Security Unfiltered

Can Your Messaging Survive the Quantum Computing Threat?

Joe South Episode 194

Send us a text

Anurag Lal discusses the critical importance of quantum-resistant encryption for enterprise messaging and the urgent need for organizations to prepare for the coming quantum computing revolution that will render current encryption methods obsolete.

• Anurag's extensive background in technology from Apple to Sprint and participation in the National Broadband Task Force
• How mobile messaging has infiltrated enterprises without proper security consideration
• Consumer messaging apps were never designed to be secure, controlled by IT, or regulatory-compliant
• What "true end-to-end encryption" means and why most platforms claiming it actually decrypt messages in transit
• The concept of "Q-Day" - when quantum computers will break current encryption methods
• Biden administration's executive order mandating quantum-resistant encryption by 2028
• How cyber capabilities have been weaponized by nation-states, creating unprecedented threats
• AI-powered phishing attacks becoming increasingly sophisticated, including voice cloning
• The importance of implementing quantum-proof encryption now rather than waiting
• Netsphere's approach to quantum-resistant security for enterprise messaging

Find Anurag on LinkedIn (Anurag Lal) and learn more about Netsphere at netsphere.com

Chapters

00:00 Introduction and Background of Anurag Lal
05:52 Netsphere: A Solution for Secure Enterprise Messaging
12:08 The Importance of Encryption and Quantum Security
18:03 Apple's Approach to Security and Personal Experiences
28:34 Security Perspectives: Apple vs. Android
35:46 The Urgency of Quantum Security
43:10 Access Control: The Weakest Link in Security
49:42 AI in Phishing: A Real-World Example

PodMatch
PodMatch Automatically Matches Ideal Podcast Guests and Hosts For Interviews
Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.

Listen on: Apple Podcasts   Spotify

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1:

How's it going? Anurag, it's great to get you on the podcast. You know we've had this thing on the books or in the making here for a little bit, and I'm real excited for our conversation today. I think it's going to be really interesting.

Speaker 2:

As am I. Joe, thanks for having me on the podcast, and I know we've been trying to do this for a while. Glad to finally be able to do it.

Speaker 1:

Yeah, absolutely. So you know why don't we start with your background, right? How did you get into IT? What did you see about the industry or the area, right, that interested in it? Interested you enough in it to get you into this area? Now you're, you know, on the security side. What was that journey like?

Speaker 2:

Yeah, so you know, without dating myself, I've been around, you know, dealing with technology way before the internet. But the fortunate thing for me was I had the distinct privilege of being associated with some great technology organizations Everything from Apple to Sprint to British Telecom and then, along the way, was associated with a couple of really successful startups, all of which dwelled on technology. A lot of them dwelled into communications, inherently focused into mobile and wireless, and, more importantly, on security. And then, along the way, I had again the honor to be part of the United States National Broadband Task Force, which was President Obama's way of making sure that we as a country had a broadband plan that we could leverage across industries and across technologies as a means to move our country's agenda forward, both economically and socially. So that was an absolutely amazing experience.

Speaker 2:

Most recently here in my current position, we are in the business of delivering really compelling messaging platforms to customers across the globe. We have mobile operators as our customers as well. They leverage our platform to enable services for their own subscribers. But today we'll be spending most of our time talking about our enterprise business, which kind of leveraged the heritage we brought to the table from the carrier business and allowed us to build up platforms purpose-built for the enterprise, so that the enterprise could securely and with control, leverage the strength and the capability that mobile messaging brings to bear. And so that's essentially what we are currently doing, and I'm really excited about not only where we're headed, but really the opportunity that lies ahead of us. What is the problem that you're trying to solve? And I think that's a great way of getting into the depth and breadth of this challenge that we all face.

Speaker 2:

Going back to about, I think, 92, 93, 94, short message services, or short message system that we refer to as SMS today, they started proliferating across mobile phones. As mobile phones proliferated, sms started to become really important and popular. And then, fast forward to the advent of the iPhone in 2007, all of a sudden, we had these smart devices on our fingertips and people found sending mobile messages as a very efficient means to communicate. Come Gen Zs and Gen Xs, they brought all of that into the enterprise. And as mobile messaging encroached into the enterprise, not because people preferred to use it, which they did, but also it gave them the means to be more productive and allowed them to be brief in their communication but get the same job done. You know, we've seen data that a mobile message essentially gets opened within 15 minutes of it being received on the receiving end. Right, email takes much longer. Email is much more detailed and sometimes, you know, can get lost in the whole realm of spam and other means and don't get the same response that a quick mobile message would get.

