Future Ready with Bechtle

Quantum computing, Q-day and protecting data for the future | Future Ready with Bechtle

Bechtle Season 1 Episode 14

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 17:37

Quantum computing, Q-day and protecting data for the future | Future Ready with Bechtle

Quantum computing has long been talked about as the next major leap in technology. But while many organisations have heard the term, few fully understand what it could mean for security, encryption and the future of protecting critical business data.

In this episode of Future Ready with Bechtle, host Stephen Harley is joined by Lee Alesbrook, Hybrid Infrastructure BDM at Bechtle UK, to explore the current state of quantum computing and why businesses need to start preparing now for the impact it could have in the future.

In this episode, we cover:
What quantum computing actually is and how it differs from traditional computing
The current maturity of quantum computing technology
What “Q-Day” means for cybersecurity and encryption
The risks of “harvest now, decrypt later” attacks
Why regulated industries should already be preparing for quantum security challenges
The importance of encryption key management and frequent rekeying
How organisations can improve long-term protection of sensitive data
The role of hardware and software-based encryption solutions
Why quantum readiness is a board-level security discussion
Practical steps organisations can take today to prepare for the future

👉 Watch the full episode to understand the future impact of quantum computing and what organisations should be doing today to protect their data:
https://youtu.be/W0B_Qf54s4g

👉 Learn more about Bechtle UK’s hybrid infrastructure and security solutions:
https://www.bechtle.com/gb/bechtle-library/bechtle-pillars/services

👉 Interested in discussing quantum readiness, encryption or long-term data protection strategies?
https://www.bechtle.com/de-en/help-centre

#FutureReady #BechtleUK #QuantumComputing #CyberSecurity #DataProtection #Encryption #HybridInfrastructure #ITLeadership #DigitalTransformation #FutureOfIT

The Bechtle Future Ready Podcast explores how technology is transforming the way we work. Hosted by Bechtle UK, each episode features thought leaders and innovators discussing digital transformation, cybersecurity, sustainability, and the modern workplace.

Discover insights and strategies to help your business stay agile, connected, and ready for what’s next.

🎧 Subscribe now and get future ready with Bechtle UK.

SPEAKER_00

This time on Future Ready with Beckler, I'll be speaking with Lee Aylesbrook, Beckler UK's very own quantum shaman. We'll be speaking about quantum computing and how mature that technology is, what Q Day is and when we might expect it, and what steps we need to take today to protect our data tomorrow when that Q Day actually arrives. This is a fantastic episode if, like me, you've heard of quantum computing but aren't sure what the technology is and what its implications will be. I hope you enjoy the episode. Remember to like and subscribe. So Lee, welcome to Beckler's Future Ready Podcast. Or welcome back, I should say. Good morning. Lee, you're uh a business development manager in our hybrid infrastructure team, but you're also our very o quantum shaman in the UK. Um we're gonna talk about all things quantum computing. Um I think it's fair to say that it's been seen as the next big thing for a little while. We've seen a little bit of it in the press. Um, but really, what is the state of play with quantum computing today?

SPEAKER_01

Okay, so we're gonna try very hard not to turn this into a GCSE science lesson, haven't we? Yeah, we're not gonna talk about qubits and and everything else going on in the world.

SPEAKER_00

Um probably uh uh do you want to just sort of like start with the differences between quantum computing and and what people would be helpful because uh people hear the hear the uh the the buzzword and hear the phrase quantum computing, but but I I think even within the industry, I I think it's fair to say that we, you know, it's not very well understood.

SPEAKER_01

Correct. Yeah, yeah, definitely. So um in terms of computing today, we know computers and and love them. They are uh relatively simple machines, uh, they have an on-off state, as simple as that. It's like a light switch, and we record bits of information in either ones or zeros, and that's been the same for decades since computers were invented. Um, and that's what we call a bit. Quantum is uh working in qubits rather than bits, and qubits can hold multiple states, so we're not just one zero anymore, we are a varying degree between one and zero. And much the way our minds work, these bits can hold multiple uh different um states in the same way that our brains can, right? Our brains aren't just simply on off. And that brings the power to computing uh in in these terms. So um it's able to handle much faster and much more scalable mathematics than the ones and zeros could. So you're talking about a an exponential jump in computing power once we get this up and running and stable. Stable's the keyword, because these things are notoriously at the moment very difficult to keep stable. They need to operate at very cold temperatures in very controlled environments, so they only exist in the lab today.

