To achieve long-term data protection in todays fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are at risk.
So, what do we mean when we talk about crypto-agility? Fundamentally, you will have achieved crypto-agility when your security systems are able to rapidly deploy and update algorithms, cryptographic primitives, and other encryption mechanisms. Going a step further, it means you have achieved complete control over cryptographic mechanisms your public key infrastructure (PKI) and associated processes and can quickly make whatever changes are needed without intense manual effort.
The replacement of manual processes with automated ones is critical to keeping up with accelerating change. As computing power and security technologies continue to evolve at a faster and faster pace, your existing cryptographic infrastructure is destined to become obsolete in a few years unless you can keep it upgraded to the latest technologies. Notably, threats continue to evolve as well.
Moreover, as the world transforms to depend on digital systems more fully, weve embedded cryptography deeply into virtually every communication system in the world. Its no longer possible for cryptography to remain isolated from other critical systems. The vast interdependent nature of modern systems makes it imperative that IT teams have the ability to respond quickly or face the risk of major outages and disruption.
Cryptographic standards like RSA, ECC, and AES that are in broad use today are constantly being updated with more advanced versions. Eventually governing bodies like NIST get in the act and mandate the use of the latest standards, with browser and cloud providers often raising the bar as well. To avoid becoming non-compliant, you must have the ability to quickly upgrade all your systems that rely on deprecated cryptography.
A robust, cryptographically agile infrastructure also brings other long-term benefits and plays a critical role in preventing security breaches. Achieving crypto-agility will make your operations teams more efficient, and eliminate unnecessary costs such consulting fees, temporary staff, fines, or remediation costs.
Such scenarios can unfold when a bad actor gains admin access, for instance, and may or may not have issued certificates. This uncertainty means that certificates from the impacted certificate authority (CA) can no longer be trusted and all certs from that CA must be revoked and re-issued. Without crypto-agility and a clear understanding of your potential exposure, youre looking at a costly all-hands-on-deck response to track and update hundreds or thousands of certs. And, of course, anytime you have humans involved with security response, youre opening yourself to human error and further compromise and outages.
The looming threat of quantum computing some say we could see 100,000x faster quantum computers as soon as 2025 represents another compelling reason to focus on improving your crypto-agility. While all crypto algorithms are breakable on paper, the incredible computing power required for such a feat does not currently exist. That could change with quantum computers which one day will be able to break most existing algorithms and hash function in minutes or hours.
To avoid the doomsday scenario where every system in the world is potentially exposed to compromise, work is already underway toward quantum-safe cryptography. However, given how little we know about quantum computing and the inability to perform real-world testing, its safe to assume there will be considerable give and take before quantum-safe algorithms are widely available.
In the meantime, your cryptography, certificate management and key distribution systems must be agile enough to adapt to this very real emerging threat. The table below presents a scenario of the time and expense involved with swapping out existing cryptography for quantum-safe cryptography. In this scenario, with incomplete or partial automation most enterprises would be looking at a 15-month vulnerability period compared to just six days when a fully automated solution has been put in place.
A comparison of quantum doomsday mitigation scenarios
Crypto-agility is a complex topic at scale and working towards it requires a multifaceted approach. Changes need to be made to security setups in organizational policy, operating methods, and core technology and processes. Your PKI may need to be upgraded and enhanced to support rapid swaps of cryptography, and software development procedures may need to be revamped to incorporate a nimbler approach to cryptography as opposed to being bolted on top of finished software.
The first step toward true crypto-agility is to understand the extent of your cryptographic exposure. This is accomplished by tracking down every digital certificate deployed across the organization and capturing details including algorithms and their size, the type of hashing/signature, validity period, where its located and how it can be used.
Once you have a complete inventory, youll then need to identify the vulnerable certificates by the type of cryptography in use and look for anomalies and potential problems. These can include certificates that use wildcards or IP address, certificates located on unauthorized or unintended systems as well as certificates abandoned on deprecated systems.
Finding your certificates and vulnerability isnt enough by itself to deliver crypto-agility youre still looking at the aforementioned 15-month-long process if you need to swap everything out manually.
Here are three pillars of crypto-agility that will put your organization on the right path toward withstanding whatever the future holds:
#1 Automate discovery and reporting. At the push of a button, you should be able to produce a full report of all your cryptographic assets. This will allow you quickly identify vulnerable cryptography and to report anomalies. There are any number of tools available to help you do this, but ideally certificate reporting should just be incorporated into an automated PKI solution.
#2 Automate PKI operations at scale. The ideal solution here is a fully automated Certificate Management Systems (CMS) that will manage the entire lifecycle of a certificate from creation to renewal. When the CMS is used to create a certificate it should have all the data it needs to not only monitor the certificate for expiration but automatically provision a replacement certificate without human intervention.
#3 Be nimble. At an organization and management level, your IT organization from DevOps through to day-to-day operations staff need to be ready for threats and change. You should carefully evaluate and rethink all aspects of your PKI to identify areas that may lock you into a particular vendor or technology.