Speaker 2:

Now, all of that was great till we saw that there wasn't really a platform that had been purpose-built for the enterprise. It's great to use mobile messaging within the enterprise as long as you're not sharing anything that is intellectually important to you or is proprietary to the organization. And in most cases when you are communicating for a company or on behalf of a company, all of those do apply. And then when you put that out in the consumer realm, you also put that out in the open, because none of the consumer brands or platforms were ever built to be enterprise ready, and by enterprise ready I mean they were never built to be secure.

Speaker 2:

They never promised security. They were never built to be controlled by the IT organization, never promised that. They were never built to be secure. They never promised security. They were never built to be controlled by the IT organization, never promised that. They were never built to help you stay in regulatory compliance of your obligations. They never said that, and so we felt that there was an opportunity for us to go out and build a platform for that particular purpose, and that's how Netsphere came about. So it is actually built on those four pillars that I mentioned security, control, regulatory compliance and then, finally, a range of productivity features that are built within the platform to provide a level of convenience to the end user.

Speaker 1:

So it's like an app, you know, like Signal or something like that, that provides enhanced security for, you know, messaging and probably a whole host of interactions that you can have within modern technology now.

Speaker 2:

Yes, I think you can compare it to Signal. We refer to it more as a platform than an app because it has a lot more than even Signal offers. In fact, if the US government was using our platform when they ended up using Signal and had wall plans getting posted when they shouldn't have been posted, that wouldn't have happened if they would have leveraged our platform. So that also describes the problem really well. People like mobile messaging. They go out and start using their own platforms without being fully aware whether they address some of the other challenges they need to be aware of, and then they get themselves in trouble. But, you know, should they use Netsphere, all of that does not happen and they get the benefit of all of that without putting themselves and their organization at risk.

Speaker 1:

Yeah, it's interesting.

Speaker 1:

You know, I've done some work with the government earlier on in my career and it's always interesting because it's, like you know, 95% of the government is on technology that is just so antiquated, you know and not not saying that signal's antiquated or anything like that, right, like I use signal every day, but you know, just just a simple text message.

Speaker 1:

You know, if I were to like text one of the employees there like they wouldn't, they wouldn't receive it, or if they did receive it, they wouldn't be responding to it. It would be like a very long process for any of that to take place, which is it's frustrating, right, because you always think, at least from like the technology side of it, that hey, like, the government is probably on like the top of the line stuff, right, the government is probably on the top of the line stuff, right. And then we have Elon Musk and Doge go in and they're saying this entire payment system is built on 70s technology, that someone literally has to put a punch card into a machine. I'm probably exaggerating a little bit, but it doesn't surprise me at all, right, because I've been saying it to other people the whole time and people like just think he doesn't know what he's talking about. I'm sitting here like no I've I've seen these ancient mainframes. I've talked to the guys that these companies are still existing based on this contract. Right, and like it's crazy.

Speaker 2:

And like it's crazy Now and I totally agree with you In my opening remarks mentioned that I had the distinct honor of working for the government. I was part the broadband task force was actually part of the Federal Communications Commission, and so I had a firsthand opportunity to look at the way the government operates and the government systems and the government technologies. And you know don't get me wrong the government is full of very, very smart and motivated people. But the job of you know, overwhelming of kind of overhauling the platforms that have been deployed within the government infrastructure is so large, especially trying to keep pace with the innovation which is accelerating exponentially, and now with AI, that innovation is going to be driven even faster. So just trying to keep up is the challenge. It's not that the intention is not there and the monies don't exist, but the intention is there. It's just the challenge is so large and that's what creates the actual problem that I was referring to and you kind of referred to it as well is when people are within an environment and they want to use certain technologies that they are not necessarily getting from their own IT organization, they will go out and take the least path of resistance and find their own solutions, and that's true even in the private sector we saw. I've spoken to so many IT managers and for them to try to keep pace with what their end users want becomes a big challenge, and they do their best to deliver in all time.

Speaker 2:

So mobile messaging was one such problem and it kind of encroached into the realm. And when it encroaches into your realm, it has the means to compromise security of your environment. And that has become that much more prevalent now that we are in a post-COVID world where we saw cyber attacks increase exponentially. And in most cases these attacks would originate in some kind of phishing mechanism and that phishing came to you through email or through SMS or some other means to get to you right, and so we as end users became the weakest link. So that's why we came up with Netsphere. We believed that people would want to continue to use mobile messaging, but till they didn't have a platform that was enterprise ready, they would put their entire environment to risk. And so once netsphere is deployed, it's the, it's the best of all worlds, and in essence they get the solution they're looking for, they are productive, while at the same point of time we help the enterprise to stay secure so it's.

