Quantum-Safe Readiness: Where to Start?

The new year is a good time to learn something new, try different things, and make changes. Here’s your chance to do all three! ISARA’s senior advisor and co-founder, Mike Brown, participated in a four-part blog post series with Crypto4A Technologies via Venafi, in which he outlines the impact of quantum computing, what organizations can do today, how to prepare PKIs, how to make machine identities safe, and what hybrid certificates are all about.

In his blog post, Quantum Computing Readiness: 3 Areas to Focus on Today, Brown discusses the business impact of organizations delaying quantum readiness: vulnerability to breaches, reputational damage, and financial loss. How do organizations minimize the potential impact of quantum computers on modern cryptography? Brown advocates the implementation of quantum-safe cryptography and the importance of starting now. He outlines specific use cases to help focus efforts:

Future-proof your communications systems
If I'm in an organization today, and I'm thinking about preparing for the quantum threat, the first thing I'm going to do is focus on future-proofing communications. Quantum computers are expected about 10 years from now. If they can break commercial communications, then I need to ready my communications today so that they are protected 10 years from now. I should start looking at solutions now to prepare and protect my communications systems.
Plan your identity and access management migration
Even with new algorithms and processing power, machine identities will still have a strong role in protecting quantum computing. Now, I have this public key infrastructure, the Certificate Authority, that we use for protecting and identifying and authenticating users in my environment. Machine identities are impacting and being used by so many different systems in my environment. I need to start thinking about that IT migration problem and solve it to make sure my systems are ready today for quantum developments tomorrow.
Prepare for authenticated software and firmware updates
We will still need to authenticate machines in a post-quantum world. For example, my vehicle that might be getting software updates over the air is relying upon a root of trust, which I know needs to be protected in order for my software update to be authenticated. If I'm a car manufacturer, or I'm an OS provider who is relying on a root of trust within a computer system, I should start thinking today about how I protect myself from the quantum threat so that my over-the-air software updates can’t be spoofed by an adversary.

Are You Ready for Quantum Safety?

In Brown’s blog post, How to Prepare Your PKI for Quantum Computing, he outlines how to prepare for an agile transition for organizations to prepare their infrastructures to be quantum safe. “As an industry, we've gone through crypto transitions a number of times before — Triple DES to AES, MD5 hash functions and SHA-1 to SHA-2. But this one will be bigger. Changes in key sizes as well as this quantum-safe transition is the largest transition we've had to think about from a cryptographic perspective.”

7 Questions to Ask Now

John O’Connor, VP product management, at Crypto4A Technologies, offers a checklist of questions that organizations should ask as they are working toward quantum safety in his blog post, Crypto Agility and Quantum Preparedness: Build Now for the Future:

What certificates are in my environment?
Where are they?
What are they used for?
What crypto are the systems that use those certificates using?
What are you building yourself?
What are you getting and when from your vendors?
What is their roadmap to become quantum-safe?

“Incorporating new crypto into your machine identity management strategy is not something you want to wait on,” states O’Connor. Learn more about quantum-ready integrations that Crypto4A and ISARA have built for the Venafi Trust Protection Platform.

Take Action Now with Hybrid Certificates

Venafi’s Juan Carlos Gutierrez Torres interviews Brown and O’Connor in the blog post, Get Quantum Ready with Hybrid Certificates. Brown explains, “The idea of a hybrid certificate is to utilize the existing X.509 structure to include both a ‘classical public key’ — your RSA or elliptic curve key — and a quantum-safe key. Maybe it's Dilithium or maybe it's SPHINCS+.” O’Connor adds, “The only way to get started on this transition is to start creating a migration plan and start testing these things out. It's going to take a long time, so of course we will need support from many devices and many systems across our enterprises. But now is the time to get started. It doesn't need to be difficult.” Gartner is talking about 2022 to 2023 when organizations need to have plans in place, states Brown. “This is very much a coming, near-term reality that organizations need to grapple with now!”

“The hardest part is starting. Once you get that out of the way, you’ll find the rest of the journey much easier,” says author and inspirational speaker, Simon Sinek. At ISARA, we can help you get started with future-proofing your organization’s critical infrastructure and assets. Check out ISARA’s Advance® Crypto Agility Suite, a cryptographic management platform that reveals your blind spots and equips you to act.