to accelerate the global adoption of new post-quantum cryptography (PQC) standards.
In this Q&A, SandboxAQ CEO Jack D. Hidary discusses the current status of the quantum ecosystem, the importance of cross-border collaboration and the importance of the Cryptosense acquisition.
Enter Quantum: What is your view of the current quantum ecosystem?
The majority of people who will be in the quantum ecosystem in the coming years are not here today. Of the people I meet around the current ecosystem, only 10% have a quantum background; 90% have come from somewhere else like AI, high-performance computing or other unrelated scientific fields.
It's easy to see how imposter syndrome is going to run rampant in this sector; the majority of human beings in the current quantum ecosystem did not do quantum for the first 25 years of their careers. A lot of the consulting firms – Deloitte,
I think it's particularly important to attract a diverse workforce, to really discover and draft as quickly as possible, because it's so easy for people to get very intimidated.
At SandboxAQ things we do a lot of pro bono work in the quantum space; we teach at universities and develop curricula for universities and corporations to train their workforce. We're working with large multinational non-profits now to develop what we’re calling a quantum ecosystem blueprint.
What do you do in a country that's not currently at the quantum forefront? How do you not stay behind? How do you jump to the forefront? We’re gathering a set of case studies, blueprints and best practices from our interface with lots of countries around the world that we’ll release soon.
Why was the acquisition of Cryptosense important for SandboxAQ?
July 5 [when NIST announced its four selected quantum encryption algorithms] was a major milestone in the global migration from current encryption protocols to the new quantum-safe encryption protocols. It had been a six-year journey, led by NIST but with participation from 25 experts from 25 countries. Thousands of peer experts examined the initial 82 submissions down to the handful that was designated for standardization.
There’s more work to be done, but that gave all of us in the global community a very clear roadmap of where we are going in terms of lattice-based cryptography. With that kind of clarity comes an increased need and desire on the part of the government, large enterprises and others to begin this process of integration.
The first step of that process is what we call discovery; analyzing your on-premises networks, cloud networks, hardware, software, data libraries, encryption modules and libraries and APIs. That assessment and inventorying then leads to a plan. In that sense, having great discovery tools is critical and Cryptosense has a set of tools that they've been developing for seven years now.
We’ve been focusing on network analysis and the status of encryption in the large enterprise network and Cryptosense has been focused on hardware security modules and various other parts of an enterprise ecosystem that are complementary to our tools.
Another driver is that we have a multinational footprint and in the era of remote work and distributed workforce we have accelerated that because talent is so scarce in our areas of the quantum ecosystem. We have a workforce in over seven countries and about a third of our workforce is outside the U.S. We now have a strong European-based company as part of Sandbox AQ and that deepens the strength we have in Europe, where we serve customers such as Vodafone.
What is the urgency around post-quantum encryption now?
The urgency is around store now, decrypt later, which is increasingly being recognized not only by governments but also by companies with a deep investment in IP, banks and organizations with large swaths of proprietary and confidential customer data.
They have a legal obligation to keep hold of this data for many years. Hacking does not have to involve penetrating a network; there are sniffers on the open internet grabbing copies of the data that's being transmitted by banks and pharma companies. Even years later that is still an existential threat.
The third part of it is that, from an enterprise IT and cyber perspective, we all know that it takes years to migrate a large enterprise. This is not something that one does overnight.
The process of discovery is the beginning of that process, and that itself can take six to 12 months. Let's remember that most large banks today around the world are amalgams of multiple M&A transactions, which means that over the years there are a lot of legacy systems and data.
To get the latest Quantum news, research, videos and content, sign up to our newsletter