Collaborative Expertise: The Quantum-Safe 360 Alliance combines strengths from Quantinuum, Keyfactor, Thales, and IBM Consulting to tackle quantum encryption risks.
Cryptographic Agility Focus: Members prioritize adaptable systems that allow quick updates to encryption methods amid evolving quantum dangers.
Proactive Transition Strategies: The alliance provides frameworks, tools, and case studies to help organizations implement post-quantum safeguards efficiently.
Quantum computing advances pose serious risks to existing encryption, prompting the formation of the Quantum-Safe 360 Alliance (QSafe 360 Alliance) to lead the way in post-quantum defenses. The QSafe 360 Alliance addresses the need for organizations to upgrade security measures before quantum systems mature fully, potentially compromising data integrity. Leaders from multiple sectors recognize needed, coordinated action will protect global digital infrastructure from impending disruptions.
The QSafe 360 Alliance consists of Quantinuum, Keyfactor, Thales, and IBM Consulting, each contributing specialized knowledge in areas such as quantum randomness generation, public key infrastructure (PKI), hardware security, and consulting services.
Quantinuum develops quantum computers and offers Quantum Origin for generating verifiable random numbers bolstering secure key strength. Keyfactor manages certificates and supports scalable PKI platforms, while Thales provides hardware security modules (HSM) and data protection tools. IBM Consulting delivers cyber risk assessments and roadmaps to get clients from danger to safety. Together, these entities create interoperable approaches simplifying the adoption of new standards.
Announced amid growing concerns over quantum capabilities projected to mature by 2030, the alliance operates globally without a fixed physical headquarter. Projections indicate quantum systems might break common encryption algorithms, RSA and ECC, within this decade.
Adversaries already engage in "harvest now, decrypt later" tactics, collecting encrypted information for future exploitation. Because quantum developments span international boundaries, the alliance promotes worldwide standards alignment, urging immediate steps to inventory assets and evaluate vulnerabilities.
[ PQC is an example of just one type of threat. Solutions should be designed to withstand an unbounded attacker regardless of the mechanism they are currently using... ]
— Roy Stephan, Senior Solutions Architect, Quantinuum
The alliance exists primarily to counter the erosion of digital trust caused by quantum computing's potential capability to solve complex mathematical problems rapidly. Without upgrades, sensitive data in finance, healthcare, and government sectors faces exposure. Additionally, weak randomness in secure key generation protocols has led to breaches, amplifying the need for stronger foundations.
The alliance advocates for cryptographic agility, enabling crypto-systems to switch algorithms seamlessly and to reduce downtime during updates.
Organizations achieve quantum readiness through the QSafe 360 Alliance's structured frameworks, emphasizing discovery, prioritization, and incremental deployment. Teams start by assessing threat landscapes and cataloging assets based on data lifespan and value.
Pilot projects test new solutions in isolated settings, allowing refinements before full rollout. Case studies include integrating quantum randomness into HSMs for financial firms, centralizing key management, and automating processes to minimize risks.
[ We have a responsibility to get it right the first time. The biggest risk is sitting around, waiting... ]
— Chris Hickman, Chief Security Officer, Keyfactor
Overcoming internal resistance involves dispelling myths about timelines and demonstrating the costs of delay. Migrations historically take years, as seen with the migration from SHA-1 to SHA-2. The alliance assists by offering resources for vendor accountability, ensuring partners meet post-quantum requirements. Ultimately, the proactive stance builds resilience and preserves trust as quantum timelines shorten.
Operational hurdles, such as legacy systems incompatible with larger key sizes, can be mitigated through phased implementations focusing on high-priority areas. Tools from alliance members (example, Keyfactor's PQC Lab) allow testing without full commitments.
The Quantum-Safe 360 Alliance empowers businesses to demand quantum-ready solutions from vendors, fostering an ecosystem of accountability. Incremental investments compound to create robust defenses and secure competitive advantages.