Speaker 1:

You know, from what you're describing to me it kind of sounds like it's an extrapolation of Apple's user space tiered architecture right, where everything is kind of sandboxed off and what you're interacting with on your phone actually isn't able to interact with the layer down which is, you know, probably like things like the phone dialer right, or you know, the drivers that are installed, the OS and stuff like that. So it sounds like it's like a secured sandbox environment within. You know the potential sandbox environment because I believe Android also, you know, says that their user space is sandboxed off now, but I don't know how true that is. So it sounds like it's its own user space is sandboxed off now, but I don't know how true that is. So it sounds like it's its own user space. So how does that interact with a potential like MZ catcher right that you would encounter?

Speaker 1:

I mean, allegedly they're all gone, but you know China used to have MZ catchers in their airport terminals, right, as soon as you get off the plane, your phone connects to this MZ catcher, downloads all of your data. It has everything. It doesn't even technically break your phone's security. How does it interact with a situation like that? Have you looked at something like that?

Speaker 2:

Absolutely, and that was one of the things that we wanted to make sure that at any given time and I think the sandbox is a great way of describing it Any given time when you are within the Netsphere sandbox, your data is kept secure. So if there is an MZ catcher and it's secure, because one of our strongest pillars that we've kind of built this platform on was encryption and true end-to-end encryption, and I'll describe that, the reason I said true. But to answer your question directly in the context of MZ Catcher, we aren't immune to the MZ Catcher, but if they were to extract Netsphere data as it was going back and forth or pulling it off of the device, they would get a bunch of gibberish and there's nothing they could do with that. So that was what we were trying to accomplish. It's difficult to sometimes be immune to the communication layer that is being compromised, right, but if the layer is carrying information that is gibberish to you, there's nothing you can do about it. And that's why not only are we end-to-end encrypted, we are now quantum proof and in the same context of China, if you may, or other nations who are now leveraging cyber.

Speaker 2:

Cyber, essentially, has been weaponized, right, and with it being weaponized. In the old days, it was some mafia entities or some rogue folks who were trying to leverage cyber as a means to enrich themselves. Now we see that states have weaponized cyber as a means to engage in warfare. And what are they after? It's data, any and every kind of data. We believe data is the next most valuable commodity, more valuable than even gold, if you may, because of the nature of the information it carries. So when we developed our platform, we wanted to make sure it was end-to-end encrypted, and what I mean by true end-to-end encrypted is most people who claim to have, or most platforms who claim to have, end-to-end encryption. They decrypt the information along the way for various reasons For addressing reasons, for information storage reasons, for, if they're inspecting the data for their own marketing reasons Means we know of a very large company that has a messaging app called WhatsApp. Right, and sometimes you wonder how they figure out what you're looking for when you had just mentioned it on an encrypting conversation.

Speaker 1:

Quote unquote encrypted Allegedly encrypted.

Speaker 2:

On WhatsApp, right? So we wanted to make sure there was true end-to-end encryption. So at no way along the path as our data goes from the originating site to the terminating site or the receiving site is that data decrypted. It's only decrypted by the user or the receiver the legitimate user and the receiver and we have multiple means of making sure that that happens. And then we said, okay, we want to make sure that we aren't susceptible, or at least essentially we aren't susceptible, to quantum threats, even though quantum computing is some ways off.

Speaker 2:

Now we don't know that for sure because we have all these state actors also investing billions in making sure they are the first ones with a platform such as that. We also have the private sector doing the same If quantum could potentially be a threat. You started seeing decrypt I mean harvest now decrypt later, attacks where data was being harvested and is being kept, so, even though it was encrypted, to be decrypted later. So we wanted to make sure our platform did not fall into that kind of a trap, and so that's why we upgraded our platform to quantum encryption and today we proudly state that we are quantum proof to quantum encryption. And today we proudly state that we are quantum proof and that it's an assurance to our customers who come from finance, healthcare, first responders, government, other entities, technology companies. It's an assurance to them that whatever they're communicating, leveraging our platform for today, will remain safe even in a quantum world.

Speaker 1:

Yeah, it's fascinating, you know, you brought up right, how, even like your modern, you know, message, right, let's say, I'm messaging someone from my iPhone and they have an iPhone, right, and I'm getting that blue, the blue text box that everyone loves so much, right, and it's really it's because Apple, you know, markets it as hey, that's fully encrypted and everything else like that right, like it's completely secure and it's going directly from phone to phone.

Speaker 1:

You know, there's nothing to worry about or whatnot, when in all actuality, it has to be decrypted at some point in time. And the reason why it has to be decrypted at some point in time is because the federal government can come in and go and subpoena Verizon to say, hey, I need all the messages off that phone, everything that was sent through your network from this device to whatever other device, right. And because we need to, you know, track this person. They're a terrorist or whatever. It might be right. Whatever the situation is, not only do they have to give up that data, but it has to be in a readable format, you know. And even if it's not in a readable format, the government, you know, 9.5 times out of 10, they're breaking whatever was on there so that they could get in and see it, which, you know, I feel like a lot of people don't realize, don't realize that or don't understand it. Right, it's like it's. It's secured to a point. Right, it's secured against an adversary that doesn't have unlimited funds, that doesn't have unlimited manpower and time. Right, it's secured against someone like myself. Right, time. Right, it's secured against someone like myself. Right, like what are the odds that I'm actually even going to spend the time to try, and you know, break that sort of encryption or whatnot? Right, and if I could, I probably wouldn't be doing this podcast, I'd be giving talks around the world or something like that. Right, but it's, it's fascinating.

