t cht lk
t cht lk
However , upgrading hardware and IoT devices can introduce issues . For example , some hardware may lack the memory required to store keys that are significantly larger than those required for classical algorithms .
Other devices may lack the computing power required to support the new algorithms . As they plan their initiative , organizations need to apply a ‘ security by design ’ strategy where their post quantum crypto algorithms will be pushed to the hardware that have the capability of supporting them .
Crypto agility is essential
Avesta Hojjati , VP of Engineering and Head of
R & D , DigiCert
Regardless of which algorithms organizations choose , they will want to make sure that they have an agile framework and process in place at any moment , at any given time .
factorization problem wouldn ’ t take years – it could take a few days , minutes or even seconds .
Facing that kind of computing power and speed , cryptographic mainstays like RSA , ECC and AES could suddenly become vulnerable – and all the trusted digital interactions they support are put at risk .
New solutions are on the way
It ’ s clear that the post-quantum computing threat is real and it ’ s coming up fast . According to estimates from the Cloud Security Alliance , quantum technology could be able to break cybersecurity infrastructure in just six years .
The good news is that government and industry groups are hard at work helping organizations strengthen their cryptography , so they can be prepared for attacks that may lie on the horizon .
The National Institute of Standards and Technology ( NIST ) has announced three algorithms to be standardized for post-quantum digital signatures . The new encryption schemes , Dilithium , Falcon and SPHINCS +, are set to be finalized this year .
Crypto agility empowers organizations to automatically move from an algorithm that potentially could be broken to an algorithm which is safe and secure – at scale .
Crypto agility is based on three key pillars : discovery , automation and visibility .
Gaining visibility with discovery
A discovery process is critical to gain full visibility into cryptographic processes that are deployed across the organization – or will be in development . Organizations should conduct a thorough inventory to gain visibility into all their cryptographic libraries .
Most IT professionals are familiar with a software bill of materials ( SBOM ), but they ' re probably not familiar with a crypto bill of materials or CBOM .
Most organizations would probably be unable to present a list of all the cryptographic libraries across all of their organizations – or identify which algorithms are being used and where they reside .
That ’ s why the discovery step is so important , because you cannot automate or manage what you can ’ t discover .
These new algorithms will be key to ensuring postquantum digital trust , but it ’ s still up to organizations to put them in place . Since cryptographic solutions are deeply integrated into most enterprises , elevating security presents some challenges of its own .
From a software perspective , the actual task of implementing upgrades to post-quantum algorithms is similar to the software update processes that organizations are already utilizing .
Scaling up with automation
Automation is the second key pillar of crypto agility .
After completing the discovery , to set up asset management across the entire organization , organizations should be able to automate the process of replacing cryptographic libraries in devices and endpoints such as load balancers and web servers , as well as clients such as web browsers .
76 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com