Introducing the 2024 PKI & Digital Trust Report     | Download the Report

  • Home
  • Blog
  • Industry Trends
  • Reflections on RSA 2023: The Advent of AI, The Four Types Quantum Computing Personas, and More

Reflections on RSA 2023: The Advent of AI, The Four Types Quantum Computing Personas, and More

Industry Trends

Well, another RSA Conference has come and gone, and it’s always interesting to look back and see what has changed over the years and what remains the same.

AI was the overwhelming buzzword of this year’s conference. While AI shows lots of promise to help reduce the more mundane and manual tasks associated with cybersecurity, there was lots of talk but very few actual examples of meaningful AI integration into security products. It will be interesting to see how companies begin to harness AI in products to provide proven and valuable results in the years to come.

One of the more interesting trends was the emergence of quantum-resistant cryptography and the increased realization that action is required sooner rather than later to ensure a smooth transition. As I walked around the floor, I noted four types of personas when it comes to thinking about quantum computing.

The Doubters – Those who are adamant that quantum computing evolving to a state of a cryptanalytic attack carried out by a quantum computer will never become a reality.

The Skeptics – Those who question the potential of a quantum computer being able to break RSA algorithms — but are not prepared to bet against the possibility it could.

The Believers – Those who believe that a quantum computer capable of breaking the current cryptography will be real in the next 10 to 20 years.

The Realists – Those (me included) who believe cryptography will change over the next few years, requiring us to change algorithms. This group believes the change is being driven by standards and adoption, not just quantum technology.

The conversations at RSA indicated a change in how people approach the challenges their organizations will face as they prepare to change cryptographic algorithms while minimizing negative impacts on their business. It’s obviously not feasible for companies to shut down for a couple of years to make the changes required and become post-quantum protected – which is why they need to be thinking about this now.

Two years ago, at RSA, I believe 80% of the people I spoke with were in the “Doubter” camp. Fast forward to this year, and 80% of the folks I interacted with are spread across the “Believers” and “Realists” categories. Their questions and conversations were much less about technology and more about preparedness.

The number one question this year was a tie between “When will quantum be ready to threaten RSA keys?” and “What should I do to get my organization ready?“. Both are the right questions to ask. However, only one has a concrete answer. The timeline for the arrival of quantum cannot yet be accurately predicted. The best estimates are in the 15-year range, give or take a few years.

However, there is an answer for those wondering, “What should I do to prepare my organization for quantum computing?”. Every piece of guidance I have read says organizations need to gain visibility into where and what currently has cryptographic keys and how they are managed and replaced when necessary. Any organization that responds to this question saying it uses a manual approach needs to find an alternative solution, preferably an automated one. In most organizations, this exercise alone can take years.

While both AI and quantum computing hold great promise, there is no doubt they could also significantly impact cybersecurity. RSAC will continue to be the meeting place for cybersecurity professionals to come together and learn from each other as the industry continues to change by (quantum) leaps and bounds (I had to!).  I’m already looking forward to seeing how these topics evolve over the next year and catching up with many friends and cyber leaders at RSA 2024.

What's ahead

While both AI and quantum computing hold great promise, there is no doubt they could also significantly impact cybersecurity. RSAC will continue to be the meeting place for cybersecurity professionals to come together and learn from each other as the industry continues to change by (quantum) leaps and bounds (I had to!).  I’m already looking forward to seeing how these topics evolve over the next year and catching up with many friends and cyber leaders at RSA 2024.