SPEAKER_00

So it's not not the sort of thing that people are investing in in terms of buying hardware off the shelf and and you know using them to do encryption or decryption, that kind of thing.

SPEAKER_01

We are nowhere near going down to your local store and buying a quantum computer, no matter what size of business you are.

SPEAKER_00

And I suppose that's the the challenge at the moment for everybody in in you know in the boardroom looking at this is going, okay, so you know, where is it on the maturity scale? When is it likely to arrive? Um, I I think it's the first question, followed by, well, okay, well, what does that mean?

SPEAKER_01

So uh I think we're probably looking somewhere to sort of the 10-15 year mark before they're actually capable of being stable and being used in or sorry, outside a lab environment. And the key there is is the fact that with in in terms of your boardroom question, yeah. Um when we shouldn't be talking to customers about, okay, what's your plan for quantum? How are you going to implement it? This is very much a a case of a security question in terms of are you prepared for it? So all of that computing power that we talked about at the start will be available uh to let's say governments, to big business in the next 10 to 15 years. So, what are we doing now to ensure that our data is protected the day that uh quantum becomes publicly available? And that's the Q day, as they call it.

SPEAKER_00

I was gonna say you keep hearing kind of Q day and and uh as almost kind of an apocalyptic uh uh prediction. I suppose the risk there is is is that all of a sudden this technology becomes available to state actors and and suddenly the encryption and the protections that we've got today fall away. Is that true?

SPEAKER_01

That's all of that computing power means that they can decrypt at a rate that that's just not possible today. So a lot of state actors at the moment and a lot of uh nefarious people are operating a harvest now, decrypt later principle. So you know that they are just trawling the internet, trawling VPN traffic, which of course is completely protected right now. But if they can harvest all of that information and just store it waiting for Q Day, the minute Q Day happens and those quantum computers are let loose on all of that data, it it becomes readable. Yeah, encryption is a complete waste of time. So we need to start talking to companies right now and saying, you know, what is your strategy for the next for 10 years' time? There's no point in, let's say, having a house, there's no point in changing your the locks on your house in nine and a half years' time. Oh, we'll leave we'll leave that for nine and a half years' time. Change the locks now. Get yourself protected so that all of your data from henceforth is encrypted in a in a format that quantum computers can't decrypt.

SPEAKER_00

So do those formats exist today? Is that something that we we're still developing?

SPEAKER_01

No, they've existed for a long time. So I worked with a customer probably three or four years ago. Um, they had um uh traffic to a data center. They have several data centers that they were exchanging traffic to. Um and they were on um legacy type, I would say legacy crumbs, the encryption that we still use today, and it's wide known. In fact, if you look at the business in town, it's good, it's it's you could ask yourself the question, you know, SSL certificates, how often are they changed? Yeah. Well, once a year, maybe once every five years, right? If you've got a publicly available one, well, why would you have the same encryption algorithm for five years, right? And the same was true with with routers. You know, you'd have uh you'd encrypt on a router that became well you before that you typically encrypt on a on an encryptor. Yeah. Okay. Um, and that would encrypt your traffic over a VPN link or over an MPLS link, whatever you had. And then we moved to uh, well, actually, routers are now capable of military grade encryption. So let's use the router to to encrypt. But how often are businesses going around and changing those keys?

SPEAKER_00

Yeah.

SPEAKER_01

Right? So if you're not changing the key every typically you're going to change them every year, for example, yeah, that's not often enough to beat a quantum computer. You need to be changing that key every day, every hour, and in some cases, every minute.

SPEAKER_00

So is that and forgive me because this is definitely not my field. Um is that the is that the key when we talk about um the key, the key to encryption? That's a terrible fun, isn't it?

SPEAKER_01

Yeah, it was surprised to me that it was back in the with the old encryptors, they were actual physical keys. Yeah.

