Cyber Resiliency

Post-Quantum Cryptography: A Strategic Imperative for Enterprise Resilience

Enterprise leaders must prepare for quantum computing's impact on cryptography and plan for a quantum-secure future.
By   |  

In the dynamic arena of technological advancement, quantum computing stands out as a monumental leap forward, poised to redefine the fundamental aspects of computing. Much like GenAI, its arrival pushes us to rethink how we can use these new advanced capabilities and, more importantly, what it means for the business of security. As we navigate this transformative shift, it is imperative for enterprise leaders to grasp the profound impact quantum computing may have on current cryptographic systems and to strategically prepare for a quantum-safe future.

In May of 2022, the White House penned a memorandum entitled National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems that provides guidance to help organizations mitigate the risk by implementing quantum-resistant cryptography. The U.S. government’s guidance is to engage with national security organizations and direct them to move toward adoption of new algorithms for firmware and software signing in 2025.

Dell is aware of this new need to help ensure a secure environment for our customers and is actively working to implement Post-Quantum Cryptography (PQC) in its solutions.

Decoding the Quantum Paradigm

Quantum computing is more than a minor technological advancement; it represents a fundamental change in how computers operate. While traditional computers use bits that represent either a 0 or 1 to process data, quantum computers use qubits. A qubit can be in a state of 1, 0 or any state in between, thanks to a property called superposition. This allows quantum computers to solve complex problems much faster than classical computers, which can only process one set of possibilities at a time. With these capabilities, quantum computing could lead to major advancements in industries like pharmaceuticals, where it could speed up drug discovery, and materials science, helping design new, stronger materials.

Yet perhaps the most critical frontier is its impact on cryptography, or the mechanisms we use to secure our systems and data such as encryption, hashing or the use of digital signatures. The quantum realm challenges our existing security protocols, demanding new strategies to safeguard sensitive enterprise data.

The Cryptographic Challenge

Current cryptographic methods, such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), form the foundation of today’s data security frameworks. These systems rely on the computational difficulty of certain mathematical problems. However, quantum computers can perform parallel computations, which can be exploited for certain algorithms like Shor’s algorithm to factor large numbers efficiently.

One way in which threat actors behave today is to harvest sensitive data that is encrypted and cannot be decrypted with traditional methods. They then save this data until new quantum technologies are able to decrypt it easily.

This potential new vulnerability necessitates a new approach to ensuring the security of our applications and data. Enterprises must anticipate and adapt to the risks posed by quantum computing to fortify their defenses.

Embracing Post-Quantum Cryptography (PQC)

The development of post-quantum cryptography is a strategic necessity because PQC aims to create cryptographic algorithms resilient to the capabilities of quantum computing. Research in this field spans lattice-based cryptography, hash-based cryptography and multivariate polynomial cryptography, among others. The pursuit of robust solutions across these areas is crucial for maintaining data integrity in a quantum-powered world.

As of August 13, 2024, National Institute of Standards and Technology (NIST) has released a set of encryption algorithms designed to withstand the attack of a quantum computer. NIST is also encouraging organizations to adopt these new algorithms as soon as they can.

Dell is already on this journey and has made upgrades to its encryption to AES256 in storage solutions where data is stored encrypted with Self Encrypting drives (SEDs). In addition, Dell’s drive vendors have AES256 encryption for SEDs and Dell’s data protection products have implemented support for software based AES256 encryption.

Industries on the Front Line

Organizations across all critical infrastructure sectors, particularly in finance, healthcare, as well as government and military, face heightened risks as quantum computing evolves. The stakes are high, with potential breaches carrying severe economic and societal consequences. These enterprises must lead the charge in adopting quantum-safe measures.

A Strategic Path Forward with Dell Technologies

Through our research, Dell understands that quantum computing will have a large impact on the current security landscape, making quantum computing a powerful tool for attackers. Cryptography, foundational to data and system security, must evolve. Enterprises must take decisive action to transition to quantum-safe security frameworks, and Dell Technologies stands ready to assist:

  1. Engage in the PQC ecosystem. Dell Technologies provides extensive resources and expertise to help businesses stay ahead of advancements in quantum computing and post-quantum cryptography (PQC). Our insights can help companies anticipate and effectively navigate future challenges.
  2. Evaluate security postures. Assess the data and systems in your environment to identify potential vulnerabilities in cryptographic systems and start preparing for future threats.
  3. Invest in Quantum-Safe Solutions. With a commitment to innovation, Dell Technologies provides cutting-edge solutions to explore and implement PQC strategies. We collaborate with industry experts to ensure alignment with emerging standards and technologies.
  4. Craft a transition roadmap. Develop and execute detailed transition plans, integrating quantum-safe infrastructure with clear timelines and resource commitments. Consumers of technology need to prepare now for 2035 to adopt quantum-resistant systems.
  5. Foster industry collaboration. Dell Technologies actively participates in industry forums such as the Quantum Economic Development Consortium (QED-C) and Quantum Cryptography and Post-Quantum Cryptography Working Groups as well as other partnerships to share insights and best practices, driving collective progress in quantum security.

As we near the quantum era, enterprise resilience depends on anticipating and adapting to the technological shift ahead. Dell customers have already engaged on this issue, aligning with the standardization of post-quantum cryptography algorithms in August 2024. Governments are mandating quantum-resistant systems, with major transitions expected by 2030 to 2033. While PQC implementation may take a few years, organizations should adopt security best practices today to ease tomorrow’s transition. By embracing PQC and preparing with Dell Technologies, enterprises can secure operations, drive innovation, and thrive in a quantum-powered world. Having strategic foresight and utilizing proactive measures are essential.

About the Author: John Roese

John Roese is Global Chief Technology Officer and Chief AI Officer at Dell Technologies. He is responsible for establishing the company’s future-looking technology strategy and accelerating AI adoption for Dell and its customers. He fosters a culture of innovation keeping Dell at the forefront of the industry while anticipating customers’ technology needs before they arise. From multicloud to AI, 5G, edge, data management and security, John and his CTO team are responsible for navigating the latest technology inflection points. As Chief AI Officer, John is focused on accelerating AI-driven outcomes and scaling generative AI initiatives that lead to human progress. John has a passion for going places nobody else has been and his career has mirrored this passion with moves across almost every technology domain, from enterprise to telecom to semiconductor to security. Prior to joining Dell in 2012, John was the CTO, CIO, CMO, GM and leader of several technology companies including Nortel, Broadcom, Futurewei, Enterasys and Cabletron systems. John is an established public speaker, published author and holds more than 20 pending and granted patents in areas such as policy-based networking, location-based services and security. In addition to his leadership at Dell, John plays a significant role in the broader ecosystem, including company boards (Blade Networks, Pingtell, Bering Media, Nexoya, Xerox Corporation). He also serves on industry boards (ATIS, OLPC, Cloud Foundry Foundation, Open Secure Software Foundation) as well as government and academic boards (Federal Communications Commission CSRIC 8, Purdue Research Foundation, NYU Wireless Industry Advisory Board