To achieve long-term data protection in todays fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are at risk.
So, what do we mean when we talk about crypto-agility? Fundamentally, you will have achieved crypto-agility when your security systems are able to rapidly deploy and update algorithms, cryptographic primitives, and other encryption mechanisms. Going a step further, it means you have achieved complete control over cryptographic mechanisms your public key infrastructure (PKI) and associated processes and can quickly make whatever changes are needed without intense manual effort.
The replacement of manual processes with automated ones is critical to keeping up with accelerating change. As computing power and security technologies continue to evolve at a faster and faster pace, your existing cryptographic infrastructure is destined to become obsolete in a few years unless you can keep it upgraded to the latest technologies. Notably, threats continue to evolve as well.
Moreover, as the world transforms to depend on digital systems more fully, weve embedded cryptography deeply into virtually every communication system in the world. Its no longer possible for cryptography to remain isolated from other critical systems. The vast interdependent nature of modern systems makes it imperative that IT teams have the ability to respond quickly or face the risk of major outages and disruption.
Cryptographic standards like RSA, ECC, and AES that are in broad use today are constantly being updated with more advanced versions. Eventually governing bodies like NIST get in the act and mandate the use of the latest standards, with browser and cloud providers often raising the bar as well. To avoid becoming non-compliant, you must have the ability to quickly upgrade all your systems that rely on deprecated cryptography.
A robust, cryptographically agile infrastructure also brings other long-term benefits and plays a critical role in preventing security breaches. Achieving crypto-agility will make your operations teams more efficient, and eliminate unnecessary costs such consulting fees, temporary staff, fines, or remediation costs.
Such scenarios can unfold when a bad actor gains admin access, for instance, and may or may not have issued certificates. This uncertainty means that certificates from the impacted certificate authority (CA) can no longer be trusted and all certs from that CA must be revoked and re-issued. Without crypto-agility and a clear understanding of your potential exposure, youre looking at a costly all-hands-on-deck response to track and update hundreds or thousands of certs. And, of course, anytime you have humans involved with security response, youre opening yourself to human error and further compromise and outages.
The looming threat of quantum computing some say we could see 100,000x faster quantum computers as soon as 2025 represents another compelling reason to focus on improving your crypto-agility. While all crypto algorithms are breakable on paper, the incredible computing power required for such a feat does not currently exist. That could change with quantum computers which one day will be able to break most existing algorithms and hash function in minutes or hours.
To avoid the doomsday scenario where every system in the world is potentially exposed to compromise, work is already underway toward quantum-safe cryptography. However, given how little we know about quantum computing and the inability to perform real-world testing, its safe to assume there will be considerable give and take before quantum-safe algorithms are widely available.
In the meantime, your cryptography, certificate management and key distribution systems must be agile enough to adapt to this very real emerging threat. The table below presents a scenario of the time and expense involved with swapping out existing cryptography for quantum-safe cryptography. In this scenario, with incomplete or partial automation most enterprises would be looking at a 15-month vulnerability period compared to just six days when a fully automated solution has been put in place.
A comparison of quantum doomsday mitigation scenarios
Crypto-agility is a complex topic at scale and working towards it requires a multifaceted approach. Changes need to be made to security setups in organizational policy, operating methods, and core technology and processes. Your PKI may need to be upgraded and enhanced to support rapid swaps of cryptography, and software development procedures may need to be revamped to incorporate a nimbler approach to cryptography as opposed to being bolted on top of finished software.
The first step toward true crypto-agility is to understand the extent of your cryptographic exposure. This is accomplished by tracking down every digital certificate deployed across the organization and capturing details including algorithms and their size, the type of hashing/signature, validity period, where its located and how it can be used.
Once you have a complete inventory, youll then need to identify the vulnerable certificates by the type of cryptography in use and look for anomalies and potential problems. These can include certificates that use wildcards or IP address, certificates located on unauthorized or unintended systems as well as certificates abandoned on deprecated systems.
Finding your certificates and vulnerability isnt enough by itself to deliver crypto-agility youre still looking at the aforementioned 15-month-long process if you need to swap everything out manually.
Here are three pillars of crypto-agility that will put your organization on the right path toward withstanding whatever the future holds:
#1 Automate discovery and reporting. At the push of a button, you should be able to produce a full report of all your cryptographic assets. This will allow you quickly identify vulnerable cryptography and to report anomalies. There are any number of tools available to help you do this, but ideally certificate reporting should just be incorporated into an automated PKI solution.
#2 Automate PKI operations at scale. The ideal solution here is a fully automated Certificate Management Systems (CMS) that will manage the entire lifecycle of a certificate from creation to renewal. When the CMS is used to create a certificate it should have all the data it needs to not only monitor the certificate for expiration but automatically provision a replacement certificate without human intervention.
#3 Be nimble. At an organization and management level, your IT organization from DevOps through to day-to-day operations staff need to be ready for threats and change. You should carefully evaluate and rethink all aspects of your PKI to identify areas that may lock you into a particular vendor or technology.