Speaker 1:

You know, I'm interested in the post quantum side of it, right, and so I'll give you a little background. I'm sure my listeners are probably tired of hearing me talk about it at this point. Right, but I'm getting my PhD in utilizing the Zero Trust Framework to secure communication satellite infrastructure to prepare it for post-quantum right. So that entails taking the requirements of post-quantum right. So that entails, you know, taking the requirements of post-quantum encryption. What does that look like? Okay, can we put that onto a satellite? Yes, we can. We have, you know, the right resources and hardware and whatnot. Well, can we secure that hardware with zero trust, right? Zero trust being a framework that everyone knows it's been around for a while, it's very widely deployed and used. You know, it's a good framework overall.

Speaker 1:

Can we take something that we know and kind of use it to protect ourselves from the future?

Speaker 1:

Right, because we're kind of going into our uncharted territory right now with the advent of AI, with, you know, quantum encryption, with quantum computers.

Speaker 1:

Right, all of these things are kind of combining or colliding together in a way that, once they reach a certain point that maybe only five people on the planet actually know what that point is, once they reach that point, it's completely unstoppable, right, and it's like you're either going to have you're either going to be prepared for post quantum or you're not, and if you're not, you're going to be obsolete, right, because all of your data is already going to be out there.

Speaker 1:

You'd have to start from literal zero just to be able to say my data, my services secure, right, and so we're starting to see companies actually put like post quantum cryptography and whatnot, on their own roadmaps and saying like, hey, we need to amplify our spend, amplify the resources that we have around this Because, you know, if this quantum AI actually turns into a real thing, chase Bank, if they don't have post-quantum encryption already deployed on their devices securing your data and whatnot, there's nothing holding back an AI that's powered by a nation state actor from using it in a malicious way. There's literally nothing you can do.

Speaker 2:

And you're absolutely right there. You can do, and you're absolutely right there. But before I comment on what you had to say with regards to quantum, I do want to talk about the backdoor per se that you mentioned in the realm of governments having access to some of the messages going back and forth. I'm privy to how that process works because, as I mentioned to you at the start, we also provide our platforms to mobile operators, who then use that to enable their own subscriber base with feature functionality. So I know exactly how that process works. But I did want to acknowledge Apple for a second. Apple does take a very, very responsible position when it comes to encryption and security and your data, and if I was to single out one organization, I would single Apple out for that very purpose. They have actually even pushed back to a lot, even against the United States government, when called upon to share information that may not necessarily belong to them. So that's a very important point that I did want to make. Again, I'm not taking sides, I'm just pointing out the obvious, which is also recognized and acknowledged by a lot of other people within the industry. Now, continuing on to your comment about quantum, I could not agree with you more with regards to the quantum threat and how real it is. In fact, the Biden administration, on their last day, or the last week, they set out an executive order that stated that everybody needs to accelerate and ensure that they are deploying a level of quantum encryption prior to, I think, 2032 or 2035. Which, if you really look at it, is not that long ago. I mean not that far away. And everybody's referring to this as Q Day, is referring to this as Q-Day. Q-day essentially is the day when quantum computers become available, whether with a good party or a bad party, and have the means to start using quantum computing as a means to decrypt your information. Right, I compare Q-Day to Y2K, with a couple of differences. Right, y2k, we knew exactly when that was going to happen. It was going to happen midnight of December 31st 1999. And we also knew, for the most part, what we had to do to our systems to make sure that the clocks actually continued on past that midnight gong, if you may, right. But in the context of Q-Day, we have no idea about, one, when it's going to happen and, two, what the impact potentially could be. What we do know is what we need to do to ensure that we are protecting our environments, and that's why deploying systems and platforms that are quantum proof are so important today, because nobody has any idea when QDA is going to happen. You know, technology tends to surprise, and I wouldn't be surprised that there would be some state actor that has a lab out there where they're pumping, you know, billions, if not trillions, of dollars to be the first one out with a quantum platform.