The risk of having a slow-to-respond cryptographic infrastructure is increasingly daily, not only as digital transformations increase our dependency on inter-connected systems but as external threats and technology evolve with increasing pace. Looming above it all is the threat of quantum computing. Put it all together and its clear that the time to automate your PKI and move toward crypto-agility is at hand.
- Giant atoms enable quantum processing and communication in one - MIT News - August 4th, 2020
- Computer Scientist Don Towsley Named to Team Developing the Quantum Internet - UMass News and Media Relations - August 4th, 2020
- COVID-19 Impact on Quantum Computing Market Research, Growth, Industry Analysis, Size and Share 2025 | IBM Corporation, Google - My Kids Health - August 4th, 2020
- IBM and the University of Tokyo Unveil the Quantum Innovation Initiative Consortium to Accelerate Japan's Quantum Research and Development Leadership... - August 2nd, 2020
- Insights & Outcomes: a new spin on quantum research, and the biology of sex - Yale News - August 2nd, 2020
- This simple explainer tackles the complexity of quantum computing - Boing Boing - July 29th, 2020
- UK firm reaches final stages of the NIST quest for quantum-proof encryption algorithms - www.computing.co.uk - July 29th, 2020
- Looking Back on The First-Ever Photo of Quantum Entanglement - ScienceAlert - July 29th, 2020
- Quantum reckoning: The day when computers will break cryptography - ITWeb - July 29th, 2020
- Ripple CTO: Quantum computers will be a threat to Bitcoin and XRP - Crypto News Flash - July 29th, 2020
- The 6 Biggest Technology Trends In Accounting And Finance - Forbes - July 29th, 2020
- Ripple Executive Says Quantum Computing Will Threaten Bitcoin, XRP and Crypto Markets Heres When - The Daily Hodl - July 25th, 2020
- D-Waves quantum computing cloud comes to India - The Hindu - July 25th, 2020
- Hear how three startups are approaching quantum computing differently at TC Disrupt 2020 - TechCrunch - July 25th, 2020
- The Hyperion-insideHPC Interviews: Dr. Michael Resch Talks about the Leap from von Neumann: 'I Tell My PhD Candidates: Go for Quantum' - insideHPC - July 25th, 2020
- The Computational Limits of Deep Learning Are Closer Than You Think - Discover Magazine - July 25th, 2020
- China's newest technology stock exchange is thriving despite the pandemic - The Economist - July 25th, 2020
- Almost One-Third of Life Science Companies Set to Begin Quantum Computing Evaluation This Year - Lab Manager Magazine - July 17th, 2020
- Europe Quantum Computing Market 2020 | Scope of Current and Future Industry 2025 - Owned - July 17th, 2020
- Opinion |Dance of the synchronized quantum particles - Livemint - July 17th, 2020
- Quantum Software Market 2020: Potential Growth, Challenges, and Know the Companies List Could Potentially Benefit or Loose out From the Impact of... - July 17th, 2020
- Quantum Computing Market Brief Analysis and Application, Growth by 2026 - 3rd Watch News - July 17th, 2020
- Standard Chartered and Universities Space Research Association join forces on Quantum Computing - PRNewswire - July 13th, 2020
- Standard Chartered teams up with Universities Space Research Association on development of quantum computing apps - FinanceFeeds - July 13th, 2020
- How American Express is tapping the benefits of hybrid cloud - The Enterprisers Project - July 13th, 2020
- MIT's New Diamond-Based Quantum Chip Is the Largest Yet - Interesting Engineering - July 11th, 2020
- Chicago Quantum Exchange Welcomes Seven New Partners in Tech, Computing and Finance - HPCwire - July 11th, 2020
- In 1st Of Its Kind Webinar On Quantum Information And Computation In India, IIIT Hyderabad Successfully Conducts Quantum Talks 2020 - IndianWeb2.com - July 11th, 2020
- Satoshi Nakamoto Inspiration Gives Advice On Bitcoins Next Move - Forbes - July 11th, 2020
- QCI Hosts Webinar Series Featuring Optimizations that Deliver Quantum-Ready Solutions at Breakthrough Speed - Stockhouse - July 11th, 2020
- Quantum Computing Technologies Market to Witness a Pronounce Growth During 2025 - News by aeresearch - July 11th, 2020
- Topological Quantum Computing Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Quantum Software Market (impact of COVID-19) Growth, Overview with Detailed Analysis 2020-2026| Origin Quantum Computing Technology, D Wave, IBM,... - July 6th, 2020
- Regional Analysis and Strategies of Quantum Computing Technology Market during the Forecasted Period 2020-2030 - 3rd Watch News - July 6th, 2020
- Healthcare Shopping: The new age of consumerism - The Financial Express - July 6th, 2020
- Six things you need to learn about quantum computing in finance - eFinancialCareers - July 4th, 2020
- Cybersecurity in the quantum era - ETCIO.com - July 4th, 2020