The risk of having a slow-to-respond cryptographic infrastructure is increasingly daily, not only as digital transformations increase our dependency on inter-connected systems but as external threats and technology evolve with increasing pace. Looming above it all is the threat of quantum computing. Put it all together and its clear that the time to automate your PKI and move toward crypto-agility is at hand.
- Quantum Computing Professor, Researcher Yacoby Elected to American Academy of Arts & Sciences - HPCwire - May 1st, 2021
- How Merck works with Seeqc to cut through quantum computing hype - VentureBeat - April 28th, 2021
- Wannabe Wired: When will we feel like we're living in the future? - The Lawton Constitution - April 28th, 2021
- Selected to Build New Supercomputer for the National Supercomputing Centre Singapore - HPCwire - April 28th, 2021
- Six faculty elected to National Academy of Sciences - Stanford Today - Stanford University News - April 28th, 2021
- To make acquisition work, IBM can have preferences says CEO Arvind Krishna, but Red Hat cant - IT World Canada - April 28th, 2021
- Time-Reversal Symmetry Breaking in a Superconductor - SciTechDaily - April 28th, 2021
- Will the Government Succeed in Building a Quantum Computing Center? - DesignNews - April 27th, 2021
- What were the fastest growing sectors last year? - BusinessCloud - April 27th, 2021
- Universities across Europe urge EU to remove threat of research ban on Israel, UK and Switzerland - Science Business - April 27th, 2021
- Atos unveils global R&D Lab to drive innovation in Cybersecurity, High Performance Computing and Quantum - GlobeNewswire - April 27th, 2021
- Quantum Computing Technologies market size to expand momentously over 2021-2026 - Business-newsupdate.com - April 27th, 2021
- Cambridge Quantum pushes into NLP and quantum computing with new head of AI - VentureBeat - April 24th, 2021
- Quantum: It's still not clear what its good for, but Amazon and QCI will help developers find out - ZDNet - April 24th, 2021
- Are We Doomed to Repeat History? The Looming Quantum Computer Event Horizon - Electronic Design - April 24th, 2021
- Fine-tuning the color of light | Stanford News - Stanford University News - April 24th, 2021
- Cleveland Clinic and IBM hope their tech partnership could help prevent the next pandemic - WTHITV.com - April 24th, 2021
- Quantum Computing Market Share Current and Future Industry Trends, 2020 to 2027 The Courier - The Courier - April 24th, 2021
- Atos unveils global R&D Lab to drive innovation in Cybersecurity, High Performance Computing and Quantum - Yahoo Finance UK - April 24th, 2021
- The first 100 days: What does President Bidens approach to the world look like so far? - Brookings Institution - April 24th, 2021
- Cleveland Clinic and IBM Partner on HPC, AI and Quantum Computing - insideHPC - April 8th, 2021
- OneConnect Financial Technology and Singapore Management University announce key findings from joint research on potential for quantum computing to... - April 8th, 2021
- Cleveland Clinic, IBM launch 10-year quantum computing partnership - Healthcare IT News - March 31st, 2021
- Quantum computing: How basic broadband fiber could pave the way to the next breakthrough - ZDNet - March 31st, 2021
- IBM's first 'retail' quantum computer in the US headed to Cleveland Clinic - CNET - March 31st, 2021
- Honeywell says quantum computers will outpace standard verification in 18 to 24 months - VentureBeat - March 31st, 2021
- Cleveland Clinic, IBM ink a ten-year quantum computing dealhere are 2 ways the tech can be used in healthcare - eMarketer - March 31st, 2021
- Cleveland Clinic will be IBMs first private sector customer to install a quantum computer on premises - VentureBeat - March 31st, 2021
- Cleveland Clinic and IBM hope their tech partnership could help prevent the next pandemic - WXII The Triad - March 31st, 2021
- Cleveland Clinic and IBM announce 10-year partnership; includes first quantum computer for healthcare research - WKYC.com - March 31st, 2021
- IBM brings quantum computer to Cleveland Clinic -- but what is that? The Wake Up for Wednesday, March 31, 2021 - cleveland.com - March 31st, 2021
- IBM partners with Cleveland Clinic to build on-site quantum computer | The Burn-In - The Burn-In - March 31st, 2021
- In battle with U.S., China to focus on 7 'frontier' technologies from chips to brain-computer fusion - CNBC - March 6th, 2021
- Quantum computing, drones and 3D printing what South African schools could be teaching by 2030 - BusinessTech - March 6th, 2021
- Quantum Xchange Wins Cyber Security Global Excellence Awards for the Third Consecutive Year - PRNewswire - March 6th, 2021
- UK Government to invest 153 million in quantum research projects - Finextra - March 6th, 2021
- Quantum internet one step closer to reality with innovative wavelength switch - E&T Magazine - March 6th, 2021
- Quantum Computing Startup IonQ in Talks to Go Public Through Merger with DMY SPAC - Data Center Knowledge - March 2nd, 2021
