“Cryptography is effectively everywhere,” states Mike Brown, CTO of ISARA. A foundational technology in almost everything we do today — banking, working, grocery shopping, streaming videos, traveling. With 2021 around the corner, what are the top cryptography trends that organizations need to be aware of?
Brown joined fellow industry leaders, Chris Hickman, CSO, Keyfactor, and John Ray, director of HSM product management, Thales, in the webcast, What to Watch Out for in 2021: Top Trends in Crypto, to share insights on cryptographic keys, digital certificates, and crypto agility. They highlighted these trends:
Public key infrastructure (PKI) has become critical especially in Internet of Things (IoT) and DevOps deployments. As the solution to enable, identify, and encrypt IoT devices, organizations need to ensure a secure root of trust is in place and be able to update software and keys securely. What about an IoT device with a longer shelf life? For example, cars, medical devices, airplanes, satellites — these critical devices have long in-field lives requiring their certificates to be updated. As for Dev Ops, some of the challenges are around non-compliant, self-signed certificates. The panel concurred that companies need to better align security with developer needs.
In 2021, organizations need to focus on their mission-critical security — including PKI and digital certificates, hardware security modules (HSMs), and physically embedded roots of trust. Especially organizations with big-stake security requirements that need to be future-proofed.
The group concurred that it’s time to get back to the simple things, such as putting security processes in place. 2021 will be a good time to understand what could be at risk and take inventory. Take inventory and understand where cryptography is across your organization. Brown calls this an “archeological expedition, to find out what you have in order to make sure you change what you need to.” Current cryptography will need to withstand whatever changes come our way.
When it comes to future proofing, how will large-scale quantum computing impact your current public-key cryptography? The quantum computing threat to public-key encryption is enormous. Large-scale quantum computers are on the not-too-distant horizon. They will be capable of breaking the underlying public-key cryptography and PKI at the core of every secure information exchange and transaction conducted today. With quantum computing, the encryption underling public-key cryptography becomes vulnerable to attack, making it obsolete. Not protecting from the eventuality will wreak havoc on trust infrastructures in every industry and sector, including government, military, energy, aviation, financial services, and automotive.
Why is it important to start strengthening and future-proofing your cryptographic infrastructures? “Cryptography is like plumbing. If you need to make changes to your plumbing, think of how disruptive and how much work that is to do to your house,” states Brown. Any type of large-scale crypto transition is a large IT project, according to Brown. “Federal governments will take anywhere from 13-20 years to do a large-scale crypto transition,” he adds. Banks typically forecast 7-10 years; car manufacturers have a 20-year duty cycles, from design and implementation to vehicles remaining on the road. Bridging the gap between current and quantum-safe security — and simplifying the transition — requires crypto agility. If organizations are prepared and take the necessary steps, they can avoid the crypto-pocalypse.
For more information on quantum-safe cryptography, we have resources for enterprises:
With shorter SSL/TLS certificate lifecycles and the threat of impending root CA expirations — combined with the looming threat quantum computers will have on current cryptography — 2021 should be the year to take action on quantum-safe migration preparation!