Crypto agility is the ability to easily move to different encryption methods when necessary to keep data secure. As information grows in volume year-over-year and moves between devices, over the Internet, in the cloud and to the network’s edge, businesses recognize the importance of crypto agility. Add to this the impending arrival of quantum computers and their ability to break current encryption standards and crypto agility has never been so important or urgent. In fact, NIST believes crypto agility is imperative to successful post-quantum planning requirements and execution.
When Quantum Xchange first announced that its FIPS 140-2 validated quantum-safe key delivery system, Phio TX, supported PQC candidate algorithms, crypto agility was a core message. With the Jan. 14, 2020 announcement, the system now supports quantum keys from any key-generating source or protection method – math or physics-based (QRNG, QKD, PQC or a combination). The decoupling of key generation and distribution from data transmission and the adaptability of the Phio TX system – where users could begin with PQC then scale to QKD (or any other future key distribution technology) at any time without disrupting underlying infrastructure – contributed to the “true crypto-agility” battle cry.
In the two years since we first proclaimed our product was crypto agile, further advancements have been made. Phio TX continues to support all NIST round two and round three PQC Key Encapsulation Mechanism (KEM) candidate algorithms – meaning, customers can change PQC algorithms without disturbing their data networks. This example of crypto agility is especially important as NIST continues its down selection process, looking to publish the final standard by 2023-24. Even then, there is no guarantee that the cryptographic standards selected will not be broken by adversaries or vulnerable to implementation errors. And, if history has taught us anything, we know another 5-15 years will be needed before a full cryptographic transition is complete. So here again, being crypto agile is a business necessity.
If you rely on classic Public Key Encryption (PKE) – where the encryption key travels with the data it’s intended to protect – then true crypto agility is impossible to achieve. This is because adopting a new key distribution algorithm requires taking down the data networks and if an algorithm is compromised, the data is beached. A better, more secure approach is to bypass the inherent vulnerabilities and flawed architecture of PKE systems by deploying a next-generation key distribution system where key generation and delivery are decoupled from data transmission, and leverage out-of-band, quantum-safe symmetric key delivery technology.
To kick-start your crypto-agile plans, consider the following four steps:
- Establish Crypto Agility.
Develop and communicate clear policies and procedures that govern how your crypto is used. Inventory all crypto assets so you know where they are. Your IT asset managers should know all of the algorithms, crypto libraries, and protocols used in their applications and infrastructure. When you have a handle on your crypto assets, you can switch out crypto or replace vulnerable keys as necessary without compromising your security.
- Develop an Incident Response Plan
Be prepared when something happens to your crypto. Gartner specifies in its recommendations for achieving crypto agility that this should “include cryptographic alternatives and an algorithm swap-out procedure.”
- Maintain Crypto Agility
Once you establish crypto agility, it’s equally important to maintain it by making sure your crypto asset managers are invested in supporting the policies and taking care of their crypto. Automate crypto assets where you can. It’s also critical to work with hardware and software vendors who use the most current cryptography and can upgrade your assets within a reasonable amount of time.
- Future-Proof Your Crypto Agility – Avoid Obsolescence by Preparing Now for a Quantum Environment
The pending arrival of a quantum computer, and its ability to break today’s encryption standards, will spur the largest global cryptographic transition in the history of computing. The good news is there’s products available today like Quantum Xchange’s Phio TX that extends the life of existing encryption investments by making your crypto infrastructure immediately quantum safe and crypto agile.
The quantum-safe, out-of-band symmetric key delivery platform works seamlessly with an organization’s existing crypto and network infrastructure, has made PQC a standard feature within the Phio TX appliance, and enables organizations to easily layer in QKD for maximum security when it’s needed. The simple overlay architecture can be dropped into any crypto environment to enable a defense-in-depth approach to your data protection plans and an infinitely stronger cybersecurity posture now.
Only by decoupling key generation and delivery from data transmissions can organizations achieve crypto agility and a state of quantum readiness that doesn’t interrupt underlying infrastructure or business operations.
Learn more about how Quantum Xchange can help you achieve crypto agility that’s evergreen. Contact us.
