To achieve long-term data protection in todays fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are at risk.
So, what do we mean when we talk about crypto-agility? Fundamentally, you will have achieved crypto-agility when your security systems are able to rapidly deploy and update algorithms, cryptographic primitives, and other encryption mechanisms. Going a step further, it means you have achieved complete control over cryptographic mechanisms your public key infrastructure (PKI) and associated processes and can quickly make whatever changes are needed without intense manual effort.
The replacement of manual processes with automated ones is critical to keeping up with accelerating change. As computing power and security technologies continue to evolve at a faster and faster pace, your existing cryptographic infrastructure is destined to become obsolete in a few years unless you can keep it upgraded to the latest technologies. Notably, threats continue to evolve as well.
Moreover, as the world transforms to depend on digital systems more fully, weve embedded cryptography deeply into virtually every communication system in the world. Its no longer possible for cryptography to remain isolated from other critical systems. The vast interdependent nature of modern systems makes it imperative that IT teams have the ability to respond quickly or face the risk of major outages and disruption.
Cryptographic standards like RSA, ECC, and AES that are in broad use today are constantly being updated with more advanced versions. Eventually governing bodies like NIST get in the act and mandate the use of the latest standards, with browser and cloud providers often raising the bar as well. To avoid becoming non-compliant, you must have the ability to quickly upgrade all your systems that rely on deprecated cryptography.
A robust, cryptographically agile infrastructure also brings other long-term benefits and plays a critical role in preventing security breaches. Achieving crypto-agility will make your operations teams more efficient, and eliminate unnecessary costs such consulting fees, temporary staff, fines, or remediation costs.
Such scenarios can unfold when a bad actor gains admin access, for instance, and may or may not have issued certificates. This uncertainty means that certificates from the impacted certificate authority (CA) can no longer be trusted and all certs from that CA must be revoked and re-issued. Without crypto-agility and a clear understanding of your potential exposure, youre looking at a costly all-hands-on-deck response to track and update hundreds or thousands of certs. And, of course, anytime you have humans involved with security response, youre opening yourself to human error and further compromise and outages.
The looming threat of quantum computing some say we could see 100,000x faster quantum computers as soon as 2025 represents another compelling reason to focus on improving your crypto-agility. While all crypto algorithms are breakable on paper, the incredible computing power required for such a feat does not currently exist. That could change with quantum computers which one day will be able to break most existing algorithms and hash function in minutes or hours.
To avoid the doomsday scenario where every system in the world is potentially exposed to compromise, work is already underway toward quantum-safe cryptography. However, given how little we know about quantum computing and the inability to perform real-world testing, its safe to assume there will be considerable give and take before quantum-safe algorithms are widely available.
In the meantime, your cryptography, certificate management and key distribution systems must be agile enough to adapt to this very real emerging threat. The table below presents a scenario of the time and expense involved with swapping out existing cryptography for quantum-safe cryptography. In this scenario, with incomplete or partial automation most enterprises would be looking at a 15-month vulnerability period compared to just six days when a fully automated solution has been put in place.
A comparison of quantum doomsday mitigation scenarios
Crypto-agility is a complex topic at scale and working towards it requires a multifaceted approach. Changes need to be made to security setups in organizational policy, operating methods, and core technology and processes. Your PKI may need to be upgraded and enhanced to support rapid swaps of cryptography, and software development procedures may need to be revamped to incorporate a nimbler approach to cryptography as opposed to being bolted on top of finished software.
The first step toward true crypto-agility is to understand the extent of your cryptographic exposure. This is accomplished by tracking down every digital certificate deployed across the organization and capturing details including algorithms and their size, the type of hashing/signature, validity period, where its located and how it can be used.
Once you have a complete inventory, youll then need to identify the vulnerable certificates by the type of cryptography in use and look for anomalies and potential problems. These can include certificates that use wildcards or IP address, certificates located on unauthorized or unintended systems as well as certificates abandoned on deprecated systems.