- Why now is the right time to invest in European quantum computing - Sifted - March 2nd, 2021
- Google Teams With D-Wave in Massive Quantum Computing Leap, Cracking Simulation Problem - The Daily Hodl - March 2nd, 2021
- SD Times Open-Source Project of the Week: PennyLane - SDTimes.com - March 2nd, 2021
- The Quantum Computing market is expected to grow from USD 472 million in 2021 to USD 1,765 million by 2026, at a CAGR of 30.2% - GlobeNewswire - February 14th, 2021
- The Quantum Comprehension Gap and the Emergence of Quantum Ethics - insideHPC - February 14th, 2021
- Quantum computing breakthrough uses cryogenics to scale machines to thousands of times their current size - The Independent - February 5th, 2021
- Cambridge named as world-leading centre of quantum computing research - Varsity Online - February 5th, 2021
- IBM's new roadmap for quantum computing promises 100x speedups and then some - Neowin - February 5th, 2021
- This company is using quantum-inspired algorithms to help create the OLED displays of the future - ZDNet - February 5th, 2021
- Quantum Computing 101 -What it is, how is it different and why it matters - The Jerusalem Post - January 31st, 2021
- A Quantum Leap Is Coming: Ones, Zeros And Everything In Between - Transmission & Distribution World - January 31st, 2021
- University of Glasgow partners with Oxford Instruments NanoScience on quantum computing - SelectScience - January 31st, 2021
- Caltech and NTT developing the world's fastest quantum computer - Digital Journal - January 31st, 2021
- Aliro Joins the Center for Quantum Networks (CQN) Industry Advisory Board to Lay the Foundations for a Commercially-Available Quantum Internet -... - January 31st, 2021
- Major Quantum Computing Projects And Innovations Of 2020 - Analytics India Magazine - January 2nd, 2021
- A little better all the time in 2021 - Science Magazine - January 2nd, 2021
- Quantum Computing Entwined with AI is Driving the Impossible to Possible - Analytics Insight - January 2nd, 2021
- QubitTech shapes the future of quantum computing - IBTimes India - January 2nd, 2021
- The Biggest Science Stories of 2020 | Technically Speaking - Inside Tucson Business - January 2nd, 2021
- Tech trends to watch in 2021 - India Today - January 2nd, 2021
- Tech trends in 2021: How artificial intelligence and technology will reshape businesses - The Financial Express - January 2nd, 2021
- The silver lining of 2020 - SouthCoastToday.com - January 2nd, 2021
- Quantum Computing Technologies Market Size, Share, Application Analysis, Regional Outlook, Growth Trends, Key Players, Competitive Strategies and... - January 2nd, 2021
- Malaysia: Leveraging On Digitalisation Trends - The ASEAN Post - January 2nd, 2021
- 01 Communique to Present at the SNN Network Canada Virtual Event on Thursday January 7, 2021 - IT News Online - January 2nd, 2021
- Beam me up: long-distance quantum teleportation has happened for the first time ever - SYFY WIRE - December 27th, 2020
- Global Quantum Computing Market Predicted to Garner $667.3 Million by 2027, Growing at 30.0% CAGR from 2020 to 2027 - [193 pages] Informative Report... - December 27th, 2020
- Two Years into the Government's National Quantum Initiative - Nextgov - December 27th, 2020
- Bitcoin is quantum computing resistant regardless of rising fears among investors - FXStreet - December 27th, 2020
- Fidelity Investments leaps back to the future in an experiment to restore active management to its lofty perch, using technology that is still more... - December 27th, 2020
- World first Australian solution to protect sensitive data from Quantum threat - Industry Update Manufacturing Media - December 27th, 2020
- Rewind 2020: Business, politics, social and professional impact, and what lies ahead - YourStory - December 27th, 2020
- As China Leads Quantum Computing Race, U.S. Spies Plan for a World with Fewer Secrets - Newsweek - December 15th, 2020
- Chinese quantum computer may be the most powerful ever seen - Siliconrepublic.com - December 15th, 2020
- Anyon Systems to Deliver a Quantum Computer to the Canadian Department of National Defense - GlobeNewswire - December 15th, 2020
- Show Your Work: D-Wave Opens the Door to Performance Comparisons Between Quantum Computing Architectures - HPCwire - December 15th, 2020
- NWA funding for taking quantum technology to the public Bits&Chips - Bits&Chips - December 3rd, 2020
- 01 Communique to Present at the Benzinga Global Small Cap Conference on December 8 - IT News Online - December 3rd, 2020
- Quantum Computing Market : Analysis and In-depth Study on Size Trends, and Regional Forecast - Cheshire Media - December 3rd, 2020
- Quantum computer race intensifies as alternative technology gains steam - Nature.com - November 19th, 2020
- Quantum computing now is a bit like SQL was in the late 80s: Wild and wooly and full of promise - ZDNet - November 19th, 2020
- Construction begins for Duke University's new quantum computing center - WRAL Tech Wire - November 19th, 2020