The looming quantum computing revolution is forcing a revaluation of how organizations approach cryptography, according to renowned cryptography expert Taher Elgamal. In a recent interview, Elgamal discussed how the quantum threat is driving a shift towards more enterprise-controlled encryption strategies.
Elgamal views the quantum threat as a catalyst for change in cryptography management.
“I look at the quantum threat as sort of the change agent because it will kind of force us to look back at how we build the cryptography in an enterprise and just manage it in a new way,” he stated.
A key aspect of this new approach is giving enterprises more control over their cryptographic infrastructure. Elgamal explained: “The most important thing is the enterprise needs to control things. You know, you don’t call the vendor of the firewall, ask them what my configuration should be. You actually do it as a customer.”
He contrasted this with the current state of cryptography, where enterprises often have limited visibility and control.
This shift is crucial because an organization’s cybersecurity risk is directly tied to its cryptography management.
“The enterprise risk, the cyber risk of an enterprise depends on how strong or how well managed that the cryptography infrastructure looks like,” Elgamal noted.
The interconnected nature of modern systems adds further complexity.
“Any two entities are connected one way or another, maybe more than one way. So you are also dependent on choices that some other organization made at some other point in time,” Elgamal pointed out. This interdependence means that vulnerabilities in one organization’s cryptography can potentially impact others.
Elgamal sees a future where enterprises take a more active role in managing their cryptographic infrastructure, with support from vendors. This includes asking detailed questions about the specific implementations being used. As he put it: “Nobody asks which version of what library you are using here, for example, because there are some versions that have really bad vulnerabilities and you should not be using them.”
By prompting this shift towards more enterprise-controlled cryptography management, the quantum threat may ultimately lead to more robust and secure systems in the long run.