Post-quantum cryptography unlocks opportunity for partners

A DigiCert study highlights a role for channel partner in preparing customers for quantum computing security threats; other channel news from the week.

The threat that quantum computing presents for cracking cryptographic algorithms is goading enterprise organizations to adopt post-quantum cryptography.

That's according to research published this week by security company DigiCert. The study found that 71% of enterprise respondents predict quantum computing will pose threats to their organizations' security. Fifty-five percent said quantum computing is a somewhat or extremely large security threat today, while 71% said it will be in the future. Additionally, about one-third of enterprises said they have a post-quantum cryptography budget already in place, while 56% said they are working on establishing a budget, DigiCert found. The study, conducted by ReRez Market Research in August, polled 400 enterprise organizations in the U.S., Germany and Japan.

"It's something that is really on people's minds today as they are seeing a lot of articles in the press about the rapid progress quantum computers have been making recently," said Timothy Hollebeek, industry and standards technical strategist at DigiCert, based in Lehi, Utah.

While quantum computers haven't yet evolved to the point of becoming an active threat to modern cryptographies, enterprises by and large recognize a need to transition their cybersecurity, Hollebeek said. "It is only a matter of time before [a quantum computer is] sufficiently large enough and powerful it will actually be a threat," he said.

Timothy Hollebeek, industry and standards technical strategist at DigiCertTimothy Hollebeek

Hollebeek said the security transition to post-quantum cryptography unlocks an opportunity for channel firms to guide organizations through the process.

At its most basic, the security transition involves simply changing and upgrading software. However, this software "is at the deepest levels ... of the infrastructure and typically in the most locked-down places, just because it is essential security software," Hollebeek said. "It is the software that is most likely to have the tightest controls and rigor around it, so it is something you definitely don't want to get wrong. It is mission-critical software."

Hollebeek said the first step of transitioning to post-quantum cryptography is to track down all software using cryptography within the enterprise -- a demanding task -- and to create an exhaustive inventory of that software. Most enterprises lack an inventory of the software they use, he added. The next step is to develop a plan for either replacing or upgrading the software that uses cryptography and then figure out how to implement the changes, Hollebeek said.

It is only a matter of time before [a quantum computer is] sufficiently large enough and powerful it will actually be a threat.
Timothy HollebeekIndustry and standards technical strategist, DigiCert

For partners, these initial steps don't necessarily require expertise in the post-quantum cryptology, Hollebeek added. "A lot of it is more of a logistical challenge" along the lines of project management, he said.

The post-quantum cryptography transition also presents an opportunity for enterprises to ensure they have the process and practices in place to continually upgrade security in the future, "whether that is because of quantum computers or ... other potential security vulnerabilities," Hollebeek noted.

He noted that enterprise customers' receptiveness to adopting post-quantum cryptography is unique compared to other security transitions. "In many cases in security transitions, there is a tendency for enterprises to drag their feet a little bit just due to the costs involved in transitioning infrastructure," he said.

Another interesting finding in the research was that enterprises across industry verticals were more or less on the same page about getting ahead of the threat. "It seems like there is a fairly uniform concern across the different sectors that use cryptography," Hollebeek said.

Additionally, Hollebeek noted that the threat isn't confined to large organizations. "If your company talks to people on the internet or stores sensitive data, you are affected," he said. "That is basically everybody these days."

In news related to DigiCert, the company said its acquisition by private equity firms Clearlake Capital Group and TA Associates closed on Wednesday.

HPE seeks midmarket push via distribution partners

Hewlett Packard Enterprise is looking to expand its midmarket presence through its distributors.

Earliest this month, HPE held its second annual Global Distribution Partner Conference in Munich. At the event, which about 300 distribution partners attended, HPE discussed the role distributors can play in its overall strategy to reach more SMB customers.

"We think SMB is an enormous opportunity for us as a company in general, and we want to take share there, so we are mobilizing around things that will help us do that and leveraging distribution as an extension of [our efforts]," said George Hope, vice president of worldwide distribution at HPE, in an interview with SearchITChannel.