Speaker 2:

And then you introduce even a bigger problem or a bigger challenge, where you talk about quantum AI, which really could go into the scary realm Again if you're not doing anything about it, because, as we know, innovation in the AI field is really moving at an amazing pace, and a lot of that is really entirely dependent on the GPU power that you're able to deploy in your environment to push forth your LLMs, et cetera, right Now. Can you imagine a you know, a computing environment that makes your GPUs as we know them today irrelevant because they are essentially so powerful? What would that do to the application layer which is essentially running your LLMs right Now? How does that evolve and what could that potentially be? You know what impact could that potentially have to you? And so that's a next step outcome of quantum computing.

Speaker 2:

But you know I always tell people focus on the here and now. And the here and now really is make sure you're not buying into any platform that is not quantum proof and is not quantum ready. And then do a complete review of your internal systems. And you know, even in the context of government, even if you have legacy systems, there are means to ensure that they are also made quantum proof right. So make sure, once you do an audit of your systems internally and at the periphery, make sure that you are deploying a quantum based strategy. Again, if it's mobile messaging you're concerned about, come talk to us. You know Netsphere is there today, it's available now, it's being deployed extensively across the globe and we offer the service globally. So come talk to us and we'd be happy to talk to you and set you up with a quantum safe communication platform, if you may.

Speaker 1:

Yeah, you know. To circle back to your comment with Apple, I'm actually a huge, huge Apple fan. I really, you know, unfortunately, like I try to, you know, be like, you know, agnostic or whatever the term is right towards technology, try to really, like, view it with an open mind. But I always go back to, like when I was getting my master's, and in one of the classes, you know, is mobile security, where you learn about the security of Android and iPhone, right, and then the lab is you're going to pick a vulnerability, you're going to deploy it, see how far you get on the device, right, you know, I tried for probably 36 hours to get into an iPhone and I couldn't, you know, via a Bluetooth vulnerability. It just would not work, no matter what I did. And then I go and I switch to an android, right, and I'm in with root within 30 minutes. Right, I'm a terrible hacker. Like, I'm real bad. You know like it's, I can fire up cali linux, but, man, if it's beyond that, you know we're, we're in a world of hurt over here. Right, android was no problem at all and it just showed me right there, like, oh they, you know they, both parties claim that they care about security, but obviously one actually does, you know.

Speaker 1:

And then you see the things where you know apple has completely gone against what the us government wanted, what the european government wanted, right, with getting backdoors into their devices and encryption and everything and one. It's really eye-opening to see a government actively say we want a backdoor into your devices, into your software. Makes me think also that they probably already have one in Android. Right, if they're not asking Google or Android for the same thing over there, right? Like, if it was a problem for the government on that platform, they would have said it. Right when they said it with Apple. And so for Apple to push back the way that they did and they're just like hey, you can find me, whatever you want, we can go to court, doesn't matter, I have a whole bank full of cash ready to go just for this. Like, doesn't matter, you're not getting your back door. It makes me believe you know that it's a lot more secure by default than any other device platform out there.

Speaker 1:

You know, I'm not trying to like put it up against NetSphere or anything like that, but I'm totally on board with your comments with Apple, it's like you know, we're also going into uncharted territory, right, like we've never seen this convergence of AI and quantum. Both things, both areas, have been around, you know, since, like the 80s or the 70s, right, like I had on someone from NVIDIA talking about you could argue you know, ai and its most crudest terms and form was around in the 50s even and, which is interesting to hear him you know describe that. Right, but we've never really been in a situation with both industries where they're at such a inflection point. Right, but we've never really been in a situation with both industries where they're at such a inflection point, right, where it's like, if wait a minute, this AI over here is doing all these different things. Right, and AI is different from an LLM, but I think LLM is kind of shed light on the capabilities and the potential of AI, right, Like they're so very closely linked that really only you know nerds like myself and you would actually be able to say, well, an LLM isn't quite an AI right, based on whatever right. But for most people, for 95% of the people, if I go ask my wife, she's going to say, hey, chad GPT is an AI right, like that's what it is. So it's getting more visibility, more attention than ever and we're also at this inflection point where the technology for quantum and ai are like catching up to what everyone has been saying for decades. You know, that's what everyone's been warning about.

Speaker 1:

And now we're, we're in a situation where, literally, you know, like I'm hoping my iPhone, they're, they're preparing something in the background, right, for iPhone 20 or whatever it might be, to have post quantum encryption capabilities.

Speaker 1:

Right, because you know this device that I rely on pretty heavily, that I I mean it would take such a significant event for me to get off of an apple device at this point that, like it's, like, guys, I'm hoping you're preparing, like everyone else is saying, and to your point too, with the biden administration, I think they actually moved up the date to I think it was 2035. And I think they moved it up to like 2028 or something like that. Like they, you know, I mean that's how dire the situation really is, because now, everyone, you know when they, when, when the government changes the timeline, like that, you know that they probably have some you know genius in a basement somewhere that already accomplished it, and they're like the genie's out of the bottle in this room. We can't keep it in this room for that long. You know it's going to escape at some point. Yeah.

