How to avoid quantum decryption in the cloud

Shred information into data and bypass the risk of quantum decryption in the cloud, writes Rob Pocock, Technology Director at Red Helix.

While quantum computing is poised to revolutionise data processing, providing us with the answers to problems we previously thought unsolvable (or at least unsolvable in a reasonable amount of time), there are some significant concerns regarding its potential ability to quickly decrypt vast amounts of data. Techniques like ‘harvest now, decrypt later’ allow hackers to steal large volumes of encrypted data, confident that future quantum computers will enable rapid decryption. As quantum computing advances, this threat becomes more real.

Although some of this data may become outdated over time, a substantial portion will remain relevant. Just over 60% of enterprises feel unprepared for the security risks posed by the upcoming quantum era, with 71% directly concerned that their data may be harvested by cyber criminals for future decryption. This increasingly urgent issue prompts a critical question: how can we ensure that data stored today will remain secure and resilient against future quantum decryption threats?

Cloud security is inefficient

Currently, many organisations rely on cloud servers like Google Cloud, Microsoft Azure, and Amazon Web Services (AWS) to store their information. These platforms offer various options, including storage location by country and multiple security levels, each with numerous associated costs (which seem to rise exponentially). Current encryption methods available from these cloud providers are effective against most known threats, and typically result in cyber criminals needing to spend years to decrypt any stolen data. However, the looming advent of quantum computing necessitates new strategies for data security.

Utilising a multi-cloud environment can be a strategic approach to securing valuable company information. By spreading it across multiple cloud storage providers, organisations can isolate their most critical information in highly secure environments, while less sensitive information can be stored in locations with slightly lower security levels, at reduced costs. This method reduces the risk of a single breach compromising all business data. However, even with these precautions, there’s still a possibility that it could be stolen and decrypted later.

There are some other downsides to this approach. Vendor or cloud lock-in becomes a real concern – something even the UK government has had to contend with, limiting its negotiating power over billions of pounds of cloud infrastructure. The cost of removing a company’s information from a cloud storage server or migrating to another can be significant. Although some of the cloud storage giants are removing these egress fees, this is just one concern.

Even if a company pays to have their information stored in a particular location, there is no guarantee that it will actually be stored there. Microsoft recently admitted that because it transfers and processes information overseas, they couldn’t guarantee its sovereignty in their system, which means some UK data protection requirements could not be met. This can restrict a business’s ability to use international storage solutions that might be more cost-effective or offer better performance.

One promising solution, that addresses all three of these issues, is the technique of disaggregating data through bit shredding.

Disaggregating data: a quantum-resilient approach

The concept of bit shredding works by breaking down information into smaller pieces, or data, and distributing these disaggregated pieces across various cloud storage services, or internal storage methods. When it is needed, these pieces are reassembled to recreate the original information. This not only makes it almost impossible for unauthorised parties to access the complete information but also ensures that even if a breach occurs, the compromised data is incomplete and useless without the other pieces and a key to reconstruct them. Crucially, even if some parts of the data are lost, there are algorithms in place to recreate it when the rest of the data is extracted as information.

The distinction between information and data is important, because while information must be stored under very specific parameters, data, as represented by 1s and 0s, has more flexibility. Information, such as a PDF or Word document, when shredded into binary form, becomes data and this transformation circumvents some of the data protection requirements, which mandate that information be stored within its country of origin. By converting information into data, organisations gain greater flexibility in choosing storage locations, potentially reducing costs and enhancing security.

Bit shredding also enhances security by enabling rapid response to breaches. If a cloud provider is hacked, the disaggregated nature of the data allows for immediate deletion and disconnection from the compromised source, ensuring that operations can continue seamlessly with other providers. This is particularly valuable for sectors handling highly sensitive data.

As an added bonus, because this disaggregated data is already encrypted and highly secure, businesses are not forced to purchase the highest band of security from their cloud storage providers and can instead quite safely store their data across less secure, but cheaper, options.

For industries such as telecommunications, finance, and media, where sensitive data is frequently handled and must be shared securely, these methods provide a robust framework for compliance and security. For example, telecom companies that collect Internet Connection Records (ICRs) may need to grant access to authorities while maintaining control and ownership of the data. By disaggregating the data and storing it in binary form, these companies can securely and efficiently meet regulatory requirements without compromising on cost or security.

Future-proof your data

The immense computational power of quantum computers could render current encryption methods obsolete, posing a significant risk to the confidentiality of sensitive information. However, by adopting innovative strategies such as bit shredding, organisations can safeguard their data against future quantum decryption threats.

As we prepare for the quantum future, proactive measures today will ensure the resilience and integrity of our data in the years to come. By implementing quantum-resilient data storage solutions, organisations can protect their most valuable assets against the emerging threats posed by quantum computing.  

Categories

Related Articles

Top Stories