SandboxAQ Buys Cryptosense to Fuel Post-Quantum Cryptography

A growing number of organizations are already preparing for the day when quantum computers will be able to easily decrypt data that’s encrypted to today’s standards. SandboxAQ has purchased French vendor Cryptosense to help organizations migrate and defend key stores and hardware security modules using a cryptography architecture that secures against both future quantum technology and classical computers.

See Also: C-Suite Round-up: Connecting the Dots Between OT and Identity

The Silicon Valley-based quantum technology provider will combine its network scanning capabilities with Cryptosense’s visibility into key stores, and hardware security modules will help organizations upgrade their VPNs from RSA-based encryption to post-quantum cryptography, says CEO Jack Hidary. Deal talks were prompted by several banking and financial clients telling Hidary they were planning to use both SandboxAQ and Cryptosense’s software (see: US Government Picks Quantum-Resistant Encryption Algorithms).

“Right now is a very formative moment in the quantum ecosystem,” Hidary tells Information Security Media Group. “And the quantum cyber part of the quantum ecosystem is of critical importance. This is a catalytic moment now for the global migration to PQC.”

Terms of the acquisition weren’t disclosed, and Hidary says buying Cryptosense will increase the size of SandboxAQ’s staff by roughly two dozen people. Hidary’s core team worked on quantum technology issues in stealth as part of Google parent Alphabet from 2016 to 2022, debuting as an independent company in March of this year. SandboxAQ currently employs 82 people, according to LinkedIn.

Why Banks Have Embraced PQC

Cryptosense’s skill set will come in handy during the discovery, assessment and inventory phase, where organizations determine what encryption they’re using today as well as what parts of the network aren’t using encryption but should be, Hidary says. PQC appeals to organizations with complex networks such as banks, government agencies, hospitals, university medical centers and biotech vendors, he says.

Organizations in these spaces are particularly concerned about store-now, decrypt-later attacks, in which hackers get their hands on intellectual property or proprietary customer information now and figure they’ll be able to decrypt it once quantum computing becomes pervasive, Hidary says. The pharma sector, which manages huge amounts of proprietary product information, is the second-most-popular space for PQC and a fast follower to banking.

Integration work has already begun to ensure banks and financial services firms can use SandboxAQ and Cryptosense’s technology in a complementary fashion, Hidary says. Virtually every large bank has been formed through dozens of acquisitions over the years, resulting in a patchwork of IT networks and a multitude of different systems and protocols that have to be maintained, he says.

Legal and compliance obligations mean banks employ sophisticated teams and develop advanced tool sets through both outside licenses and integrations developed internally within their own systems, he says. Banks have come a long way on PQC over the past half-decade since the complexity of their architecture means migrating to new systems and protocols could take 5 to 10 years, according to Hidary.

From Discovery to Migration

SandboxAQ and Cryptosense’s will integrate their product suites over the next quarter to address both discovery and migration decisions related to the replacement of RSA modules, Hidary says. Post-integration, the output of combined vulnerability scanning will result in a common set of files to simplify migration planning for customers.

From a metrics standpoint, Hidary says, SandboxAQ will track both customer adoption of Cryptosense’s technology as well as feedback from customers. Banks are accustomed to providing input on new features as they’re being developed, though Hidary says SandboxAQ wants to develop technology that’s relevant for the entire industry.

“Part of our role as a leading, very well-funded company in the quantum ecosystem is not just to develop great products and get those products out to the world,” Hidary says. “It’s also to help catalyze and support the ecosystem around us.”