putilov_denis – Stock.adobe.com
by
Release date: October 28, 2024
Quantum computing promises to enable organizations to optimize processes, overcome logistical challenges, reduce costs, and improve decision-making. However, the advanced capabilities and computational power of quantum computing also means that current cryptographic algorithms will no longer provide the protection they once did.
The quantum computing market is still in its infancy, with a revenue forecast of approximately $1.3 billion in 2024, but is expected to grow to $5.3 billion by 2029. Current asymmetric cryptography is at risk, so it's important for organizations to prepare for post-quantum cryptography (PQC) now. — A key aspect of this is the adoption of cryptographic agility.
What is crypto agility and why is it important?
Cryptographic agility is an approach that allows systems to dynamically transition between multiple cryptographic algorithms, mechanisms, and key management systems as needed to counter threats. Apply changes without disrupting your system's infrastructure. This approach is both a proactive defense measure and an incident response tool in the event that a cryptographic algorithm is found to have been compromised.
A successful crypto-agile system is one in which algorithms can be easily switched, at least in part through automation. The goal of agile cryptographic management is to enable organizations to future-proof their systems' ability to resist cryptographic threats.
Steps to achieve cryptographic agility
The best way to overcome post-quantization security challenges is to have a solid implementation plan:
- Create cryptographic agile policies and processes. Create and implement policies and processes to switch algorithms if they are compromised. Automate these processes when possible.
- Create a communication and incident response plan. All organizational staff should understand their individual role in implementing crypto agile policies and keeping stakeholders informed of changes. We also train employees on new tools and processes, as well as how to recognize and respond to post-quantum threats that may arise.
- act cryptography Asset inventory. Keep an inventory of your cryptographic algorithms, digital certificates, and key management systems to understand the full scope of your PQC migration and decide where to implement your PQC algorithms first. Please check back regularly to keep our inventory up to date.
- Implement a key management system. Cryptographic keys must be managed, updated, and rotated on a consistent basis. Key management systems help automatically create, store, and replace cryptographic keys.
- implement public Major infrastructure For PQC. Use PKI to automatically create, distribute, manage, maintain, and replace keys and digital certificates.
- Consider legacy systems. Create a practical migration plan for non-Agile systems to avoid potential problems. First, determine which systems and applications can be updated, and then determine how to update and protect them. Be sure to budget for the costs associated with moving to PQC.
- Perform rigorous system testing and ongoing validation. Test and audit quantum security controls and processes to detect and remediate weaknesses and vulnerabilities. Also consider your backup and recovery strategy.
- Prepare for future threats with quantum computing. Quantum computing can help strengthen an organization's security posture. For example, consider quantum machine learning that can speed up threat identification and detect attacks before they enter the network.
Amy Larsen DeCarlo has covered the IT industry for more than 30 years as a journalist, editor, and analyst. As a Principal Analyst at GlobalData, she is responsible for managed security and cloud services.
Dig deeper into data security and privacy
