How to Secure Quantum Computing in the Cloud

Author: Timothy Hollebeek

The most forward-thinking companies are working hard to figure out how to leverage the incredible processing power of quantum computing once it's available. While we don't know exactly when that will be, IBM's unveiling of the first 1,000+ qubit machine at the end of 2023 was a clear sign the world will gain widespread access to quantum computers sooner than later.

But preparing for quantum computing's benefits shouldn't be the only thing on your organization's radar. This incredibly powerful technology will also bring a range of threats. And with quantum likely to rely heavily on the cloud, securing against quantum attacks will require similar measures to securing the cloud.

Why the cloud for quantum?

In 2016, Bill Gates predicted that cloud computing would offer super-computation via quantum by 2026, solving "some very important science problems including materials and catalyst design."

What kind of problems was Gates referring to?

Well, quantum computers aren't your typical desktop computer tower. Remember the 1,000+ qubits in IBM's new machine? Those qubits—short for "quantum bits"—are highly heat-sensitive, which means quantum computers can only operate inside refrigerators.

And those refrigerators? They're not like the LG smart fridge where you store your milk. Super computers require "super fridges," cryogenic units running at a cool, qubit-safe -459°F.

As you might imagine, super fridges aren't small. And they're certainly not cheap—nor is the energy it takes to power them.

For most organizations, that means on-premises quantum technology won't be an option any time soon. But the cloud offers the flexibility, scalability, and affordability required to bring quantum to the masses.

Security threats to cloud quantum computing

One word sums up the reason quantum services will be almost 100% deployed in the cloud: accessibility. 

But there's a major downside. Making quantum more accessible to users also makes it accessible to attackers. Just as you won't need to invest in physical quantum hardware to take advantage of this high-performing technology, bad actors won’t need their own quantum computer to attack your organization. 

In the early days, attackers are likely to do one of two things: 

1. Steal the credentials that protect your connection to cloud quantum services to alter or compromise services, or 
2. Use cloud quantum computing resources to compromise legacy infrastructures that aren't quantum safe.

Traditional networks have a physical parameter that cloud infrastructure does not. Because people will access quantum computers remotely, organizations will need strong network authenticity and secure communication between the cloud and apps. 

You'll also need to encrypt any data stored in the cloud to protect against one of the top threats to cloud computing services: data breaches. The most common causes of breaches in the cloud are poor authentication standards, weak passwords, and poor certificate management. And when organizations scale their use of cloud services, it all becomes even more difficult to control.

At the end of the day, securing cloud quantum computing will require similar practices to securing other technologies and data in the cloud: 

• Strong authentication
• Visibility and scale
• Simplified certificate management

Protecting your organization’s legacy cryptography from the malicious use of cloud quantum computing resources means you need a plan to retire your current cryptographic algorithms and implement post-quantum cryptography. And you need to put that in plan into action before the inevitable day when available cloud computing resources can compromise traditional algorithms like RSA.

Preparing for quantum with PKI modernization

Public key infrastructure (PKI) has secured the web for decades, using three key security practices to protect everything that connects to the internet, including resources in the cloud:

• Integrity: Ensures data remains unaltered and trustworthy during transmission.
• Authentication: Verifies the identity of users and devices accessing cloud resources.
• Encryption: Protects sensitive data from unauthorized access by transforming it into an unreadable format.

But as the rest of technology has advanced, many organizations have failed to update this essential foundation, relying on outdated practices and limited DIY management solutions that can’t keep up with the demands of modern security—much less with quantum computing.

Once they gain access to quantum, attackers will have no trouble decrypting the data the old PKI is currently protecting. To secure your use of quantum in the cloud, you’ll need to modernize your PKI. And that starts with taking stock of your cryptographic assets, then putting quantum-safe algorithms in place to protect them. 

Most organizations today have massive amounts of certificates to manage, which brings us to one of PKI modernization’s biggest selling points: scalability. When you have real-time visibility into every single asset you manage, you can achieve crypto-agility—the ability to identify and remediate issues as soon as they arise. As your organization increases or decreases its quantum computing usage in the cloud, a retrofitted PKI infrastructure can adapt to the changing infrastructure, ensuring consistent security across all endpoints.

How to choose the right platform for modernized PKI

Trying to DIY your own private PKI is risky, especially with quantum looming on the horizon. But working with a private certificate authority like DigiCert for managed PKI can give your organization the automation and scalability it needs to adapt its use of quantum computing services in the cloud. 

Here's what to look for in a PKI platform:

• Scalability: The ability to handle billions of certificates and adapt to future growth.
• Flexibility: Support for various deployment models (hybrid, cloud, and on-premises).
• Compliance: Adherence to industry standards and data protection regulations. 
• Integration: Seamless integration with existing systems and workflows.

Modern PKI management platforms like DigiCert® Trust Lifecycle Manager take a centralized approach to handling the lifecycle of digital certificates. With features like automated certificate issuance, renewal, and revocation, you'll reduce administrative overhead and minimize the risk of human error—and most importantly, you'll get the cloud quantum computing security you need to protect your organization from whatever the future of quantum holds.

The latest developments in digital trust

Want to learn more about topics like cloud security, post-quantum cryptography, and PKI? Subscribe to the DigiCert blog to ensure you never miss a story.