The new year is a good time to learn something new, try different things, and make changes. Here’s your chance to do all three! ISARA’s senior advisor and co-founder, Mike Brown, participated in a four-part blog post series with Crypto4A Technologies via Venafi, in which he outlines the impact of quantum computing, what organizations can do today, how to prepare PKIs, how to make machine identities safe, and what hybrid certificates are all about.
In his blog post, Quantum Computing Readiness: 3 Areas to Focus on Today, Brown discusses the business impact of organizations delaying quantum readiness: vulnerability to breaches, reputational damage, and financial loss. How do organizations minimize the potential impact of quantum computers on modern cryptography? Brown advocates the implementation of quantum-safe cryptography and the importance of starting now. He outlines specific use cases to help focus efforts:
In Brown’s blog post, How to Prepare Your PKI for Quantum Computing, he outlines how to prepare for an agile transition for organizations to prepare their infrastructures to be quantum safe. “As an industry, we've gone through crypto transitions a number of times before — Triple DES to AES, MD5 hash functions and SHA-1 to SHA-2. But this one will be bigger. Changes in key sizes as well as this quantum-safe transition is the largest transition we've had to think about from a cryptographic perspective.”
John O’Connor, VP product management, at Crypto4A Technologies, offers a checklist of questions that organizations should ask as they are working toward quantum safety in his blog post, Crypto Agility and Quantum Preparedness: Build Now for the Future:
“Incorporating new crypto into your machine identity management strategy is not something you want to wait on,” states O’Connor. Learn more about quantum-ready integrations that Crypto4A and ISARA have built for the Venafi Trust Protection Platform.
Venafi’s Juan Carlos Gutierrez Torres interviews Brown and O’Connor in the blog post, Get Quantum Ready with Hybrid Certificates. Brown explains, “The idea of a hybrid certificate is to utilize the existing X.509 structure to include both a ‘classical public key’ — your RSA or elliptic curve key — and a quantum-safe key. Maybe it's Dilithium or maybe it's SPHINCS+.” O’Connor adds, “The only way to get started on this transition is to start creating a migration plan and start testing these things out. It's going to take a long time, so of course we will need support from many devices and many systems across our enterprises. But now is the time to get started. It doesn't need to be difficult.” Gartner is talking about 2022 to 2023 when organizations need to have plans in place, states Brown. “This is very much a coming, near-term reality that organizations need to grapple with now!”
“The hardest part is starting. Once you get that out of the way, you’ll find the rest of the journey much easier,” says author and inspirational speaker, Simon Sinek. At ISARA, we can help you get started with future-proofing your organization’s critical infrastructure and assets. Check out ISARA’s Advance® Crypto Agility Suite, a cryptographic management platform that reveals your blind spots and equips you to act.