June 17, 2024

Why enterprises trust hardware-based security over quantum computing

Verify out all the on-desire sessions from the Clever Safety Summit right here.


Designing zero rely on into silicon and manufacturing components-primarily based stability at the chip stage is providing on the promises quantum computing built several years ago.

But, the main systems based on quantum computing — quantum bits or qubits — are as well noisy to deliver the telemetry data that endpoint detection and reaction (EDR) and prolonged detection and response (XDR) need to have to function at scale in an company. Even with cybersecurity sellers discovering quantum computing to capture and interpret weak signals, the technologies proceeds to be impractical for mainstream cybersecurity use now.

Quantum computing demands a cybersecurity use case

If quantum computing is likely to assistance address cybersecurity issues, it ought to raise the stability, velocity and scale in figuring out weak signals and halting breaches although also delivering true-time data from effective algorithms. A current Economic Instances write-up, “Hype about quantum computing recedes in excess of lack of useful employs,” critiques Chinese researchers’ promises of defeating RSA encryption using quantum desktops, a engineering attainment predicted to choose a decade or extended. 

>>Don’t overlook our exclusive situation: The CIO agenda: The 2023 roadmap for IT leaders.<<

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.


Watch Here

The article analyzes why claims are improbable. One of the most noteworthy insights is how quantum computing’s current state of qubit technology is too noisy for error correction. The article states, “the quantum bits, or qubits, used in today’s machines are highly unstable and only hold their quantum states for extremely short periods, creating “noise.” As a result, “errors accumulate in the computer, and after around 100 operations there are so many errors the computation fails,” Steve Brierley, chief executive of quantum software company Riverlane, told the Financial Times. 

Late last year, H.R.7535, the Quantum Computing Cybersecurity Preparedness Act, was passed. The act “addresses the migration of executive agencies’ information technology systems to post-quantum cryptography. Post-quantum cryptography is encryption strong enough to resist attacks from quantum computers developed in the future.”

CISOs and CIOs are likewise concerned about how quantum computing could potentially be used to render their authentication and encryption obsolete, leaving their infrastructures exposed. Those types of strategic threats make hardware-based security with zero trust designed from first silicon all the more attractive and trusted.

What is hardware-based security?

Gartner defines hardware-based security as the “use of chip-level techniques for protecting critical security controls and processes in host systems independent of OS integrity. Typical control isolation includes encryption key handling, secrets protection, secure I/O, process isolation/monitoring, and encrypted memory handling.” 

Hardware-based security is quickly emerging as table stakes for securing an enterprise by providing safeguards against various cyberattacks ranging from ransomware to sophisticated software supply chain intrusion attempts. With features like confidential computing, encrypted VMs and containers, enterprises are beginning to put more trust in hardware-based security. With all hardware security vendors either currently providing or finalizing zero-trust support in their silicon, hardware-based security is gaining greater adoption in enterprise data centers.  

Microsoft’s recently published Windows 11 Security Book: Powerful Security from Chip to Cloud explains how Windows 11 enables zero-trust protection. The operating system supports chip-level zero-trust security that guards against privileged access, credential theft and many other attack scenarios.

“Credentials are protected by hardware and software security layers such as Trusted Platform Module 2.0, Virtualization-based Security (VBS), and Windows Defender Credential Guard, making it harder for attackers to steal credentials from a device,” according to the report.

The lengthy publication provides examples of how Microsoft collaborates with a broad base of chipset manufacturers, all focused on providing hardware-based zero trust.  

“I believe the zero-trust concepts shouldn’t stop at the network or system,” writes Martin G. Dixon, Intel fellow and VP of Intel’s security architecture and engineering group. “Rather, they can be applied down inside the silicon. We even refer to infrastructure on the chip as a network or ‘network on a chip.’”

One of the most compelling aspects of the latest hardware-based security silicon development generation is its support for zero-trust security. Upgrading servers across a data center with the latest generation of hardware-based security chipsets and silicon-based products opens up the opportunity to enable hardware-based authentication and encryption, two core goals for many zero-trust security frameworks and initiatives.

Leading vendors providing hardware-based security in silicon or working on R&D projects in this area include Amazon Web Services (AWS), AMD, Anjuna, Apple, Bitdefender, Fortanix, Google, Intel, Microsoft, Nvidia, Samsung Electronics and many others. 

