In this article, Adrian Fern, CTO, Prizsm Technologies takes a look at how the insurance sector is meeting the challenge of quantum computing.
Insurers, by necessity, hold a huge amount of personal and business data; from account and payment details to personally-identifiable data, health details and criminal convictions. It should come as no surprise then that, according to industry research by PwC and the financial services think tank, the Centre for the Study of Financial Innovation, insurance leaders around the world perceive the theft of sensitive data to be one of the most significant risks the industry faces over the next two-to-three years.
But while existing threats such as phishing and ransomware attacks are well known, awareness of a potentially greater security threat is far lower.
That threat? The arrival of quantum computing.
What is quantum computing and how does it work?
Quantum computing has been heralded as ‘the next big thing ’for several decades. Unlike classical computing that processes data as ‘bits’ – represented as ones or zeros – in the quantum realm of subatomic particles, things behave very strangely and can exist in more than one state at a time. This means ‘qubits’ – which are processed by quantum computers – can be both zeros and ones simultaneously.
These ‘qubits’ can be arranged in superpositions and entanglements to explore different paths through calculations, with incorrect paths cancelling each other out and correct answers being revealed when the ‘qubits’ are revealed to be ones or zeros. ‘Qubits’ can therefore be processed in ways that have no equivalent in conventional computing, enabling problems to be solved far more quickly than in ’classical computing’, probably thousands of times faster.
So what does this mean for data processing and security?
With this dramatically increased data processing power comes opportunities – such as speeding up analysis of Big Data and AI applications – but also threats.
Current data encryption processes have evolved to meet the challenges of the classical computing age but the arrival of quantum computing will throw existing data encryption and storage techniques out of the window. There is a very real threat that bad actors – harnessing the increased processing power of quantum computers – could access sensitive data in a matter of hours and decrypt it for a variety of purposes, leaving both businesses and individuals vulnerable.
We’ve known that quantum computers will devour the complex mathematics underpinning encryption, the method used to transport sensitive information around the internet, since the 1990s. And while the development of quantum cryptography may provide new and unbreakable forms of data confidentiality, integrity and availability, we cannot be sure that these new capabilities will come to fruition in the right order. It is entirely possible that current security methods will be rendered useless long before quantum cryptography is available.
With classical encryption, information is secured alongside everything needed to decode it. This is not too much of a problem as the maths of decryption is much more difficult than that of encryption, meaning classical computing would take an age to do so. Quantum computing handles problems in a much more multi-dimensional way, equalising what has – until recently – been an asymmetrical challenge.
So what can insurers do to protect sensitive data, both current and historic?
Quantum computing has not yet hit the mainstream but it is already operating in laboratories around the world – and that is just its known progress. Its arrival is likely to be similar to the rapid rise of Large Language Models: We all knew that intelligent writing assistants were coming, but their ‘sudden’ arrival has left many shocked by the disruptive potential they pose.
While quantum computing has been much anticipated, most current data storage systems have a lifespan of just 10 years, meaning insurers need to act now to prepare.
Quantum encryption solutions are not yet available but quantum-resistant, site- and public-cloud-based systems are. Tested right up to Ministry of Defence requirements, these systems disaggregate and distribute data at bit level to multiple end points, effectively creating a series of sparsely-populated data boxes. As no single ‘box’ contains all the bits needed to decrypt the information, even a quantum computer working at speed would not be able to decrypt or rewrite the original information with only part of the story to work from.
As for disruption traditionally associated with the wholesale migration of data storage architecture to new systems, these new systems tackle this risk head on, allowing insurers to set up the new regime in parallel with existing data storage architecture. Once the new, multi-cloud environment has been created, insurers can rebalance what data is held where across multiple providers, maybe moving the most-sensitive data first, or creating schedules for different classifications of information.
What is most striking about this approach is the fact that, not only is the risk diluted by spreading storage across multiple endpoints but, the more data is managed in this way, the more obfuscated it becomes and, therefore, the more secure it is. Crucially, in the event of loss of functionality or data corruption, the algorithm (accessed only by key holders) can recalculate missing digits stored in the corrupted endpoint, restoring the original information to data owners quickly and efficiently.
It is a secure and resilient solution that not only reduces security risks but also simplifies the storage regime while ensuring continued availability of data.
Insurance companies around the world are storing petabytes of data in the cloud; some generated today, some dating as far back as the 1960s. While quantum computers will not replace conventional computers – you won’t have a quantum computer on your desk or a ‘q-phone’ in your pocket – their arrival is imminent and it is likely they will run alongside conventional computers.
Investing in solutions that offer advanced protection for sensitive data is therefore more critical than ever.
While it is impossible to predict the full impact of quantum computing, what is clear is that it will be transformative: Chinese researches recently claimed to have exploited the power of a D-Wave quantum computer to crack commonly used encryption algorithms, potentially jeopardising the security of critical sectors; while Google’s Sycamore quantum computer has already demonstrated its ability to outperform the world’s most powerful supercomputers in specific computational tasks, with calculations becoming so complex they surpassed the capabilities of classical computers.
Like it or not, quantum computing is coming. Can your business risk not being prepared?
Be the first to comment