Q2 Stays Far Ahead of Curve to Protect Customers Against the Emerging Threat of Quantum Computers
Imagine a computer that can crack all of the known current encryption algorithms within seconds, putting secure financial transactions and communications at risk. It’s not science fiction. Quantum computing is a threat to enterprise security — and it’s just around the corner.
As an industry, we need to be prepared with new ways to protect our clients’ data, their transactions and even their own end users’ data from this emerging threat. Even though quantum computing isn’t yet on our doorstep, technology finds a way to accelerate very quickly. As Bill Gates so aptly put it, “We always overestimate the change that will occur in the next year and underestimate the change that will occur in the next 10. Don’t let yourself be lulled into inaction.”
We’ve taken Gates’ words to heart. We take our responsibility for hosting our customers’ digital branch (their largest branch) and managing greater than $2.7 trillion of money movement (which is more than 10% of the GNP) very seriously. So when our customers have questions about quantum computing as part of their due diligence or annual reviews, they can rest assured that we’re at the forefront of addressing it.
Knowing that quantum computing is coming and that we can’t control the timeline, we understand that it’s vital that we get out in front of it. And because the threat to encryption is an industry-level issue, we must adopt an industry-standard encryption solution — it’s not something Q2 can do alone.
We’ve partnered with some of the leaders in the market, including CloudFlare and Microsoft, which partnered with the (federal) National Institute of Standards and Technology (NIST). Together, they’ve created quantum-resistant encryption standards, announced last month, that Q2 has already adopted and implemented — meaning our customers are at the forefront of protection against this impending threat.
Of course, with encryption, the other side of the connection has to adopt the same standards. At this point, we’re taking very little traffic at those levels since most of the third parties we connect to haven't yet adopted them. But now that NIST has defined the standards, it’s only a matter of time before the regulators get involved and set a deadline for adopting the standards industrywide.
When that happens, when vendors and partners in our ecosystem adopt the standards, it will reduce what we or our customers have to do. We’re ready to go. Our customers will be protected as soon as their browsers support quantum-resistant protocols and all the other third parties upgrade.
We want to stay ahead of the curve, and not worry about the acceleration of the adoption cycle for quantum computing. It’s critical that we lead in this effort to protect our customers and their end-users from future security threats.
As always, the threat surface continues to evolve and Q2 will continually review and adjust our security posture.