Isaras Scott Totzke answers top five questions on quantum-safe security in financial transactions <\/p>\n
A wide range of technology-driven sectors will be affected by the advent of universal quantum computing many experts say will happen by 2026, but the financial industry has particular reason to be concerned. <\/p>\n
The security standards behind secure email and internet connections are ubiquitous throughout fintech, protecting financial collateral as well as the most sensitive personal identity data in financial transactions. <\/p>\n
In fact, the fundamental activities that the financial industry relies on to function today can be stopped in their tracks whenever quantum computers capable of breaking the cryptography they use become commercially available, including: <\/p>\n
These are all integral to how commerce functions in the 21stcentury, and to how consumers connect with their finances. Financial institutions and fintech developers will have to update all of the systems using the affected cryptography, whether theyre built in-house, outsourced to partners, or provided by OEM partners. Try identifying parties required to coordinate upgrades to quantum-safe security and the scope becomes very wide for any one of the above activities. <\/p>\n
These are the top five questions for fintech decision makers to consider: <\/p>\n
Yes. If you store customer data, protect corporate information, or secure employee data, you are at risk. <\/p>\n
The first stage is understanding what systems and information you have at risk. Quantum readiness assessments help you identify your organisations quantum risks, develop an upgrade path, and deliver a plan to move forward. <\/p>\n
New technology decisions must consider long-term privacy and security capabilities. You need to begin by identifying privacy and secrecy obligations that extend beyond the time when quantum computers might become a real threat, evaluating solutions and planning your migration to quantum resistant infrastructure, and ensuring your security vendors have quantum resistant solutions on their roadmaps. <\/p>\n
The roll-out of a complete transition to quantum safe security should be complete before quantum computers capable of breaking your cryptography become commercially available. However, for some parts of your security systems, cryptographic agility to select classical and quantum resistant algorithms may remove any risk. <\/p>\n
Look for solutions being considered for standardisation, and prioritise acost-effective solution that provides the type of crypto agility you need to deploy quantum resistant algorithms that will protect your systems from quantum attacks. <\/p>\n
Like todays encryption technology, the leading candidates for standardisation already benefit from years of academic scrutiny and review of their security properties. <\/p>\n
Any technology that relies on public key cryptography, including emerging tech like blockchain, has built its security guarantee on that cryptography being unbreakable. If that cryptography is vulnerable to attack, then all the promise of the technology is lost, and the time and effort spent integrating that technology into your business offering is wasted. <\/p>\n
When quantum computers arrive, IT departments should already have migrated those solutions to quantum-safe encryption, a process that could take up to ten years in some cases. <\/p>\n
The key to adopting new technologies is to build quantum-safe solutions into them from the start, making a hybrid transition process possible wherever you can. <\/p>\n
By Scott Totzke, CEO ofIsara <\/p>\n
<\/p>\n