We’re almost a month into the New Year, but the old year’s concerns linger. In 2016, the general public heard more about the topic of cybersecurity than ever before. Unfortunately, the need for vigilance in our increasingly wired world isn’t going away anytime soon, if ever. As cybersecurity is a topic that looks to be front-and-center again in 2017, the pioneering quantum security leaders at QuintessenceLabs took some time to offer their thoughts on where we’ve been, where we are and even where we should be going.
Dr. Vikram Sharma, Founder and CEO:
In the business world, data security governance is growing in prominence, moving from discussions among security technologists to the board room. This means that awareness of the critical challenge of key and policy governance is growing.
Mark Crowley, COO and President of US Operations:
With the increased emphasis on strong key and policy management, we’re seeing a trend that responsibility for an organization’s cybersecurity is moving away from individuals toward the enterprise.
John Leiseboer, CTO:
In 2016, we saw a growing interest in key management (KM). Requests for KM systems supporting open protocols, centralized logging, and centralized policy controls are increasing. This trend indicates that people are beginning to realize that the difficult problem of key management is best solved with specialized, hardened, dedicated key management infrastructure that works across multiple endpoint encryption solutions.
From both business and government leaders, we’ve seen a much more aggressive public stance on passwords. In February even President Obama weighed in on the topic: change them, strengthen them, and use technology such as two-factor authentication to add layers of security.
Joseph Thomas, Technical Marketing Engineer:
The news headlines in 2016 continued to show that leveraging supposedly secure services can expose an organization to the vulnerabilities associated with the quality of encryption keys and key management practices.
Dr. Jane Melia, Vice President of Strategic Business Development:
Cybersecurity has now more than ever before entered the center stage of policy and international relations, and what we are doing to tackle the growing challenges. From China’s 2009 hack of Google to the OPM breach in July 2015, to the Russian-led cyber-attacks on the Democratic National Committee and attempts to sway our election, the impact of cyber-security now clearly extends beyond privacy, commercial interests to national integrity and security.
Encryption using high-quality encryption keys, following best practices to implement access control policies and separation of duties can keep your organization out of the headlines for reasons you didn’t intend now and well into the future.
Progress has been made in developing real-world, high-entropy random bit generators (RBG) that can be objectively measured and validated, one of the most important and fundamental components in all cryptographic security solutions. Several vendors have been selling high-entropy RBGs for a number of years. There is a clear trend away from deterministic RBGs (“pseudo-random number generators” that use algorithms to compensate for the non-random nature of computers) to non-deterministic RBGs where users have a real need for security.
There is an increased airplay around quantum, whether regarding the capabilities of quantum computers, the security threat of quantum computers, of the solutions that quantum cyber-security can offer.
What should happen?
In December, the White House’s Commission on Enhancing National Cybersecurity released the results of a nine-month study of America’s cybersecurity problems. Its recommendations, in a hundred-page report, cover a lot of ground, including securing IoT, the security of federal agencies, and the security hiring shortage.
One idea that would really help the average citizen navigate their way through a sometimes bewildering topic is to creating a system of security ratings for consumer products (such as EnergyStar ratings for appliances) – I vote in favor! However, delivering on this and the other recommendations will be in the hands of the new administration, and will require bold action to succeed. So far, we have not seen any concrete plans – I am watching carefully to see whether they give this serious issue the attention it deserves.