SandboxAQ Channel Chief On Threats To Encryption And Preparing For The Post-Quantum World

In an interview with CRN, Robert E. Williams also discusses the security opportunities for partners with the emergence of quantum computing threats to encryption.

While a lack of certainty persists about when the world will see quantum computers that can bypass encryption, the opportunities for solution providers in helping customers to prepare are massive.

That’s according to Robert E. Williams, who heads global channel partnerships at SandboxAQ, an Alphabet spinout focused on management of cryptography and protecting against future threats from “post-quantum” attacks.

Founded inside Alphabet in 2016 and spun out in March 2022, SandboxAQ’s chairman is former Google CEO Eric Schmidt and the company raised $500 million in funding a year ago.

CRN recently spoke with Williams to discuss the company’s offerings, where SandboxAQ is looking to expand with the help of the channel and what sorts of opportunities are available to solution providers. Prior to joining SandboxAQ in September, Williams served as vice president of public sector channel at cybersecurity giant Palo Alto Networks. Earlier, he held roles at AWS and AT&T.

Ultimately, for SandboxAQ, the goal right now is to “take some really great technology that we built and leverage the power of the [partner] ecosystem to scale up,” Williams said.

What follows is an edited and condensed portion of CRN’s interview with Williams.

What areas is SandboxAQ focusing on?

We're focused on two areas. One is cryptography management and operations — especially for financial services where literally everything they do is encrypted traffic. What we're finding is that large customers don't have a great handle on the cryptography of their environment — all the encryption that happens with every transaction that they have. So for most of our customers, this is a million-dollar-per-hour type of issue when they have an outage for a large bank or an e-commerce platform. And so we're helping them from that standpoint, as an extension of their IT and security operations protocols.

[Quantum computing] is a new threat vector. Even now [it’s a threat] in terms of stealing the data and looking to decrypt it later. We’re seeing very significant attacks starting to come after these same customers that were initially using it for operations. And now it's much more true, proactive protection of their platforms. So we've created a tool called security suite that does discovery, risk analysis and remediation of all your cryptography — from a network perspective, from a file system and data at rest storage perspective — as well as actually in the applications of a bank or a public sector customer. We’re also helping them add this new layer of zero trust, which was a bit underserved in the market because this is so unique in a very heavily encrypted environment. People were trusting that these encryption algorithms were going to protect us for the future, but we're starting to see that there are new attack vectors that are impacting them.

How are you helping with the shift to post-quantum cryptography?

These industries that we're focused on with our partners, they take 10 to 15 years to completely redesign and re-architect their IT platforms. And so we're helping them right now to understand where all their assets are, where the risks are that they have, so they can start that plan to remediate against it. And our partners are typically the ones that are driving a lot of those conversations with those customers. People are still figuring out when we’ll have the first quantum computer [that can break encryption] — whether it's five years, seven years from now. But a post-quantum attack is something that people need to be thinking about now from a risk perspective. And so we're helping them right now planning for this.

What are the opportunities for solution providers with SandboxAQ?

For a solution provider, they're very focused on zero trust. And so this fits right in there. Because with zero trust, you have to discover every asset, and you’ve got to set a risk to it, and then you've got to constantly protect and control against [threats]. We’re finding that this is an area that's been underserved. We want to make it really turnkey for the solution providers.

What’s something you learned from your time at Palo Alto Networks, that you are leveraging at SandboxAQ?

I think Palo did a great job with their partner-first ecosystem, and I was fortunate to be a part of that. I think Palo had a great way of optimizing the partners. Because there are so many different partner types that are potentially talking to the same customers. How do you have partners be able to play nice together and ultimately get to the outcome they want, which is serving their customers? And so this AI and quantum space is very exciting. Everybody wants to figure out a way to tap into it. So we want to be very thoughtful with our partner program, as we're rolling this out, to make sure that everybody can win, everybody sees value, everybody is enabled for success — and everybody can commercially see benefit in this too.

Are you going to be recruiting partners?

Recruiting partners is No. 1 for us. This is going to be a global program. We want to be recruiting new distributors, solution providers, technology partners and MSSPs. And then on the GSI [global system integrator] side, this is an opportunity for us to continue scaling up. I saw this at Palo, and I'm even seeing this here — that GSIs are working quite a bit more with solution providers on some of these transformational programs like zero trust, which have to integrate so many different OEMs and invoices and renewals. And so, we’re not only recruiting for our benefit, but also for the [GSIs] to leverage the broader channel to be successful.