SPEAKER_00

But but is that but is that the the the the key step that people need to make is it's not necessarily that the algorithms, you know, oh we're not talking, you know, are we still talking 256 AES or whatever it may be? But we're now talking about changing the key on a much more frequently uh basis to be able to protect against that. That's exactly right.

SPEAKER_01

Yeah, you're making things a lot harder for the quantum computer to crack, basically. We're not upgrading our R256 encryption at all. Um it's it's changing the frequency in which you encrypt your traffic. And there are tools that that I put into that customer, I say I think it's about three years ago, um, that uh we actually used a hardware version. So there are um encryption companies out there that develop either a hardware version on the hardware itself will re-key every minute and it can get it to actually re-key every packet. Gotcha. Which is crazy, crazy complicated to decrypt. And then there are alternative companies that also offer a software version. So you could either run a VM that obviously generates keys very, very quickly, or they do a cloud version, again, generating keys and passing that down to even still the router and just telling the router to change the key every cycle.

SPEAKER_00

And so I suppose uh part of the determination that that business leaders need to make at the moment is you know, how sensitive is that data going to be in the future? Because if you're if this data is is is sensitive but only for a short period of time, then then it's probably not quite the same level of worry than it is in the future, or is that wrong?

SPEAKER_01

Well, if you to some extent, yes, but look at the companies that we work with, right? They're they're going to be finance, they're going to be healthcare, they're going to be government. And these people have compliance and governance regulations that have to keep data for 10 years or more, right? So we are, if if we work on my 10-year prediction, you're already today in a state where you need to be encrypting that data so that in 10 years' time, it's not easy to decrypt. So any business, any industry that is dealing with regulatory data and has to keep it for any period of time, this is a conversation we need to have today.

SPEAKER_00

That's right. I think that's a real key insight because I I don't think that uh business leaders and and and perhaps even CIOs, CTOs truly appreciate right now that these are the steps that we need to make today to protect us in 10 years' time and it will still be relevant.

SPEAKER_01

Absolutely that. Yeah, definitely. So and it doesn't have to be overcomplicated and it doesn't have to be hugely expensive either. We're still, in a lot of cases, we can still use the same physical infrastructure that you have today. We just you just need a better key management, oversimplifying, honestly, right? But yeah, you just need better key management that will take that human element away from rekeying. So at the moment, a lot of rekeying is done.

unknown

Yeah.

SPEAKER_01

A human logging onto a device or it's a test for IT, right? I I remember when we so previously, the the customer I was speaking about, they've got if uh two data centers, uh obviously two on-site locations where they transverse a lot of traffic. And that involved me sending an engineer physically with a key to all four locations, which are conveniently not located anywhere near each other, right? Why would you need to connect them, right? Exactly that, right? So yeah, they physically have to re-key them. And then how many, how often is is is an IC department going to do that realistically today? Um, and in some cases, we're quite fortunate that that that customer was obviously based in the UK. There was no international borders or anything like that. But if you're an international company and you've got facilities all over the world, or to another point, if you're uh a defense contractor or you're all the defense industry, you may have um encryption devices in locations that are actually very difficult to physically get to. Right.

SPEAKER_00

Yeah.

SPEAKER_01

And that becomes a real, real concern. And they are the same devices, these military device style um encryptors that that are available at a price that corporate and um um public private sector companies can use are exactly the same device. The only difference is the military ones have a self-destruct button, which is cool.

SPEAKER_00

But uh it's a really, really interesting point. I'm just thinking who who this is most important uh to. As you said, any regulated industry, any healthcare, compliance, financial um uh uh business, that's going to be key. When you start to talk about military, I suppose it you know people think, oh, you know, I don't deal with it military. Well, it's the supply chain, isn't it? That's what becomes relevant for that. Because you know, the investments that we make in in hardware today from a military point of view are still relevant for 10, 20, 30 years. You know, the F-35, for example, is going to have a life cycle that's going to last some time. Absolutely. So it's it's important that we start thinking uh a little bit further ahead than we than than I think IT has sometimes been guilty of. You know, there's a tendency to to worry about you know the next 18 months, the next two years because something will change. Well, the fact is we know this is going to change. We know this is going to come. Oh, absolutely.