Speaker 2:

But, you know, on behalf of the government's case. You know, to a certain extent I understand the need of a back door from their perspective, because they're also tasked with keeping their citizens safe, right, whoever the government entity is. I think the challenge comes about when, within the government, the checks and balances fail and guess what? There is abuse and misuse of that information, and that's when it all starts to fall apart. And that's why Apple basically took the position, and Apple always engineered with security in mind. That's the way we have, as well as the first step, and Apple said listen, it's not my data, I don't have control over it, so I can't give it to you. And, in fact, the way we built Netsphere 2 is similar, where, even if law enforcement comes to us saying, hey, listen, we need access to data from XYZ, we don't have access to that data because it does not belong to us, the keys don't. We don't own the keys. Every customer has keys to their own data and those keys are now obviously quantum proof because, honestly, that data is not ours. We are not in the business of providing data right.

Speaker 2:

And so that strong position around security has kept Apple in good stead, and Android was forced to follow, because people started becoming aware of the importance of that and I think Android is playing catch up. But since the platform and the operating system was never developed to start with that in mind, you know they've kind of done some band-aids to get us there. So that's why, you know iOS, when compared to Android, has a distinct difference, and I totally agree with you that. You know Apple and you know Google and others, I'm sure, are in the process of coming out with a quantum chip set of some sort to augment their A22 chip that they're planning to roll out. I think WWDC was talking about how they progressed from A1 to, I think, a18 or something or the other.

Speaker 2:

And the point being is, everybody realizes the importance of data security now and now. With data security. Quantum is that much more important. But the government themselves saying, hey, do it now, we're already in 2025. 2028 is in three years, guys, so it'll take you some time to get it done. So you should be making those decisions here and now, and that's what people need to understand. You can't have your head in the sand and think this is going to go away, guess what. This is one thing that is not going away and this is one thing that is definitely going to impact how you conduct your business, so you might as well take action today.

Speaker 1:

Yeah, yeah, it's a fascinating time Can we talk about, like Microsoft recently maybe a month ago at this point came out or announced the Willow quantum chip, right.

Speaker 2:

And Google announced Vicker. I think Different, but similar Right.

Speaker 1:

What's the? You know what's the purpose of these quantum chips. Is it doing a key exchange, like a QKD key exchange? Is it like what's going on in that chip? Do you know? Maybe you're not the best person to ask, right, but maybe you may know.

Speaker 2:

No, no Again.

Speaker 2:

What I do understand is that this is really a part of progressive R&D for them to get to a point where they can leverage quantum as a computing platform that goes across the board, right, and so it's part of an evolutionary cycle. They may not be real world uses of these chipsets, but I think that they're very, very important proof points to be delivered, and what it also shows is that there is real R&D being done. You know, the private sector here in the US tends to be fairly open in announcing their accomplishments, but I can bet you there are other folks and organizations that are not announcing what they're up to. But if Microsoft, based on their environment and budget, can get to this point, which is on the road to a full quantum computing platform, if you may, there are others who may be at this point or at a different point. So that is something that validates our collective argument that we've been discussing now for some time on this podcast is that it's real and we are seeing proof points. So you better start taking action for it.

Speaker 1:

Yeah, yeah, it's fascinating. Where do you see you know everything going right, moving forward with the Biden administration, having that, you know that bullet point, that item, right? Everyone needs to start moving towards this. Are you seeing the industry, or more companies you know, kind of come up and start focusing more on this problem? Because I'm thinking of companies like D-Wave, right, that apparently, or allegedly, they have created something that's more consumer-centric for quantum computing. I don't know how valid that is, I don't know how many customers they may have right, but it seems like quantum is becoming more easy to use, it's more accessible than it ever has been before, right, and that's kind of like the evolution with technology. So where do you see all of this going and how does it impact your platform? Moving forward right, like what's the next iterations that you're seeing down the pipeline that you're preparing for?

Speaker 2:

Yeah, no, we obviously see that quantum itself is going to really materialize sooner rather than later. And then we've seen three separate categories of organizations who are really investing in quantum and who are moving at different speeds. You have a bunch of startups, and the startup ecosystem here in the United States is very, very rich, based on the fortune that we have in our country of gaining access to venture capital and other entrepreneurship capital that allows ideas to kind of be watered, if you may, and to flourish. So we've got a bunch of very compelling startups who are doing a lot of amazing work in the quantum realm. We have established companies, and Microsoft you mentioned Google. Ibm as well has recently started pushing and talking about quantum as well, in the context of AI as well. So we have much more established companies who are allocating R&D dollars against it. And then we have these nation states that are obviously investing a lot of money. We know that right.