- There's a Hidden Economic Trendline That Is Shattering the Global Trade System - IDN InDepthNews | Analysis That Matters - July 4th, 2020
- How Will The World Look Like In 2025 And The Future Of Cybersecurity - Entrepreneur - July 4th, 2020
- Better encryption for wireless privacy at the dawn of quantum computing - UC Riverside - June 30th, 2020
- Menten AIs combination of buzzword bingo brings AI and quantum computing to drug discovery - TechCrunch - June 30th, 2020
- Paper Outlines the Role of ERM in Managing Risks Related to New Technologies - Business Wire - June 30th, 2020
- Airbus CTO Grazia Vittadini: Aviation needs to tap emerging technologies, diverse talent to get climate-neutral - Verdict Medical Devices - Medical... - June 30th, 2020
- Is IT regulation in the DARQ? - IT PRO - June 30th, 2020
- Sen. Warner: 5G ORAN Bill Added to Must-Pass Legislation - Multichannel News - June 30th, 2020
- Is teleportation possible? Yes, in the quantum world - University of Rochester - June 25th, 2020
- JPMorgan Shows Its Chops in Quantum Computing. Heres Why It Matters. - Barron's - June 25th, 2020
- Physicist Chen Wang Receives DOE Early Career Award - UMass News and Media Relations - June 25th, 2020
- Teleportation Is Indeed Possible At Least in the Quantum World - SciTechDaily - June 25th, 2020
- Cambridge Innovation Capital plc: Annual results for the year ended 31 March 2020 - PharmiWeb.com - June 25th, 2020
- Docuseries takes viewers into the lives and labs of scientists - UChicago News - June 25th, 2020
- Should children be taught quantum computing and other sciences that are studied in college? - Explica - June 25th, 2020
- Canadas 5G Moment Of Truth - Forbes - June 25th, 2020
- The Inter-dependence of Quantum Computing and Robotics - Analytics Insight - June 21st, 2020
- 2 thoughts on Learn Quantum Computing With Spaced Repetition - Hackaday - June 21st, 2020
- New Way to Assess the Performance of Quantum Devices - AZoQuantum - June 21st, 2020
- Quantum Computing Market 2020 Key Players, Share, Trend, Segmentation and Forecast to 2026 - Cole of Duty - June 21st, 2020
- Learn Quantum Computing With Spaced Repetition - Hackaday - June 21st, 2020
- GlobalQuantum Software Market Report 2020 Sales Forecast to Grow Negatively in Western Regio post COVID 19 Impact Analysis Updated Edition Top Players... - June 21st, 2020
- Is China Threatening Americas Dominance In The Digital Space? - Forbes - June 21st, 2020
- Lockheed's ventures arm backs quantum computing and training tech firms - Washington Technology - June 18th, 2020
- Brighton scientists in the race to build quantum computer - The Argus - June 18th, 2020
- Toronto-based Association Quantum appoints Northern Hive PR - Business Up North - June 18th, 2020
- NTT Research Builds Upon its Micro Technologies and Cryptography Expertise with Distinguished New Hires - Business Wire - June 18th, 2020
- Coming out of lockdown is harder than going in - Science Business - June 18th, 2020
- Northern Hive PR rides a wave of new client wins - Business Up North - June 18th, 2020
- Global and Asia Pacific Quantum Computing Market Research Report 2020 CoronaVirus Efect on Industry and Companies, Anyon Systems, Cambridge Quantum... - June 17th, 2020
- Quantum Computing Market: Segmentation, Industry trends and Development to 2019-2029 - The Canton Independent Sentinel - June 17th, 2020
- Archer touts performing early-stage validation of quantum computing chip - ZDNet - June 16th, 2020
- Quantum computing is the next big leap - Lexology - June 16th, 2020
- Quantum Computing Market Analysis, Trends, Top Manufacturers, Growth, Statistics, Opportunities and Forecast To 2026 - Cole of Duty - June 16th, 2020
- The technical realities of functional quantum computers - is Googles ten-year plan for Quantum Computing viable? - Diginomica - June 13th, 2020
- Quantum Computing And The End Of Encryption - Hackaday - June 13th, 2020
- First master's thesis in Quantum Computing defended at the University of Tartu - Baltic Times - June 13th, 2020
- What's New in HPC Research: Hermione, Thermal Neutrons, Certifications & More - HPCwire - June 13th, 2020
- Preparing for the Jobs of the Future: The Coding School and MIT Physicists Are Making Quantum Computing Accessible to High School Students This Summer... - June 5th, 2020
- QCI Achieves Best-in-Class Performance with its Mukai Quantum-Ready Application Platform - Quantaneo, the Quantum Computing Source - June 5th, 2020
- India and Australia pump $12.7 million into AI, quantum computing and robotics renewing their cyber and crit - Business Insider India - June 5th, 2020
- Spain's CaixaBank Teams With IBM Services to Accelerate Cloud Transformation and Innovation in the Financial Services - AiThority - June 5th, 2020
- Riverlane partners with biotech company Astex - Cambridge Network - June 5th, 2020