SPEAKER_01

It's going, it is going to happen. So Q day, as they call it.

SPEAKER_00

Yeah.

SPEAKER_01

Yeah, that that is a that is a fixed point in time where everything's going to change. And you're not going to get you're not going to get a warning about it. You're not going to get that, okay, industry, you've got five months, let's say, or five years to to prepare. How do I put this differently? Sorry, Stephen. So if you to industry, you would you're not going to get that sort of in five months' time, this is going to happen. You need to prepare because this is going to happen.

SPEAKER_00

Yeah, you're not going to get like the it goes end of service alert that you get with Windows Server, you know, 2012, for example, um, it's going to be on this date, you're going to have a problem.

SPEAKER_01

No, it's just it's just going to happen overnight. One day somebody will have it. Today's encryption will work. Today's encryption will work. And and the following day, today's encryption will just be useless.

SPEAKER_00

Are there any signs at all that people can look for to see it see it's coming down the line? Is there certain technologies? Is there certain things that you know breakthroughs that with somebody starts announcing that that that should start ringing those alarm bells?

SPEAKER_01

Um no, because it's all happening behind closed doors. Yeah. That's the thing. I mean, we get so uh if you look at uh IBM. So if you look at IBM, they've got uh obviously their version of uh of their quantum computing. Every major manufacturer has their one, but the IBM one is the one that's certainly most popular and publicised online. That doesn't mean to say that's the only one. And that doesn't mean to say that's the only one. There isn't one in uh in public sector hands. No, no, absolutely.

SPEAKER_00

And I suppose that's the thing, isn't it? You know, we've we've seen when we talk about development of uh large language models and generative AI, we've seen solutions come out of all almost nowhere, right? So like it does, it just appears, doesn't it? And and it and it happens really quickly. So that that acceleration's uh uh uh definitely happening. So if you if you could give one message to the to the guys in the boardroom, because I'm really conscious that we've kind of we've geeked out a little bit. Yeah, we have sorry it's hard not to. Yeah, you know, two to two two IT heads in a room talking about something exciting in the future, you know. They will who knew that who's surprised that's where the conversation's gone. But not everybody um uh is necessarily living that technical world. Um, you know, what are the things that that leaders in the boardroom right now um should be thinking about and should be asking their security teams and their uh and their IT teams?

SPEAKER_01

So uh first of all, uh I draw attention to the fact that I was working with customers on this three years ago, right? So we're already three years down the line. Um I I'm projecting it's gonna be 10 to 15 years before quantum is is really publicly of publicly available to state actors. Um but we all know the speed of development in the IT industry is rapid. Uh and when those initial projections were put in place, AI didn't necessarily exist. And AI is going to help drive the momentum considerably. So, in terms of the boardroom today, we just need you need to take a look at your data. This is a security data question, not a quantum question at all. How secure is your data potentially going to be when quantum is released? And what steps can you take today, because it does need to happen today, in order to protect the data that you are holding on behalf of your company and in some cases on behalf of your patients and your customers. And come and talk to Beckler. Uh, we have the skills available in-house to be able to um provide the equipment, the services, and the solutions to protect your data from Q Day. Yeah. And get future ready. And get future ready. Yeah, yeah. That's a very cheesy way to do that. Absolutely. But I mean, and just to wrap that up nicely, and it doesn't have to be hugely technical. It's not a hugely technical problem. The solutions exist and have existed for several years. We can put in a hardware solution, uh, which is typically where you would get your military grade, if you like, type style encryption. Or there are software solutions available which are easily accessible to any industry today.

SPEAKER_00

Marvellous. It's been really fascinating to explore an area of computing that I'll be honest, I'm aware of on the periphery, like many people, but uh, but I'm not living in the world of qubits. We should have a science lesson one Monday. That would be fun. That would be really cool. Not sure who would watch it. But look, it's been a real pleasure having you having you uh with us and and hopefully making that a little bit clearer to everybody. Um, if you if you are looking for that solution, you are looking to plan, then obviously get in touch with Beckler. Lee it's been a pleasure. Thank you very much. Thanks for having me, Stephen.