Cryptography is the foundation of authentication, authorization, confidentiality, data integrity, and more. It is the foundation of digital trust; it is the enabler of overall enterprise security. Any threat to cryptography is a threat to be taken seriously. In today’s increasingly connected ecosystems, broken cryptography can result in mayhem — unauthorized access to sensitive information, damage to critical infrastructure, lost control over devices and data — the list is endless. As every organization in every industry knows (or should know), mission-critical assets, systems, and data are crown jewels, which require the utmost attention, management, and protection. Unsurprisingly, maintaining and protecting these crown jewels is easiest when the enterprise knows precisely where, what, and how effective they are.
Can you identify and defend your organization’s crown jewels? It’s an important question and one asked in a recent Infosecurity Magazine thought piece by Uri Levy, SVP global strategy, XM Cyber. Levy observes that simply throwing money at the problem will not solve it. “It is not necessarily how much you are spending but how you choose to spend your cybersecurity budget. Fundamentally, getting it right means having the tools to ensure you can identify and protect your most valuable assets.”
We agree.
ISARA’s new enterprise security solution, Advance® Crypto Agility Suite, provides insight into the cryptography used throughout an organization’s infrastructure, including in those pesky blind spots. The number of devices, systems and technologies used within enterprises continues to rapidly grow and shows no signs of slowing down. This makes it increasingly difficult for organizations to identify and manage their cryptographic assets. Consequently, creating and spending a quality cybersecurity budget is becoming increasingly difficult. As if it were not hard enough already. Learn how to make cryptographic management easier.
Cryptographic Infrastructures Need to be Visible to Reduce Risk
“Having the visibility necessary to reduce risk is one of the most critical parts of security...A single view across the battlefield is vital,” advocates Levy. Cryptographic infrastructures need to be visible, managed, and upgraded whenever necessary — with minimal disruption to normal business operations. “We created ISARA Advance to enable the discovery, management, and remediation of cryptographic infrastructure from a central dashboard, to help organizations account for cryptography, save time, and reduce upgrade disruptions,” said Alan Panezic, chief product officer at ISARA.
The National Cybersecurity Center of Excellence (NCCoE ), a part of the Department of Homeland Security and the National Institute of Standards and Technology (NIST) has undertaken a collaborative project to bring awareness to the issues surrounding migration to post-quantum cryptographic algorithms and to develop and share best practices to ease that migration. The NCCoE and NIST have circulated the draft project, Migration to Post-Quantum Cryptography, asking for feedback from the community. ISARA is grateful to have had the opportunity to provide input to this crucial project. Some our recommendations included:
From the Migration to Post-Quantum Cryptography draft, “the initial scope of this effort is to demonstrate the discovery tools that can provide automation assistance in identifying where and how public-key cryptography is being used in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications employed in data centers on-premises or in the cloud and distributed compute, storage, and network infrastructures. The recommended project will engage industry in demonstrating use of automated discovery tools to identify all instances of public-key algorithms used in an example network infrastructure’s computer and communications hardware, operating systems, application programs, communications protocols, key infrastructures, and access control mechanisms.”
The Importance of Quantum-Safe Migration
Current public-key cryptography is expected to be broken by a large-scale quantum computer within 7-10 years, creating widespread threats and putting organizations and their systems and data at risk. Transitioning to new cryptographic standards is complex and could take enterprises and governments at least a decade or more to complete. Now is the time to begin implementing quantum-safe technologies, policies, and procedures. “Make sure your organization is making plans to be ahead of the quantum threat. Do your research. Do a quantum risk analysis, and make sure somebody is designated to be in charge of crypto-agility with regards to quantum computers,” recommends Dustin Moody, Ph.D., NIST mathematician.
"...Before large-scale quantum computers are built, we need to migrate our systems and practices to ones that cannot be broken by quantum computers. For systems that aim to provide long-term confidentiality, this migration should happen even sooner,” states Dr. Michele Mosca, founder of the Institute for Quantum Computing and professor in the Dept. of Combinatorics & Optimization at the University of Waterloo.
Susan Miller, editor at Government Computer News, outlines NIST’s recommendations for post-quantum cryptography migration:
Organizations can stay ahead of cryptography threats by integrating crypto agility and quantum-safe security now. Learn more about the ISARA Radiate® Quantum-Safe Toolkit, built for OEMs and developers who want to test and integrate next-generation post-quantum cryptography into their commerical products. After all, when it comes to cryptographic management, we want to minimize the mayhem and maximize effectiveness.