Going into 2022, almost everyone on Earth was convinced it would be a long time before generative AI in anything approaching its current form would be ready for widespread use.

That includes Bill Gates, who got an early glimpse of OpenAI’s ChatGPT that June, deemed it an “idiot savant,” and concluded it would be a good three years before he had to think about the topic again.

It turned out to be more like two months, when ChatGPT aced the AP Biology exam during a second demo, leaving Gates “in a state of shock.” Roughly four months after that, when ChatGPT became generally available, the rest of us found ourselves experiencing the same sensation and scrambling to adjust just as fast.

Wouldn’t it be absolutely super if the next giant advance in IT, which prognosticators generally agree is quantum computing, didn’t blindside us the same way?

I, for one, think so. Silicon Valley appears to agree and perhaps to an excessive degree, as we saw last month when overinflated quantum-related share prices took a nosedive. There’s still plenty of investment happening in the technology though, particularly in security, where ABI Research expects post-quantum cryptography (PQC) solutions alone to attract $25.2 billion a year in spending by 2028 (see slide 23).

And with good reason: By some estimates, it would take the best current-day computers 300 trillion years to crack the widely used 2048-bit RSA encryption algorithm. By other estimates, a sufficiently powerful quantum computer could do the job in eight hours.

The words “sufficiently powerful” are important, though, because the computer in question would need to have about 20 million qubits (quantum’s far more flexible answer to today’s one-or-zero-only bits) and the biggest quantum computers around today have more like 1,200. As a result, most observers think there’s still plenty of time to prepare for “Q Day,” when a quantum computer cracks one of today’s mainstream encryption algorithms for the first time. NIST, for instance, doesn’t plan to deprecate RSA-2048 until 2030, and won’t disallow its use until five years after that.

One wonders if that’s soon enough, though, because it sure feels like progress has been speeding up lately. Last December, Google announced that its newest quantum chip, named Willow, performed the gold standard RCS quantum benchmark in under five minutes. For purposes of comparison, the fastest supercomputer on the planet right now, according to Google, would need 10 septillion (as in 10,000,000,000,000,000,000,000,000) years to complete the same feat. That’s about 730,000,000,000,000 times the estimated age of the universe.

Then, less than 10 days ago, Microsoft announced it had built a “quantum processing unit” (QPU) based on a previously theoretical state of matter called topological superconductivity. It’s got a mere eight qubits now, but is designed to support a million eventually. Chipmaker PsiQuantum introduced a potentially million-qubit processor of its own two days ago, and Amazon followed suit just yesterday.

Maybe, in other words, Q Day’s coming sooner than we think.

“As we’ve seen with AI’s rapid advancement, technological progress can accelerate unexpectedly,” observes Robert Haist, remote connectivity vendor TeamViewer’s CISO. “The potential threat is real.”

Protecting the crown jewels

Fortunately, NIST has been well aware of that fact for a while and working with experts on PQC standards. It released three last August, and has more coming.

Which is great, but probably too late for at least some of us. Criminals have been busily preparing for Q Day too, chiefly in the form of “harvest now, decrypt later” attacks aimed at exfiltrating safely encrypted data now in the hopes of decrypting it with quantum tech later.

“The harvest and decrypt problem is what most people have to think about,” warns Jason Soroko (pictured), a security researcher and senior fellow at certificate lifecycle management vendor Sectigo.

There’s not much you can do about sensitive data that’s already been stolen, he continues, but taking stock of every encrypted file and every SSL or other encrypted certificate you’re responsible for is a good starting point for preventing additional damage.

“You’re going to be so much more optimized if you’ve simply done the job of taking inventory of your crown jewels and your cryptographic assets,” Soroko says. “You can’t manage what you don’t know you have.”

From there, he adds, you can start familiarizing yourself with NIST’s PQC standards and drawing up a roadmap toward adopting them. “This is going to be a costly change for some people,” Soroko says, and a time-consuming one as well. Which is all the more reason to begin sooner versus later.

“The best way to get ready is to realize that the problem is now,” Soroko says. Because companies that don’t will likely regret it.

“They’re going to end up with operational but insecure systems for several years past deprecation,” Soroko warns. “That’s kind of scary.”

Follow Me on LinkedIn

Integrating Secureworks is job #1 at Sophos

At least we can be reasonably sure Secureworks won’t get caught napping by Q Day. They’ve been thinking about that for a while, it appears, as has Sophos, the even bigger vendor backed by the “pattern seeking” investors at private equity firm Thoma Bravo, which bought Secureworks in a deal that closed earlier this month.

Quantum computing is actually a good example of why global outlays on security software and hardware will climb 11% this year to $97.5 billion, according to Canalys. There’s no shortage of others.

