Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data

Advenica

“Confidential information must be considered breached”. This is stated by a Swedish Legal Expert Group in a recently published statement on the use of cloud services for confidential information.

This applies to cases where they are handled by a service provider that is subject to jurisdiction that may force the supplier to disclose the data without legal grounds in Swedish law.

One example: A few years ago, the city of Gothenburg procured cloud services to the employees' computers. The idea was to use Office365 for confidential information. Due to security concerns, the issue has been rolled around in various instances since then. The issue was highlighted by CLOUD act, a US law that forces service providers to disclose information to US authorities. This without considering local legislation in which the client exists.

cloud computing

It is satisfying that the question is highlighted from a legal perspective, and that the conclusion is what it is. As in the example above, why should the U.S. authorities have access to confidential information about people in Gothenburg?

Why should the U.S. authorities have access to confidential information about people in Gothenburg?

Before the digitization, we had never accepted that a foreign authority had a key to a backdoor into the journal archive at the hospital - why should we accept it today?

How do you rate the security level for confidential information of a cloud service?

What jurisdictions affect the service provider?

Which legal systems can exert pressure on the service provider? This concerns both ownership and management structure all the way to the operational staff. If these exist in several countries, the risk of disclosure in violation to e.g. Swedish law is higher.

What other customers does the service provider have?

If the operator has many and important customers in one country, the risk that the operator is forced/attracted to unwanted actions is higher.

Where is the information?

It is very important in which countries the actual information is.

clouds

How segmented is the information?

Does the supplier share premises, hardware, locks and alarms, and staff between many customers - or are these resources used exclusively for us?

There are service providers who use cloud service technology completely stand-alone. The information is then in a designated location, locked in non-shared areas, only handled by designated security-cleared personnel, on hardware that is not shared with any other customer.

How is information prevented from being moved from its designated location?

There is a big difference between a contractual barrier that can easily be overruled by a government decision and technical protection which, made in the right way, makes it impossible for unauthorized access to the information. With the right segmentation, even the service provider's own staff cannot access the information.

Advenica

1. Quantum computers are becoming available to all

Quantum computers are by nature immensely faster than classical computers on making searches in data sets or factorizing large numbers. A natural and positive development in general, enabling more efficient processes and new opportunities such as more simulations for scientists, more accurate models for meteorologists and faster AI.

In the past (read: 5–6 years ago) quantum computers were reserved for intelligence and security services, armed forces and really big organisations.

Now commercial quantum computers are underway.

The first step: cloud services. For instance, Canadian D-Wave offers one minute’s quantum cloud use a month. Free of charge. Quantum clouds will most likely be as commonplace as ordinary clouds. And this means that the world faces a paradigm shift regarding how data is managed, processed and protected.

quantum

2. Quantum technology parallel mode makes computers superfast

Classical computers are based on bits that can be either 1 or 0. Quantum computers, on the other hand, are based on qubits that simultaneously can be 1 and 0 but also superpositions of 1 and 0, adding two or more solutions to equations. The engineering feat is the number of qubits in the processor. In 2001 the record was seven, in 2017 it was two thousand. It goes without saying that parallelism and the increasing number of qubits means superfast computation.

3. Quantum computers crack conventional encryption

In 1994, MIT Professor Peter Shor presented an algorithm that proved how the mathematical challenge of great prime numbers could be cracked – and thus, quantum computers turned into a problem. The quick computation has a direct connection to encryption. Cryptographic theses based on the fact that certain mathematical assumptions take an extremely long time (in other words are practically impossible) to calculate are simply thrown over by quantum computers.

All communication protected today by many common cryptographic algorithms must therefore be viewed as insecure.

quant

4. The quantum threat isn’t perceptible, yet

A couple of years ago, the US National Security Agency broached the need for quantum-safe algorithms – a sign of a palpable threat. And it is also an increasing problem, especially considering the current political climate, where state-funded cyberattacks are an explicit military strategy. Cracking cryptographic algorithms compromises the confidentiality, integrity and authenticity of the protected information. An attack can even go unnoticed. Communication can be recorded to be cracked and used at a later date.

5. There are secure solutions on the market today

Encryption is general practice today, but the true effectiveness of the technology is rarely questioned. Authorities sometimes require that encryption products have to safeguard sensitive data for more than fifty years.

With quantum computers’ incipient availability, technology must be able to provide robustness against these attacks.

A quantum proof solution has been developed by Advenica. The SecuriVPN system has received several certifications and approvals at the highest level of security.

For years, Advenica has developed crypto products for the defence industry with technology designed to withstand quantum threats. The same technology is now used to quantum-secure critical infrastructure’s OT networks that need IT support, for example, to send log or monitoring information from power stations in different locations to a central server. As SecuriVPN works with all existing equipment making implementation simple and fast. Bearing in mind that the entry model cost is roughly the same as a modern quality computer, it is a very low price for future peace of mind.

Do you want to delve deeper into quantum security? Download White paper #07 Cryptography in a Quantum Age.