This article is more than 1 year old

You don't have to wait for quantum computing to prepare for it

Rapid7 CSO Jaya Baloo on how to tackle this potential looming tech

RSA Conference 2023 AI was all the rage at RSA Conference this year, though there was another tech buzzword that managed to make its presence felt: quantum computing, and the security threat those systems may or may not someday pose.

Jaya Baloo, now CSO at Rapid7 and previously CISO at Avast, gave a talk at RSAC on pragmatic preparation for a possible quantum-powered future, and sat down to talk with us about what organizations can do today.

"This isn't a niche message," Baloo told us, adding it really doesn't matter if we don't know right now what the quantum computers of the future might look like or the algorithms they run. Rather than assuming quantum computers won't ever be a threat, it's safer to assume they might be, and that the data you're collecting, encrypting, and retaining now may already be in a position to be compromised in the future by some powerful machine.

You can replay our chat below.

"There are hostile parties and government agencies making copies of internet traffic and communication" in bulk, Baloo told us. Whoever is able to do that has a wealth of unencrypted and encrypted data at their disposal, and it's potentially just a matter of time before that information is completely unlocked by whoever holds it. That could be achieved using quantum computing assuming that the tech works as anticipated.

What can a business do now? Exercise judicious caution, says Baloo. She urges organizations to keep up on the important stuff, such as patches, endpoint security, and other best practices. Even more importantly, she says, is for organizations to understand every nuance of their own cryptographic and cybersecurity environments.

Know the encryption algorithms you're using, know if they are or could be upgraded to quantum-resistant alternatives, know the data you're retaining, know why you're collecting it, and only then figure out what's at potential risk, and how best to reduce that risk, and then implement that. No panic, no fear, no fuss.

"That's the hardest thing for organizations to truly do, is to know thyself," Baloo said. ®

More about


Send us news

Other stories you might like