Keyfactor has partnered with IBM Consulting to enable organizations to accelerate adoption of post-quantum cryptography (PQC) before existing legacy encryption schemes might be cracked later this decade.

Under the terms of the non-exclusive alliance, the cryptographic discovery, public key infrastructure (PKI), digital signage and certificate lifecycle automation tools and platforms provided by Keyfactor will be incorporated into the global IBM Consulting cybersecurity practice.

Keyfactor CTO Ted Shorter noted that IBM, in addition to already having a lot of PQC expertise of its own, is also deeply involved in the development of the quantum computing systems that are expected to one day soon break most legacy encryption protocols.

The quantum computing platforms capable of cracking legacy encryption protocols are not expected to be able to achieve that goal until 2029. However, as the level of investment in these platforms continues to accelerate it’s possible those systems may become operational sooner. Of course, if a nation state is able to achieve that goal sooner, otherwise known as Q-Day, it’s not likely they would disclose it so data may be at risk for some period of time before anyone realizes.

Additionally, it’s suspected that some nation states have already begun to harvest encrypted data in anticipation of being able to decrypt it sometime in the future. How much of that data might have been already stolen is unknown, but cybersecurity teams should assume more encrypted data will be stolen in the months and years ahead as nation states and affiliated cybercriminal syndicates anticipate the arrival of more robust quantum computing platforms.

The issue, of course, is that currently it may require several years for an organization to migrate from legacy encryption scheme to PQC encryption that is resistant to being cracked by a quantum computer. Previous less ambitious migrations to new encryption schemes required as much as three years to complete, noted Shorter. Organizations should be starting the PQC migration process now if they hope to protect sensitive data, especially because it’s not likely artificial intelligence (AI) tools will have a significant impact on accelerating migrations, noted Shorter.

However, the scope of that challenge will probably require many organizations to enlist the expertise of global system integrators such as IBM Consulting, he added. In addition, there are likely to be a number of interoperability challenges when it comes to integrating PQC and legacy encryption schemes, noted Shorter.

Unfortunately, given all the competing priorities there are for limited amounts of funding, many cybersecurity teams are finding it challenging to convince business leaders that quantum computing represents a near and present danger that needs to be addressed sooner than later.

Inevitably, there will one day be multiple data breaches that will be traced back to a quantum computer that was used to crack one or more legacy encryption schemes. While that day may seem far off now, 2029 is only three years away, but when you add in weekends, holidays and vacations, the arrival of Q-Day might only be a little more than roughly 700 working days from now.