Finding your certificates and vulnerability isnt enough by itself to deliver crypto-agility youre still looking at the aforementioned 15-month-long process if you need to swap everything out manually.
Here are three pillars of crypto-agility that will put your organization on the right path toward withstanding whatever the future holds:
#1 Automate discovery and reporting. At the push of a button, you should be able to produce a full report of all your cryptographic assets. This will allow you quickly identify vulnerable cryptography and to report anomalies. There are any number of tools available to help you do this, but ideally certificate reporting should just be incorporated into an automated PKI solution.
#2 Automate PKI operations at scale. The ideal solution here is a fully automated Certificate Management Systems (CMS) that will manage the entire lifecycle of a certificate from creation to renewal. When the CMS is used to create a certificate it should have all the data it needs to not only monitor the certificate for expiration but automatically provision a replacement certificate without human intervention.
#3 Be nimble. At an organization and management level, your IT organization from DevOps through to day-to-day operations staff need to be ready for threats and change. You should carefully evaluate and rethink all aspects of your PKI to identify areas that may lock you into a particular vendor or technology.
The risk of having a slow-to-respond cryptographic infrastructure is increasingly daily, not only as digital transformations increase our dependency on inter-connected systems but as external threats and technology evolve with increasing pace. Looming above it all is the threat of quantum computing. Put it all together and its clear that the time to automate your PKI and move toward crypto-agility is at hand.
Read the original here:
The crypto-agility mandate, and how to get there - Help Net Security
- The Quantum Computer Revolution Is Closer Than You May Think - National Review - May 3rd, 2017 [May 3rd, 2017]
- Time Crystals Could be the Key to the First Quantum Computer - TrendinTech - May 3rd, 2017 [May 3rd, 2017]
- quantum computing - WIRED UK - May 3rd, 2017 [May 3rd, 2017]
- Chinese scientists build world's first quantum computing machine - India Today - May 3rd, 2017 [May 3rd, 2017]
- Here's How We Can Achieve Mass-Produced Quantum Computers - ScienceAlert - June 6th, 2017 [June 6th, 2017]
- D-Wave partners with U of T to move quantum computing along - Financial Post - June 6th, 2017 [June 6th, 2017]
- Team develops first blockchain that can't be hacked by quantum computer - Siliconrepublic.com - June 6th, 2017 [June 6th, 2017]
- Telstra just wants a quantum computer to offer as-a-service - ZDNet - June 6th, 2017 [June 6th, 2017]
- Research collaborative pursues advanced quantum computing - Phys.Org - June 6th, 2017 [June 6th, 2017]
- Quantum Computing Market Forecast 2017-2022 | Market ... - June 6th, 2017 [June 6th, 2017]
- Quantum Computing Is Real, and D-Wave Just Open ... - WIRED - June 7th, 2017 [June 7th, 2017]
- FinDEVr London: Preparing for the Dark Side of Quantum Computing - GlobeNewswire (press release) - June 9th, 2017 [June 9th, 2017]
- Purdue, Microsoft to Collaborate on Quantum Computer - Photonics.com - June 9th, 2017 [June 9th, 2017]
- Scientists May Have Found a Way to Combat Quantum Computer Blockchain Hacking - Futurism - June 9th, 2017 [June 9th, 2017]
- Microsoft and Purdue work on scalable topological quantum computer - Next Big Future - June 12th, 2017 [June 12th, 2017]
- HYPRES Expands Efforts in Quantum Computing with Launch of European Subsidiary SeeQC - Business Wire (press release) - June 12th, 2017 [June 12th, 2017]