Speaker 2:

I think the Biden administration data point is just one. They obviously have access to some information that got them concerned enough for him to sign, or for the president at that time to sign, an executive order saying, hey, guess what, I'm going to pre-pawn that date, right? And then it is driven more because now cyber is really weaponized, as I said earlier in the podcast and when it gets weaponized, the exponential innovation that takes place because of state actors who are now believed that they're dependent on the success of that realm, drives innovation that much faster, and to a point where we essentially could lose control of that innovation cycle because it could move so quickly, right. And so we at Netsphere have to constantly be aware of that, and that's why now, when we developed the platform, we felt encryption and security had to be number one, right. And so not only have we showed up the platform with quantum proof encryption, we've also made sure that we've developed a surround on the platform that provides best practices for an enterprise to ensure that they are, you know, managing their internal communications in a manner that is in line with what we refer to as quantum proof.

Speaker 2:

The quantum proof happens at the layer of encryption, as I'm sure you know right. So we want to make sure that our platform delivers a holistic quantum proof experience, not just at the encryption layer, but also at the policy layer, leveraging zero trust as a mechanism as well. So we've built in a whole bunch of features that allow us to do that, and obviously we are constantly looking at what else do we need to do. What else do we need to do to keep the platform secure? Authentication is a very, very important aspect of access, and so we're constantly kind of raising the bar on that as well. So holistic, quantum proof platforms, I think, are more important, and I think that's what we're trying to deliver with NetSphere as well.

Speaker 1:

Yeah, that's a really good point, you know, because it's going to get to the point where the only way that you're, you know, breaking a quantum system right is via access authorization. You know, are you, are you cracking the account? Are you getting access to the MFA token? What does that look like? And so, you know, we're focused on quantum right now, probably because it's an emerging area, that we've never seen it expand and grow like this before. Right, security, all the other pillars and domains of security are still going to matter. They're still going to definitely play a role in whatever platform is claiming to be, you know, quantum resistant or quantum proof, right, so to speak. So it's it's fascinating to see how that is even going to change and evolve over time.

Speaker 1:

Right, I feel like I feel like that area will probably even lag behind a little bit. Right, Because, you know, maybe not for your solution, because you're already thinking that way. Right, but for organizations, you know, just thinking about how different organizations work, they would probably start shifting their focus, like they are right now, towards quantum, kind of forget about the basics of, you know, iam and network security, right, and just overall. And then they'll have to play catch up, you know with that in those areas as well. So it's it'll be fascinating. You know like there's always a news article every day, right, saying these are the top five jobs that are going to be eliminated by AI and whatever else. You know like within 12 months, we're not going to have any developers anymore.

Speaker 1:

I've seen that you know, within 18 months we're not going to have any like low level security people anymore, and it's kind of like, yeah, if that were to happen we would be back in the seat within six months, right, because the company is no longer going to be functioning Like and that's guaranteed.

Speaker 2:

And everybody has to remember, as we are working collectively to shore up our systems, you know the bad actors are also leveraging all the same technologies to see how they can get through to our systems, right? I'll give you a small example. Five, seven years ago, when you would get a phishing email or even a phishing text, it would be a disjointed message. It was very obvious that it had been written or put together by an entity that didn't understand English as their first language. It had grammatical errors and you would laugh at it and not do anything about it. Now these phishing attacks are becoming so sophisticated. I recently got a couple of emails which were so amazingly doctored and came through as if they were actually coming from Amazon, and the reason that is happening is because the bad actor is actually leveraging AI to develop these mechanisms, including the messages. Right, and regardless of where they're originating. The sophistication is coming through the use of AI, and that is really a great example of how we need to constantly be aware of everything that's going on around us, because the bad actors are also using the same tech to get at us right.

Speaker 2:

And access is always the weakest link. And again, I keep coming back to NetSphere is, you know, today, phishing? You know, on email you're slammed with spam constantly. Because it's an open environment, you know, netsphere actually keeps it closed and encrypted and so we don't have spam on platforms such as ours, and so we are able to keep the door, front door closed. The employees are the weakest link, not because they are. It's just because these attacks have become so sophisticated that people, when they're doing their job, they see something come through, they don't pay attention to it, they click on the wrong link and boom, you've compromised your environment. So I think access is very, very important and knowing the fact that also, you know, the bad actors are leveraging some of the same technologies requires us to really constantly re-evaluate everything we're doing. But there is no, you know, argument with regards to not doing quantum proof. That's real, real and present danger that you have to react to.

