safe within days of the final standards being released.
When all is said and done, identity is the keys to the castle. The transition to becoming quantum-safe starts there, and that’s why we built a quantum-ready identity service: to help make this journey far simpler and more effective.