- From the Abacus to Supercomputers to Quantum Computers - Duke Today - June 13th, 2017 [June 13th, 2017]
- Accenture, Biogen, 1QBit Launch Quantum Computing App to ... - HIT Consultant - June 14th, 2017 [June 14th, 2017]
- The US and China "Quantum Computing Arms Race" Will Change Long-Held Dynamics in Commerce, Intelligence ... - PR Newswire (press release) - June 14th, 2017 [June 14th, 2017]
- Quantum Computing Technologies markets will reach $10.7 billion by 2024 - PR Newswire (press release) - June 14th, 2017 [June 14th, 2017]
- A Hybrid of Quantum Computing and Machine Learning Is Spawning New Ventures - IEEE Spectrum - June 14th, 2017 [June 14th, 2017]
- KPN CISO details Quantum computing attack dangers - Mobile World Live - June 16th, 2017 [June 16th, 2017]
- Get ahead in quantum computing AND attract Goldman Sachs - eFinancialCareers - June 16th, 2017 [June 16th, 2017]
- Accenture, 1QBit partner for drug discovery through quantum ... - ZDNet - June 16th, 2017 [June 16th, 2017]
- Toward optical quantum computing - MIT News - June 17th, 2017 [June 17th, 2017]
- Quantum computing, the machines of tomorrow | The Japan Times - The Japan Times - June 17th, 2017 [June 17th, 2017]
- Its time to decide how quantum computing will help your ... - June 18th, 2017 [June 18th, 2017]
- Israel Enters Quantum Computer Race, Placing Encryption at Ever-Greater Risk - Sputnik International - June 20th, 2017 [June 20th, 2017]
- Prototype device enables photon-photon interactions at room ... - Phys.Org - June 20th, 2017 [June 20th, 2017]
- Dow and 1QBit Announce Collaboration Agreement on Quantum Computing - Business Wire (press release) - June 21st, 2017 [June 21st, 2017]
- Imperfect crystals may be perfect storage method for quantum computing - Digital Trends - June 21st, 2017 [June 21st, 2017]
- Dow Chemical, 1QBit Ink Quantum Computing Development Deal - Zacks.com - June 22nd, 2017 [June 22nd, 2017]
- Google on track for quantum computer breakthrough by end of 2017 - New Scientist - June 22nd, 2017 [June 22nd, 2017]
- USC to lead project to build super-speedy quantum computers - USC News - June 24th, 2017 [June 24th, 2017]
- The Quantum Computer Factory That's Taking on Google and IBM ... - WIRED - June 24th, 2017 [June 24th, 2017]
- The weird science of quantum computing, communications and encryption - C4ISR & Networks - June 27th, 2017 [June 27th, 2017]
- Multi-coloured photons in 100 dimensions may make quantum ... - Cosmos - June 30th, 2017 [June 30th, 2017]
- Global Quantum Computing Market Growth at a CAGR of 35.12 ... - PR Newswire (press release) - June 30th, 2017 [June 30th, 2017]
- Qudits: The Real Future of Quantum Computing? - IEEE Spectrum - IEEE Spectrum - June 30th, 2017 [June 30th, 2017]
- New method could enable more stable and scalable quantum ... - Phys.Org - June 30th, 2017 [June 30th, 2017]
- Quantum computers are about to get real | Science News - Science News Magazine - June 30th, 2017 [June 30th, 2017]
- Quantum Computing - Scientific American - June 30th, 2017 [June 30th, 2017]
- Australia's ambitious plan to win the quantum race - ZDNet - July 3rd, 2017 [July 3rd, 2017]
- How quantum mechanics can change computing - The Conversation - The Conversation US - August 24th, 2017 [August 24th, 2017]
- UNSW joins with government and business to keep quantum computing technology in Australia - The Australian Financial Review - August 24th, 2017 [August 24th, 2017]
- UNSW launches Australia's first hardware quantum computing company with investments from federal and NSW ... - OpenGov Asia - August 24th, 2017 [August 24th, 2017]
- Finns chill out quantum computers with qubit refrigerator to cut out errors - ZDNet - August 24th, 2017 [August 24th, 2017]
