Priorities for Quantum-Safe Migration
(SecurityBoulevard) There is no greater cryptographic migration than the one which CISOs and CIOs have now started preparing for: from classical, public key cryptography to quantum-safe cryptography.
Cryptography within public key infrastructures is the foundation of today’s information-powered organizations, and the consequences of a successful attack against this foundation could be devastating. Governments, defense contractors and critical infrastructure enterprises have already taken the quantum threat very seriously and began preparations years ago. Now, enterprises in all industries must follow suit.
Large scale cryptographic migrations are immense undertakings, which often take years — or even decades — to complete. Cryptographic systems are complex, having been developed and extended over decades.
What can enterprises do now to strengthen and future-proof their cryptographic infrastructures?
Two things organizations must prioritize:
1) Inventory. The first step towards managing cryptographic risk is to improve cryptographic visibility by creating a full inventory of where, how and what cryptography is used. Organizations must also identify all business-critical systems, applications and information and their dependence upon the cryptographic assets; this dependency map should be closely linked to the cryptography inventory. An organization must extend its crypto-visibility into vendors, contractors, OEMs, third parties and partners.
2) Invest in crypto-agile solutions. Crypto-agility can help organizations bridge the gap between current and quantum-safe security. Many enterprises are looking to adopt a crypto-agile posture with minimal disruption to existing systems, standards and end users.
Crypto-agility describes the ability of an information security system to adopt and integrate new cryptographic algorithms without making significant changes to the system’s infrastructure. There are already crypto-agile solutions available to bridge the gap between classical and quantum-safe encryption — and there are real reasons to take action today:
- Systems, products and platforms being designed today, that will still be in use in a decade or more, need to be quantum-safe.
- Motivated threat actors are already harvesting communications protected by today’s classical cryptography — to decrypt with quantum computers in the future.
- The shift to quantum-safe algorithms will be the largest, most complex and time-consuming cryptographic migration in history.