Putting Zero Trust 2.0 into practice in five steps (InfoGuard Cyber Security Newsletter)

Crypto agility in the Post-quantum Era: The Key to the IT Security of the Future

The future of cryptography is at a turning point. The evaluation of algorithms for post-quantum cryptography (PQC) by the U.S. National Institute of Standards and Technology (NIST) has paved the way for a new era of IT security, with the new encryption algorithms available now. Designed to withstand the threats posed by quantum computing, they take your IT infrastructure into the post-quantum age. We’ll show you how your company can take advantage of this while preparing for new challenges at the same time. The answer is simple: crypto agility.

Crypto agility? It's a must!

Crypto agility describes the ability of an IT system to react quickly and effectively to changes in cryptographic algorithms and protocols. In a world where cyber threats are on the rise, this cryptographic agility is crucial. The risks posed by quantum computers make this flexibility absolutely essential. Why? Experts expect quantum computers to compromise many of the encryption methods used today in very short order. Act now to ensure now that your systems are both secure and future-proof.

What does post-quantum cryptography mean?

Post-quantum cryptography (PQC) encompasses cryptographic methods that are resistant to attacks by quantum computers. The CRYSTALS-Kyber, CRYSTALS-Dilithium and Sphincs+ algorithms developed by NIST are specifically designed to remain secure in an era of powerful quantum computers. Companies that switch to PQC gain a clear edge in their defence against future threats.

The four pillars of crypto agility

Modularity is the be-all and end-all of any crypto agile solution. Your IT infrastructure must have a modular structure that enables you to update encryption functions easily. This is the only way to replace individual components without having to redevelop the entire system.

 

1.    Flexibility

Crypto agile systems need to be flexible so they can react to new threats. This means that different encryption algorithms have to be supported and it must be possible to implement new security protocols.

2.    Open standards 

Transparency and openness are essential for crypto agility. Systems need to be based on open standards, as this is the only way we can guarantee interoperability and future customisation.

3.    Lifecycle management

The cryptographic components need to be updated regularly and managed in a structured manner. This includes the continuous monitoring of security vulnerabilities and rapid response to new threats – with no exceptions.

4.    Safety assessment

Regular audits by independent organisations ensure that your systems comply with the latest security standards.

Table 1: The four pillars of crypto agility

Five practical steps and you’re all set for a crypto agile future

The implementation of crypto agility requires a clear strategy and awareness of continuous adaptation. 

1.    Inventory and assessment

Transparency about the current cryptographic environment and the existing risks. Based on:

  • Cryptographic inventory: Recording of all cryptographic algorithms, key lengths, tokens, certificates, protocols and applications used in the systems.
  • Risk analysis: Identifying vulnerabilities, especially with regard to the threat posed by quantum computers. Risk assessment of potential impact on sensitive data and systems.
  • Compliance audit: Ensuring that the cryptographic procedures comply with current requirements and standards.
2.    Strategy development and planning  

Developing a strategic roadmap for the transition to crypto agility:

  • Setting priorities: Prioritising the systems and applications that need to be adapted first.
  • Modularisation: Planning a flexible, modular architecture (including microservices, containers and API gateways) that enables the exchange of cryptographic algorithms.
  • Definition of standards: Defining the standards and guidelines that are to apply to the implementation of crypto agility (e.g. based on NIST recommendations).
  • Involvement and testing of suppliers: Evaluation of your software and technology suppliers’ cryptographic procedures. Requesting information on update schedules and planned transitions to post-quantum algorithms.
3.    Technical implementation

Introduction of quantum-safe algorithms and infrastructure to support crypto agility.

  • Migration to PQC algorithms: Transition to the selected post-quantum algorithms.
  • Guaranteeing interoperability: Ensuring that old and new algorithms can be used in parallel for a transitional period to ensure uninterrupted use.
  • Automated key management: Implementing systems for managing and regularly updating keys and certificates.
4.    Monitoring and continuous adjustment

Ensuring that systems are continuously monitored and adjusted if necessary.

  • Regular safety checks: Continuous security assessments and penetration tests to identify vulnerabilities in the crypto agility as implemented.
  • Monitoring vulnerabilities: Monitoring developments in cryptography in order to quickly recognise vulnerabilities and respond to new threats.
  • Automated updates: Automated processes for updating algorithms and protocols to enable rapid adaptation to new security requirements.
5.   Training and organisational adaptation

Establishing a corporate culture of crypto agility.

  • Employee training: training the IT team and all relevant departments in the basics of crypto agility.
  • Creating an emergency plan: procedures for the rapid deployment of new algorithms in an emergency in order to remain operational in the event of threats from quantum attacks.
  • Establishing a culture of change: a corporate culture that supports continuous technological adaptation and sees change as an opportunity to be proactive in closing security gaps.

Table 2: The 5 practical implementation steps for crypto-agile IT

The era of crypto agility starts now

Threats from quantum computing are far from fictional. Quite the contrary: they’re increasingly becoming an integral part of our reality. Since the course for the new era of IT security has been charted, there are no more excuses. Crypto agility is no longer a “nice-to-have”, but has become a match-critical “must-have”. The right time to prepare for the challenges of the post-quantum era is now. An IT infrastructure geared towards crypto agility enables you to secure your data and thus the future of your company.

Implementing crypto agility? We’re by your side.

Our experts will guide you step-by-step as you evaluate and optimise your crypto agility. We’ll support you in identifying and analysing your existing algorithms. On that basis, we work with you to develop a crypto agility strategy that suits your infrastructure. We implement this strategy together and ensure that your company is optimally prepared for the challenges of the post-quantum era.

Set course for the new digital age  and contact us for a Crypto Agility Assessment.

Contact us!

 

Caption: with FLUX.1 [dev] generated image

<< >>

Architecture

Markus Limacher
About the author / Markus Limacher

InfoGuard AG - Markus Limacher, Head of Security Consulting, Mitglied des Kaders

More articles from Markus Limacher


Related articles
Crypto agility puts IT Architecture in the Spotlight
Crypto agility puts IT Architecture in the Spotlight

Leaf Mound plc tackles crypto agility head on to bring its IT architecture up to speed for “Q-Day”. Find out [...]
Crypto-Agility – Are You Ready for the Post-Quantum Era?
Crypto-Agility – Are You Ready for the Post-Quantum Era?

In a world where cyber threats continue to grow, crypto-agility will be a critical component of [...]
Ensuring business continuity: The central role of BCMS in crisis management
Ensuring business continuity: The central role of BCMS in crisis management

Business Continuity Management (BCM) is rapidly gaining in importance in the modern corporate landscape. [...]

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media
infoguard-cyber-security-guide-2