“The threat landscape never rests. It’s continuously evolving,” says Sophos CEO Joe Levy (pictured), during the latest episode of the podcast I co-host. “This is why the industry needs to continuously evolve as well.”

It's also why spending on MDR services will outgrow the security market in aggregate this year, per Canalys, rising 16% to $10.3 billion. And why Sophos spent $859 million on Secureworks and now has more than 500 analysts in its SOC supporting over 28,000 customers. Novel, evolving threats like quantum computing are hard for most MSPs to address on their own.

“There are economic constraints that prevent organizations from doing everything that they need to in order to run a good cybersecurity operation,” Levy says. Like spending millions constructing an in-house SOC, for example.

“Many of them explored building that themselves, and they quickly realized that there’s just a lot of capital investment requirement in order to be able to do that sort of thing,” Levy notes. Staffing a SOC, he adds, requires even more investment. “There’s way more demand than there is supply for skilled cybersecurity operators today.”

Integrating Secureworks with the rest of Sophos, culturally and technologically, is Levy’s number one priority for the remainder of this year, and it’s an undertaking that will touch more than just MDR. Sophos plans to enhance a variety of existing solutions with other pieces of the Secureworks portfolio.

“Examples of that would be their vulnerability detection and response offering, which we’re planning on integrating into our managed risk offering,” Levy says, citing Secureworks’s iSensor intrusion prevention system and its recently introduced identity threat detection and response solution as additional examples.

Partners worried about the disruptive effects of all that change needn’t worry, Levy continues, and partners eager for it to arrive may have to wait.

“We practice the principle of ‘first do no harm’ in the way that we do our integrations, and it’s going to inform the way that we run the SecureWorks integration,” he explains. “Things are going to be the same tomorrow as they were yesterday for the foreseeable future as we begin to bring these portfolios together, but over time we are going to bring unified go-to-market motions and unified platform capabilities to the market.”

Speaking of my podcast…

Joe Levy is but one of many security industry luminaries who have joined us on the show. Others include WatchGuard’s CEO, N-able’s CISO, and Acronis’s president. Huntress CEO Kyle Hanslovan will be joining us on the show in a few weeks too. Shouldn’t you join us as well?

A few new data points about familiar Channelholic obsessions

Obsession 1 = marketplaces: Close to 60% of U.S. SMBs say buying through online B2B marketplaces is more important to them now than this time last year, according to B2B marketplace operator Alibaba.

Obsession 2 = AI: 33% of U.S. knowledge workers feel overwhelmed by AI, just 16% of them are using it, and 32% expect it to result in fewer job opportunities for them in the future (versus a mere 6% who think it will produce more opportunities), according to Pew Research Center. There’s still plenty of need for AI training services from MSPs and beyond out there, apparently.

Share

Speaking of AI, forgive me for one last shameless self-promotion

I’ll be on a webinar next Wednesday with Gil Pekelman, the CEO of Atera and someone I quote on agentic AI in managed services fairly often. Guess what we’ll be discussing?

Also worth noting

• We told you NinjaOne would soon reveal where it got the $252 million to buy Dropsuite. And they did this week.

• N-able says it will have a CMMC 2.0 level 2 ready version of its N-central RMM solution in market by the second half of the year.

• Acronis has added Microsoft 365 security to its expansive and expanding security platform.

• CrowdStrike, meanwhile, has added identity protection for Microsoft Entra ID to its own expansive and expanding platform.

• The custom LLM undergirding Trend Micro’s new proactive security solution was trained on data from over 250 million sensors at over 500,000 businesses.

• Cisco Meraki now has FedRAMP authorization at the Moderate Impact Level.

• The latest step on Kaseya’s road to FedRAMP authorization, meanwhile, is a partnership with cryptographic solutions vendor SafeLogic.

• When it wasn’t counting up the dollars Microsoft invested in it this week, Veeam was rolling out a new edition of its Kasten for Kubernetes solution.

• Cato Networks plans to base forthcoming generative AI functionality on the AWS Bedrock platform.

• Bob Gagnon is the new SVP of global channel sales at Egnyte.

• Nearly a third of all reported cyber events last year were BEC attacks, according to SonicWall, versus just 9% in 2023.

• Businesses deployed about 349,000 Apple Vision Pro devices last year, according to IDC. MDM software from Kandji now supports them.

• Rewst’s RPA solution for MSPs is now listed on the Sherweb marketplace.

• New research from Google aims to settle the debate on whether earning certifications really pays off. It does, according to an overwhelming majority of certificate holders.

• GoTo’s Connect Contact Center solution now uses generative AI to coach and train customer service reps.

• The over 20 upgrades in the new edition of New Relic’s application performance management platform include AI integrations with ServiceNow and Google Gemini.