Recent advancements in quantum computing, including improvements in qubit count, coherence time and gate fidelity, have yet to provide a practical edge over classical computers.
That was the conclusion of Forrester’s 2024 Quantum Computing Trends report.
Quantum systems remain experimental and are unable to deliver the large-scale results needed to rival traditional computing methods. So far, Forrester analysts believe that, although there has been massive progress, there still hasn’t been a genuine breakthrough with the technology. But it’s only a matter of time. When that breakthrough does come it will bring with it an abundance of opportunities, as well as challenges, including dangerous new cyber threats. The Global Risk Institute estimates that by 2030 there will be an 11% to 31% probability that quantum computers will be able to crack the most prevalent cryptographic methods.
Many experts predict that real-world, widespread applications of quantum computing are still at least a decade away, but it seems to be inevitable. So much so that the industry is already talking about Post-Quantum Computing (PQC).
This refers to the era of computing that will follow the widespread use of quantum computers, particularly in terms of cryptography. As quantum computers become more powerful, they will be able to break current encryption methods widely used for securing data online. PQC focuses on developing new cryptographic algorithms that are secure against quantum attacks.
These new algorithms, known as post-quantum cryptography, aim to create encryption systems that will remain secure even when quantum computers are capable of solving complex mathematical problems that classical computers cannot. The field is crucial because it prepares current cryptographic systems for the arrival of quantum computers and ensures that data remains protected in a quantum-enabled world.
Avishai Sharlin, division president, product and network at multinational tech firm Amdocs, believes that PQC will likely take a big step forward in 2025 as businesses and governments start adopting Quantum-Safe encryption to secure their data.
National Institute of Standards and Technology
In August 2024, the US Department of Commerce’s National Institute of Standards and Technology (NIST) officially finalised the first set of encryption algorithms designed to withstand the potential threats from quantum computers. These include algorithms like Kyber (for key exchange), NTRU (also for key exchange) and FrodoKEM. These standards mark a significant step in securing digital communications and data against the advancements in quantum computing, which have the potential to break current cryptographic systems like RSA and ECC.
“With the NIST having finalised the key algorithms needed for PQC, companies will soon be integrating these into their security systems,” Sharlin says. “The move will also require updates like Java 21+, which is essential for managing quantum-safe encryption keys. For industries that deal with sensitive information, transitioning to quantum-resistant tech will be critical in staying ahead of emerging cybersecurity threats.”
NIST says the three new standards are built for the future. “Quantum computing technology is developing rapidly,” a NIST spokesperson says. “And some experts predict that a device with the capability to break current encryption methods could appear within a decade, threatening the security and privacy of individuals, organisations and entire nations.”
Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio, says: “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security.
“These finalised standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.”
Sharlin agrees these new standards are crucial. “I think it’s very significant,” he explains. “First of all, now there is a standard you can ask or demand the industry to complies with it. This is important because then you can say ‘by this time, I’m expecting you to support this standard and this protocol, and by that time, I’m expecting you to step up to the next level’ and so on.
“So the fact that the industry will start to align is very important. And if those standards didn’t exist, and you had nothing to align to, it would be more like sounding the alarm without a real panacea – without anything that can assist you to solve it.
“Then you’d see hybrid solutions, proprietary solutions, or ad hoc solutions trying to bridge a gap. Now that there is a standard, now that you know that you can adopt it, I believe that you’ll see the different vendors starting to align around it.”
But there are many challenges that organisations face in trying to transition to post quantum computing and in integrating quantum safe encryption.
“I would say that everything starts with understanding that there is a threat,” Sharlin explains. “Many organisations are saying quantum computers will come only in 2030, maybe even later.
“You can hear some of the mega players in the market saying ‘yes, it’s a threat but you still have many, many years before it will come, so, for now you can relax a bit’. I think it starts there.
“The first thing an organisation should do is to understand that the threat is real and it’s near. It’s near in the sense that it’s coming and relatively fast.
“Secondly, assuming we have the awareness, what can be done? You need to map your applications. You need to understand how big of a threat it is, and you need to understand what encryption algorithms are being used today, and in what shape and form. Do I use Java? Do I use Kubernetes? And then, for those, I will need different methods. If my software runs on Kubernetes, I will need the new release of Kubernetes to support the PQC algorithms that can assist me. If I’m running Oracle JDK, I will need the latest release of the software.
“In general, I need to know what I have. I need to map my applications and my working floor and my working protocols, and I will need to set a clear understanding of what needs to be done for each of them.
“We know that some of those elements are not available on the market today. But we talk about awareness, we talk about mapping, and we also need to understand that at a given point I will need to start implementing it. So I have to know what needs to be implemented and when it’s available in the market so I can adopt it.
“If I need now to refactor my entire applications, it’s a mega effort, and therefore you’re starting to see that putting aside the awareness and the mapping and everything it’s a big drill. It’s something similar to what happened in the year 2000. People need to convert and need to go through the entire set of applications to see how they can adopt themselves to the post quantum computing era.”
There will be an increasing need for relevant skills that are scarce in the market today. Education and centres of excellence will be required to help organisations prepare, according to Sharlin.
“The next big issue is to start building your skills,” he explains. “So putting aside the awareness you need the skill set to be ready once the relevant software is available, and then you need to put a plan in place. So I would call 2025 the year that you need to map your applications. Understand where the weak points are, map the dependencies, the processes, and get the organisation starting to align and to map what needs to be fixed, which applications. What is the priority? When do we believe things will happen in terms of the relevant software to support it?
“And this is preparation. In some pockets, you already start to see PQC solutions, and then it means that you can start experimenting with them, train your people and understand the implications around.”
The risk factor
So is this something that all organisations should be concerned about? Sharlin believes that governments and the military will be the first to adopt PQC, making sure that the data that they store and use is protected.
“Then you’ll go into the very important heavy lifting secured environments, such as insurance and banking, definitely the telcos,” he says. “I see it coming, but a person working in a very small shop will be the last priority. Enterprises, though, will be prioritised by the risk factor.
“We need to remember that majority of the risk lies not with the new startups that started their journey recently, probably with the latest and greatest technology. It lies with the heavy lifting enterprises that are using many applications with old versions of Java and old versions of different encryption technologies. Those will need to be changed.”
Cybersecurity is one of the most frustrating areas to work in, according to Sharlin, because every day you’re waking up to a new threat.
“Maybe one threat a day would be a good day,” he says. “Usually it’s like 100 new threats every day. I don’t see it ending. The threats are there and even bigger threats are coming from nations, rather than just individuals. Threats are becoming harder to stop. The state of mind of a cybersecurity should that there will be a penetration. Therefore, you need to understand what happens once it is revealed.
“This dictates the way you operate and the way you protect your assets. This is something that quantum computing is going to interrupt, for sure. All the virtual currencies. All of them are using encryption. This can be broken. Suddenly, it’s like someone getting access to your bank account. So those will also need some changes to be protected.
“I’m not saying protecting them is not doable, but it will need some attention as well. The Bitcoins of the world will need to adopt themselves into this era as well.”
Post-quantum computing is certainly expected to be able to help keep companies and their data secure as the prevalence of quantum commuting and associated attacks increase. But it will just be a new, and important tool, in the CSO’s toolbox. Cybersecurity teams and their expertise will remain essential.
It’s a fight between good and evil, according to Sharlin. “The work is not over,” he warns. “And it won’t end with PQC, because not everybody will migrate in time, and there will still be many gaps that can be exploited, maybe not in that area – maybe in others. So the cyber is not going to disappear.”
Photo by Attentie Attentie on Unsplash
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