- Hype and cash are muddying public understanding of quantum ... - The Conversation AU - August 24th, 2017 [August 24th, 2017]
- IEEE Approves Standards Project for Quantum Computing ... - insideHPC - August 24th, 2017 [August 24th, 2017]
- Silicon Quantum Computing launched to commercialise UNSW ... - ZDNet - August 24th, 2017 [August 24th, 2017]
- The Era of Quantum Computing Is Here. Outlook: Cloudy ... - January 30th, 2018 [January 30th, 2018]
- The Era of Quantum Computing Is Here. Outlook: Cloudy | WIRED - February 6th, 2018 [February 6th, 2018]
- Quantum computing in the NISQ era and beyond - February 6th, 2018 [February 6th, 2018]
- What is quantum computing? - Definition from WhatIs.com - February 6th, 2018 [February 6th, 2018]
- Quantum computers - WIRED UK - February 19th, 2018 [February 19th, 2018]
- Is Quantum Computing an Existential Threat to Blockchain ... - February 21st, 2018 [February 21st, 2018]
- What is Quantum Computing? Webopedia Definition - March 25th, 2018 [March 25th, 2018]
- Quantum Computing Explained - WIRED UK - April 15th, 2018 [April 15th, 2018]
- Quantum computing: A simple introduction - Explain that Stuff - June 2nd, 2018 [June 2nd, 2018]
- What are quantum computers and how do they work? WIRED ... - June 22nd, 2018 [June 22nd, 2018]
- How Quantum Computers Work - July 22nd, 2018 [July 22nd, 2018]
- The reality of quantum computing could be just three years ... - September 12th, 2018 [September 12th, 2018]
- The 3 Types of Quantum Computers and Their Applications - November 24th, 2018 [November 24th, 2018]
- Quantum Computing - VLAB - January 27th, 2019 [January 27th, 2019]
- Quantum Computing | Centre for Quantum Computation and ... - January 27th, 2019 [January 27th, 2019]
- Microsofts quantum computing network takes a giant leap ... - March 7th, 2019 [March 7th, 2019]
- IBM hits quantum computing milestone, may see 'Quantum ... - March 7th, 2019 [March 7th, 2019]
- Quantum technology - Wikipedia - March 13th, 2019 [March 13th, 2019]
- Quantum Computing | D-Wave Systems - April 18th, 2019 [April 18th, 2019]
- Microsoft will open-source parts of Q#, the programming ... - May 7th, 2019 [May 7th, 2019]
- What Is Quantum Computing? The Complete WIRED Guide | WIRED - May 8th, 2019 [May 8th, 2019]
- The five pillars of Edge Computing -- and what is Edge computing anyway? - Information Age - October 1st, 2019 [October 1st, 2019]
- Moore's Law Is Dying. This Brain-Inspired Analogue Chip Is a Glimpse of What's Next - Singularity Hub - October 1st, 2019 [October 1st, 2019]
- Experts Gather at Fermilab for International Workshop on Cryogenic Electronics for Quantum Systems - Quantaneo, the Quantum Computing Source - October 1st, 2019 [October 1st, 2019]
- Princeton announces initiative to propel innovations in quantum science and technology - Princeton University - October 1st, 2019 [October 1st, 2019]
- Detecting Environmental 'Noise' That Can Damage The Quantum State of Qubits - In Compliance - October 1st, 2019 [October 1st, 2019]
- Quantum Computing beginning talks with clients on its quantum asset allocation application - Proactive Investors USA & Canada - October 1st, 2019 [October 1st, 2019]
- What is quantum computing? The next era of computational evolution, explained - Digital Trends - October 1st, 2019 [October 1st, 2019]
- IT sees the Emergence of Quantum Computing as a Looming Threat to Keeping Valuable Information Confidential - Quantaneo, the Quantum Computing Source - October 23rd, 2019 [October 23rd, 2019]
- More wrong answers get quantum computers to find the right one - Futurity: Research News - October 23rd, 2019 [October 23rd, 2019]