Repository

Quantum Insight

Quantum Threat Intelligence & PQC Resources

Select your Quantum Safe Partners Carefully

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today began a countdown to April 14, 2030, the date by which CSA estimates that a quantum computer will be able to break present-day cybersecurity infrastructure.

The Macro Landscape and Migration Urgency

Market Context: The estimated cost for U.S. federal agencies to transition to post-quantum cryptography (PQC) is approximately $7.1 billion by 2035. This estimate reflects the need for agencies to replace outdated technology that cannot support new PQC systems and includes a significant portion of the overall cost due to the replacement of non-compliant systems. The transition is part of a broader strategy to ensure that the nation's cryptographic infrastructure can withstand the capabilities of future quantum computers.

With Y2Q on the horizon, it's critical that you select the appropriate partners to help you with your PQC (Post Quantum Encryption) Transition and Migration. Many existing cybersecurity, networking, and enterprise software and hardware providers are already pivoting in the direction of Quantum Safe, and it's challenging to select your PQC Provider and Partner, without clear evaluation criteria based on strengths and fit for purpose. Hence, our #Kyndryl Quantum Services and Consulting Practice and Team is developing a PQC Reference Architecture based on critical services (for example: Payments, ERP, CRM, etc) and a Fit for Purpose Partnership Evaluation Framework. We are working on this already with CSA, NACHA https://www.nacha.org/quantum_payments_project_team and beginning work with ETSI https://www.etsi.org/ for Europe and beyond.

PQC Vendor Partnership and Engagement Strategy

Evaluation Framework: Our approach is to identify the leading partner based on our stringent evaluation process and criteria to execute against the PQC reference architecture based on critical services first assessed:

a. Global Standards Integration:
Participation on global standards bodies for PQC development and ratification.

b. Industry-Specific Vertical Expertise:
Industry expertise in Financial Services and other industries and specific services (Payments, Internet Banking, Telecom, etc) and expertise for specific code development and application for these services.

c. Deep Technical Specialization:
Technical expertise and standards development in specific PQC application (edge to cloud, network layer, HSM, PKI, etc) with the intersection of A, B above (this is white space not covered by cloud hyperscalers, software giants or networking giants or networking partners).

d. Operational Flexibility & Performance Overhead:
Flexibility in application considering performance overhead considerations and CIA rating classification for different aspects of the services (for example, Integrity for Data at Rest vs in Transfer can require an encapsulation AND replacement approach across the service, not black and white remediation end point by endpoint. There are definitive NOTED differences here with vendors).

Strategic Alignment Discussion

Next Steps: Please reach out to myself and out team for a in-depth discussion on how we can help you on your quantum safe journey.

Author

Bill Genovese CISSP ITIL

Chief Quantum Officer

2001 L Street Northwest
Suite 500
Washington, DC 20036
© CYBER EAGLE PROJECT (p) all rights reserved: text, graphics, artwork, audio, video, documents, and other media formats are protected (Title 17 U.S. Code). All trademarks, trade names, or logos mentioned or used are the property of their respective owners.
OFFERINGS
TERMS & CONDITIONS
IMPACT
PRIVACY POLICY
Linkedin icon