Sandbox AQ CEO: Enterprises must prep for quantum threats
(CIO.Review) CIO’s Senior Editor Peter Sayer interviews Sandbox AQ’s CEO Jack Hidary and they discuss his plans for developing enterprise software based on AI and quantum tech and what CIOs should expect from a post-RSA future. IQT-News summarizes key comments from the interview.
Sandbox began life as a secretive division of Google parent company Alphabet in 2016, and in March 2022 became a company in its own right. Sayer describes “Hidary as an energetic figure and a serial entrepreneur”. With his brother, he co-founded web design firm EarthWeb, leading the company through its acquisition of job site Dice.com and an IPO, and co-founded financial research firm Vista Research and solar panel installer SambaEnergy. He has also sat on a number of boards. In his current role at Sandbox AQ, he has also found time to become a published author: His 2019 introductory guide, Quantum Computing: An Applied Approach, is now in its second edition.
Click to read: IQT San Diego announces that Jack Hidary, head of quantum and AI at Sandbox (Alphabet) to offer opening keynote for the May 10-12 conference and exhibition emphasizing the quantum enterprise
CIO.com: What enterprise problems will Sandbox AQ focus on?
Jack Hidary: The primary focus right now is post-quantum cryptography. That’s because of the urgency around cybersecurity in general, which I know that your readers are very familiar with. But specifically, there is an open war in cybersecurity on theft of IP [intellectual property]: The store-now-decrypt-later attack that is happening now.
CIO: If quantum computers can crack today’s encryption algorithms, will all our data be vulnerable?
Hidary: The good news is that the cyber community came together about six years ago — multiple countries, Western and Eastern European countries, the US, Canada, other leading countries in cybersecurity came together and formed the NIST process to examine, validate, and test a series of protocols that could replace RSA. Over 60 protocols were accepted into round one. The NIST process worked its way through, on an international multi-stakeholder basis, an open process, open to all, on the NIST website. It came out after three rounds with the finalists and indicated just last week that in the next two weeks, we’re going to see the specs on the first protocols that we can use.
CIO: What do CIOs need to do to prepare?
Hidary: The timing is propitious for the migration now from RSA to post-RSA encryption. Had we tried to do this three or four years ago, what would we have used? What would the new protocol have been? The good news now is that there’s a software fix. One does not have to buy new hardware.
CIO: .. . . . . ..working with Vodafone Business and Softbank Mobile?
Hidary: . . . . These entities are moving ahead with post-quantum-cryptography-enabled VPN. This is a critical piece of the new infrastructure for the CIO, for the CISO, and for the network manager in every large global enterprise, to have tool sets so that when one is using a PQC-enabled VPN, one is assured that even if there is an eavesdropper, even if there is infiltration, even if there is exfiltration of that data as the VPN is active, one is assured that there’s not a store-now, decrypt-later vulnerability. That is another piece of what we are offering as value add: not just direct software to the end user business, but also the ability to enable our telco partners, which are critical in the whole communications link, to have PQC-enabled telco products. This is critical to the future of business-to-business telecom, of enterprise telecom.
CIO: With the new investment that came with the spin off, how are you going to stay focused and not get dispersed in a bunch of different projects?
Hidary: Well, you know, one has to prioritize. Cybersecurity is the priority right now, and we are focused on that. You can see the initial customers we’ve announced, and we’ll have more no doubt over time, both strategic partners and customers there in cyber. You’ll see that as our core focus externally.
In terms of the other parts of Sandbox AQ, these are more in development. I think it’s always a healthy balance to have some products that are ready for commercialization, and at the same time having an R&D facility, having the ability to develop products for the future.
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.