Intel’s many innovations integrating zero-trust security into silicon are a leading indicator of why hardware-based security is gaining trust in enterprises without forcing large-scale changes to infrastructure.
Source: A Zero Trust Approach to Architecting Silicon blog post by Martin G. Dixon.

Four areas where quantum computing is falling short

Inflated claims of what quantum computing could deliver for cybersecurity created great expectations. But for all its computational power, there are four weaknesses that quantum computing has that are leading enterprises to put more trust in hardware-based security.  

Qubit technology continues to be too noisy for error correction

As the number of qubits in a quantum computing use case increase, managing errors becomes more challenging. Qubit errors occur when the state of a qubit is disturbed by external factors such as noise, temperature or electromagnetic interference. These errors can cause the computation to become unreliable and produce random noise, limiting the number of steps a quantum algorithm can perform. 

This is a significant problem for quantum computing in cybersecurity, as it reduces the accuracy and reliability of computations. With the leading cybersecurity providers’ roadmaps reflecting continued improvements in sensing, interpreting and acting on signal data, quantum computing’s instability in this area is contributing to the growth of hardware-based security.

During his keynote at CrowdStrike’s Fal.Con event last year, CrowdStrike cofounder and CEO George Kurtz said his company’s goal is to “pick up the weak signals on endpoints to understand intrusion patterns better.”

He continued, “and one of the areas that we’ve pioneered is [taking] weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals across not only endpoints but across domains, and come up with a novel detection. This is much different than, ‘Let’s pile a bunch of data into a data lake and sort it out.’”

External control electronics need greater scale to meet cybersecurity’s challenges

From a cybersecurity standpoint, the problem of scaling quantum computing is closely related to increase in the number of qubits within a quantum chip. As the number of qubits increases, so does the number of control wires or lasers needed to control them. This requires external control electronics, which in turn requires many signal lines to scale.

In the IEEE Spectrum article An Optimist’s View of the 4 Challenges to Quantum Computing, Intel’s director of quantum hardware James S. Clarke writes, “Today, we require multiple control wires, or multiple lasers, to create and control qubits. As a result, fan-out is a major challenge for scaling up quantum computing.”

This complexity of scaling quantum computers with multiple control wires or lasers can make it challenging to implement and maintain security protocols in quantum computing systems, which is crucial for cybersecurity. As a result of this limitation, hardware-based security is gaining adoption and trust across enterprises. 

High-value algorithms don’t provide data fast enough to thwart breach attempts

One of quantum computing’s limitations today is the length of time it takes to access and retrieve data from the highest-value algorithms. This is because quantum algorithms often require superpolynomial time to run, meaning the number of steps increases faster than a polynomial function of the input size. This can make them less suitable for zero-trust security, where quick and efficient telemetry data is required to thwart potential breach attempts. 

In the context of zero-trust security, the ability to quickly and accurately measure the output of a computational process is crucial. Zero-trust security is based on the principle of “never trust, always verify,” meaning that even internal network traffic and communications should be closely monitored and verified. With high-value quantum algorithms that have impractical readout times, it may take time to quickly and accurately verify the output of the computation, thereby making these algorithms less suitable for use in zero-trust security systems.

Lack of standardization creates a challenge

The lack of standardization across programming, middleware, and assembler levels can make it challenging to ensure the security and integrity of the data being processed and stored. Compounding that challenge is the need for more knowledge about the application, application stack and environment management among developers and operations (devops) teams. This can result in a need for standardized processes for the development life cycle, making it harder to maintain secure and efficient quantum computing systems.

Given the need for more standardization, enterprises are concerned about vendor lock-in, which is also a significant barrier to adopting quantum computing.

In summary, the lack of standardization across programming, middleware and assembler levels in quantum computing makes it more challenging to ensure the security and integrity of data being processed and stored, making enterprise cybersecurity a significant challenge.

Conclusion

Hardware-based security is rapidly emerging as an attractive option for enterprises seeking to protect their data centers from cyberattacks. Quantum computing cannot (yet) provide the accuracy and speed required for effective EDR, making hardware-based security a more reliable option. 

Hardware-based security solutions are designed from the first silicon to rely on zero-trust principles to guard against privileged access credential theft and other attack scenarios.

While quantum computing provides immense computational power, its current state of qubit technology is too noisy for error correction. External control electronics lack the necessary scale. High-value algorithms don’t quickly provide data. And, the lack of standardization makes enterprise cybersecurity challenging.

As a result, hardware-based security solutions are gaining trust in enterprises and providing safeguards against numerous cyberattacks.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.