Phil Venables, VP, TI Security & CISO at Google Cloud, published a blog post titled "Cloud CISO Perspectives: Why we need to get ready for PQC." In his post, Venables emphasizes the importance of preparing for post-quantum cryptography (PQC).
Venables points out that quantum computers, while potentially powerful, pose a risk to existing cybersecurity technologies and practices. With the potential to crack the codes, or encryption, that protect our online communications and sensitive data, our online privacy and the security of our digital world could be at risk.
Fortunately, post-quantum cryptography (PQC) offers a secure way forward. The National Institute of Standards and Technology (NIST) has just finalized standards to guide the development of "quantum-safe" cryptographic systems.
Google is taking these risks seriously and has been taking steps on multiple fronts to address quantum computing risks. They began testing PQC in Chrome in 2016, have been using PQC to protect internal communications since 2022, and have taken additional quantum computing protective measures in Google Chrome, Google servers, and in experiments for connections between Chrome Desktop and Google products.
Venables stresses that preparing for PQC doesn’t need to be managed as a “big bang.” Board members should speak with their CISO, CIO, and CTO about developing a post-quantum cryptography strategy.
Some of the key reasons why we need to get ready for PQC now include:
* Business impact of cryptography failing.
* Migrating cryptography takes a long time.
* Harvest now, decrypt later.
* Standardization and upcoming regulations.
Venables also provides some tips for organizations to prepare for PQC, including:
* Implement a PQC strategy.
* Assess the business risk.
* Analyze the broader risk.
Finally, Venables emphasizes that the task of adopting post-quantum cryptography is substantial, and it's crucial for organizations to initiate the transition immediately.
