(JaxEnter) The security profession is heeding the warnings about quantum threats and have begun preparations in earnest. The DigiCert 2019 Post Quantum Cryptography (PQC) Survey aimed to examine exactly how companies were doing. Researchers surveyed 400 enterprises, each with 1,000 or more employees, across the US, Germany and Japan to get answers. They also conducted a focus group of nine different IT managers to further reveal those preparations.
A total of 35% of the respondents already have a PQC budget, and a further 56 percent are discussing one in their organisations. Yet, many are still very early in the process of PQC planning.
One of the respondents, an IT Security manager at a financial services company, told surveyors, “We’re still in the early discussion phases because we’re not the only ones who are affected. There are third party partners and vendors that we’re in early discussions with on how we can be proactive and beef up our security. And quantum cryptology is one of the topics that we are looking at.”
One of the prime preparatory best practices that respondents called upon was monitoring. Knowing what kind of data flows within your environment, how it’s used and how it’s currently protected are all things that an enterprise has to find out as they prepare.
Many organisations are still taking their first tentative steps, and others have yet to take any. Now is the time for organisations to be assessing their deployments of crypto and digital certificates so they have proper crypto-agility and are ready to deploy quantum-resistant algorithms soon rather than being caught lacking when it finally arrives.