Hope said because HPE dedicates most of its channel resources to Platinum- and Gold-level partners within the HPE Partner Ready Program, it is tapping distributors to support partners in the entry-level Silver and Business tiers. He added that HPE is also enabling distributors to support "proximity" partners, which are resellers that haven't signed a contract with HPE "but can buy certain SKUs ... through our distributors."

"The emphasis for distribution value, first and foremost, is to help us scale the business in those Silver, Business and proximity partners," Hope said.

To aid midmarket expansion, HPE has built out its GreenLake portfolio with new as-a-service offerings for database, storage, virtualization, backup and private cloud. "We are basically taking our fastest-growing business, which is GreenLake, and [showing] distribution ... where they can add value and help us scale it" in the midmarket, Hope said.

HPE also wants to push its "value portfolio," which includes SimpliVity hyper-converged and Nimble and Primera storage products, through its entry-level channel partner tiers. "As we are focused on driving our value proposition and solution proposition to Platinum and Gold partners, we need distribution to embrace [the value portfolio] and be able to take into the Silver, Business and proximity [partners]," Hope said.

HPE isn't focused on recruiting more distributors; in fact, the company believes it is "overdistributed," Hope noted. At the Global Distribution Partner Conference, HPE introduced distributor partners to a new project, dubbed Distribution Landscape Optimization, which will be executed in 2020. The project aims to examine HPE's distribution coverage model and its global network of distributors so it can determine the best lineup for its distributor alliances, he said.

On average, 80% of HPE's global channel business goes through its distributor partners, according to the company.

Other news

  • Managed service providers (MSPs) are perhaps faring worse in cybersecurity than previously thought. A study of 200 U.S.-based MSPs revealed that 74% of MSPs have been hit with a cyberattack in the last 12 months, according to a study commissioned by MSP software vendor Continuum. Eighty-three percent reported that their SMB customers have also been hit by a cybersecurity attack. Additionally, the study showed that two-thirds of MSPs doubt their abilities to protect their customers during a cyberattack, Continuum said. The cybersecurity skills gap may be partially responsible for the slump in confidence, as 40% of MSPs reported difficulties in acquiring and retaining security-related skills. Regardless, MSPs are feeling the pressure to expand their cybersecurity capabilities: Eighty-three percent said their clients would take legal action against them in the event of a cyberattack, Continuum noted.
  • Accenture purchased London-based consultancy Happen and has agreed to acquire Sutter Mills, a Paris-based marketing firm. Happen focuses on applying digital technologies to clients in the consumer goods, food and beverage, retail, and life sciences markets. Accenture said Happen will merge with the innovation practice within its Products Industry X.0 business. Sutter Mills, which provides marketing consulting and implementation services, would bolster Accenture Interactive's expertise in Europe, Accenture said.
  • Cognizant has signed an agreement to buy Contino, a technology consulting firm headquartered in London. Contino provides expertise in AWS, Azure and Google Cloud Platform, as well as enterprise DevOps, DevSecOps and cloud security services, and cloud-native software development, Cognizant said. The transaction is expected to close by the end of the year.
  • Zendesk, a customer service software provider, unveiled a global channel program targeting a range of partner types, including cloud service providers, systems integrators, resellers, consultants, developers and outsourcers. The program features three tiers: Affiliate, Select and Master.
  • ST Telemedia, an investment firm headquartered in Singapore, has purchased a controlling interest in Seattle-based managed cloud service provider 2nd Watch.
  • RingCentral, a cloud communications vendor, signed a distributor pact with Synnex Corp. Under the agreement, Synnex will provide RingCentral's products to resellers in the U.S.
  • Seismic, a sales and marketing enablement platform vendor, said managed cloud service provider Rackspace has adopted its platform. Rackspace will use the Seismic platform in its updated partner portal, which also features gamification incentives.
  • Onepath, an MSP based in Kennesaw, Ga., said it launched a new cybersecurity offering, SecureID, combining multi-factor authentication, single sign-on software and employee training.
  • Data management software vendor Commvault named Mercer Rowe as its vice president of global channels and alliances. Rowe joins Commvault from Qumulo, where he served as vice president of business development.

Market Share is a news roundup published every Friday.

Next Steps

Quantum computing ecosystem grows with Accenture, QCI moves

Dig Deeper on MSP business strategy