Speaker 1:

So, you know, recently, at my nine to five, we had a threat actor that was using AI to fish, you know, my CFO to try and get him to send $20 million to an account or whatnot, right? So you know, they sent the email and the email was formatted properly. It looked like it was coming from the CEO. It just looked, it looked perfect, right, there's. There's nothing that would have raised an alarm or anything like that, because, especially, he's done it before. He's done it for the CEO before for a couple other times. So he was used to this kind of request. But you know, he followed the process that we already set up internally, right? So follow up with a phone call, get on the phone, confirm that it's the CEO. Well, the attacker was using an AI algorithm that mimicked the CEO's voice, which is very much out there, right, you do earnings calls once a quarter, right, and the CEO is talking. You're getting their voice, their voice pattern and everything like that. So they replicated the CEO's voice, so it sounded exactly like him, came from his, you know, personal cell phone, like you would expect, and everything. And the only thing that stopped it, right there was the fact that we had, like, a final layer of security, a final layer of authorization, and they couldn't answer that challenge question? Right, because it's kind of an off the wall one. It's not related to anyone's background. It's like you either know the answer or you don't. You know, and they definitely didn't, and that was the only thing that caught him up, right, like that was the only thing that stopped that attack from even happening.

Speaker 1:

Was that final piece? Right, and you have this advanced ai that's mimicking a voice, that's sending off this emo that looks perfect. Right, all these other things are lining up, except for that one person with the brain between their ears that said we need one more thing. Right, because I heard about this AI replicating voices over here. If he does that, he'll get past the second layer of authentication, but he probably won't be able to replicate it over here. Right, and so it took that person, not an AI, it took that person to say we need this other thing that saved us. You know 20 million. Because when it starts at 20 million, you know, and you're like, oh, send me. You know 60, right, send me 80, whatever it is, what's to stop it? Right, because now it's matching up in your own brain.

Speaker 2:

So, joe, what you just described is essentially that last step that you described was when you requested an encryption key. So that was essentially in your back and forth, that was your encryption key, and so it means I have gotten so many requests, my employees have gotten so many requests. Hey, this is Anurag, do me a favor, just go out to the Apple store and buy $5,000 worth of Apple gift cards I need it urgently and come back and send the numbers to me, right? And these requests are coming on publicly available messaging platforms and email. And you know, my people say they respond simply, they said you know what? We're happy to do that, anurag, just send me a message on Netsphere and right there the whole thing breaks down and that's the power of encryption. And you know, at some point in time I'd love to demonstrate to you.

Speaker 2:

You know how our system generates that key, because it's in the settings. You can actually see this key. It's in the settings. You can actually see this key, and I'll show you the difference between pre-quantum and post-quantum keys, making it that much more difficult in the back and forth for anybody to decipher it. And that's the beauty of platforms such as ours. But you created that same platform with your process, right, and the last step in the process was hey, give me the key.

Speaker 2:

And the key was a random generated key, which is what we do and that's what you did too. It was not related to anybody or anything else, and they weren't able to deliver it and off you go. Now, the only flaw in your system was that key was stored probably somewhere that somebody could gain access to it. But in encryption and also in a post-quantum world, those keys are generated randomly at that point in time and then reset themselves every six seconds, which again makes it that much more difficult for anybody to gain access to. And that's why it's so important for people to get onto these encrypted platforms and ask the question is it truly encrypted or it's encrypted? And there's available information out there that allow you to kind of get past the initial marketing data to get to the bottom line on how and what encryption a platform's using. We share that very openly with our prospects as well. That's when they realize that you know what they're buying into is a very mature and well-developed platform.

Speaker 1:

Yeah, yeah, absolutely Well, you know, anurag, we've been going for almost an hour now and we're unfortunately at the top of our time, but you know it's been a fantastic conversation. It's been very engaging, very, you know, thought-provoking and whatnot, and you know we're kind of shedding light on an area that isn't very well known yet by most people, right? So it's always helpful to kind of go through it and dive in and what's out there, what's providing actual security?

Speaker 2:

Now, I really enjoyed our conversation as well. I actually did not realize we were at it for an hour, but yeah, it's an exciting time. It's an exciting realm, a fast-moving realm, if you may, and we're excited about being able to participate in it and contribute to it as well. So I really appreciate you taking the time and having me on the podcast, joe.

Speaker 1:

Yeah, absolutely. Well, before I let you go, how about you tell my audience you know where they could find you if they wanted to connect with you and where they could find your company if they wanted to learn more?

Speaker 2:

Yeah, find me on LinkedIn. I'm on LinkedIn. So, anurag Lal A-N-U-R-A-G-L-A-L, and my company is Netsphere N-E-T-S-F-E-R-Ecom, come check us out. I think we have a fairly decent description of what we do and how we do it and, if it helps you guys, we'd be happy to work with you guys and deploy our platform within your environment.

Speaker 1:

Awesome. Well, thanks everyone. Go and check out the links that he just said. It was a fantastic episode. Hope everyone enjoyed it Cool.

People on this episode