Telefónica & IBM: Post-Quantum Readiness Now Available as-a-Service

Telefónica Tech has announced a collaboration with IBM to integrate quantum-safe technology into its cybersecurity services, with the goal to “create specific use cases” to address the onset of cryptographically relevant quantum computers. IBM’s Guardium Quantum Safe solution ensures visibility of an organization’s cryptographic assets, identifying vulnerability and managing prioritization and remediation of vulnerability. IBM’s Quantum Safe Explorer and Quantum Safe Remediator allow for the detection of vulnerabilities in code, quantum-safe algorithmic performance testing, and the use of quantum-safe proxies. The partnership with Telefónica is reflective of a growing reliance in the telecommunications industry on service-based solutions—delivered as-a-Service (aaS) or as a managed service—in response to difficulty procuring in-house expertise, especially in security teams, and a shift in investment strategy from Capital Expenditure (CAPEX) to Operational Expenditure (OPEX).

Post-Quantum (PQ) readiness is a matter of considerable concern for the telecoms world, given the utter reliance of security on cryptographic methods and the massive undertaking of preparing large and complex cellular networks, usually with a wealth of varying hardware components to assess and upgrade. Those proactively implementing best-in-class PQ readiness solutions will position themselves as thought leaders in a mandatory industry-wide technological evolution. PQ processing research has advanced increasingly quickly in the past 5 years, with IBM processors going from 65-qubits in 2020 to 1,121 qubits in 2023, with the qubit count more than doubling annually from 2021 to 2023. Since the number of qubits helps to define the speed of processing, this is an important metric for threat to traditional cryptography. This is not the only consideration—advancement in error correction and fault tolerance is a hugely important component to attack capability, and a breakthrough in these methods could represent a somewhat sudden and urgent need for regulatory changes and resultant network upheaval. Implementing holistic solutions now mitigates the risk of costly and disruptive reactive measures.

By partnering now with one of the most prominent innovators in PQ computing, Telefónica has converted PQ readiness from an existential threat to a significant long-term differentiator and avenue for revenue growth. Combining IBM’s technological innovation with Telefónica’s expertise in holistic managed security services results in a solution range promising accessible cutting-edge security, allowing the inclusion of PQ-safe technologies, including National Institute of Standards and Technology (NIST)-approved algorithms, which IBM helped to develop—through customers’ security posture at an early stage, allowing organizations to be strategically proactive, rather than forced to react to PQ advancements and regulatory requirements.

For security providers, this collaboration is particularly interesting due to the specialism of the PQ safety products. Many security tool vendors have PQ safety features, but treat this as a “business as usual” evolution, which fails to capture the anxiety of the market. Telefónica’s prominent collaboration and supply of IBM products addressing the most prominent concerns expressed by potential customers—detection, remediation, and, most importantly, prioritization of vulnerabilities—is a shrewd reflection of the current state of the industry, and is likely to enable them to capture a significant share of growth in security spending resulting from PQ readiness preparation. Security vendors should take heed of this prominence and ensure their messaging is clear and assuring to non-experts threatened by the prospect of PQ cryptographic attack. Vendors should consider making PQ products and solutions available in a standalone format, rather than exclusively as part of broad security offerings in order to capture customers underserved in this subject by competitors, ensuring maximum return on PQ readiness Research and Development (R&D) investment.

Network operators and enterprises requiring PQ readiness assistance should explore their options for partnership on this issue, and should strongly consider the use of consulting or managed services in order to capitalize on the extant expertise and solutions of those who have been working on this issue for years, avoiding temptation to “reinvent the wheel” and invest unnecessary time into in-house development of strategy and solutions. Instead, they should collaborate with expert partners to tailor standing solutions to specific needs. Furthermore, while PQ capability will be a requirement for standard operations, there are opportunities to monetize the capability creatively as a differentiator and as the foundation for new features that can be then be sold to new or existing customers—particularly in the next 10 years, when there will be a high degree of variation of quantum-safe capability as laggards catch up with first movers.