Surpassing Quantum Encryption
Recently, I read that the University of Science and Technology of China is leading a project to build the world's longest quantum communication network stretching 2,000 km between Beijing and Shanghai by 2016. The builders hope to give complete secure communication to users though quantum encryption.
A quantum communication network is unbreakable. Any attempt to intercept the encryption key would alter the physical status of the quantum data, or qubits, and trigger an alert to the communicators. Currently, there are several other labs in various countries around the world are looking to tap into this technology.
Is quantum encryption the holy grail of IT security? I can certainly relate to the quantum encryption developers' dogged pursuit of unhackable security technology. I noticed two hurdles standing between quantum encryption and widespread adoption – the cost-benefit proposition and the existence of weak links in other parts of the security system.
Are the Benefits Worth the Cost?
There are no clear indications of quantum encryption's costs yet but, it's likely to be high, especially at the initial stages when the technology is immature and the pool of users is small. Businesses are all about increasing profit and reducing expenditure low cost encryption technologies that are secure enough for most enterprise applications exist.
Your Enterprise is as Secure as its Weakest Link
The tougher challenge lies in the fact that security is an interconnected system, not an isolated jigsaw piece. If quantum encryption is hard to crack, cyber criminals will look for a weaker link in the security system to target. They could use social engineering to gain knowledge on how to access confidential data, or they could plant malicious software in end-users' computers to steal their data when it is at rest.
Since quantum encryption promises only to protect data in motion which is just one link of the entire security chain labeling it as an “unbreakable security technology is overreaching. Boosting overall security requires us to continuously strengthen the weakest link of the chain, as and when it appears. To be successful, there must be concerted, industry-wide action to concurrently upgrade individual components of the security chain.
While security solution providers work hard to share threat information and develop their technologies, enterprises and consumers must take time to learn more about cyber security and guard against attacks, CERT teams must improve their response capabilities; and institutions worldwide must step up their efforts to groom cyber security talent. Stakeholders need to do their earnest best in their respective fields, and cooperate with one another. That not quantum encryption alone is the real key to making the world a more secure and livable place.