Thales | Cloud Protection & Licensing Solutions
Blair Canavan, Thales
Dr. Vladimir Soukharev, InfoSec Global
The advent of quantum computers poses a substantial threat to various industries due to their potential to compromise standard encryption methods that protect global data, communications, and transactions. This vulnerability could expose sensitive enterprise information to risk. Even before quantum computers possess this compromising capability, adversaries have initiated Harvest Now, Decrypt Later (HNDL) attacks, seizing potentially sensitive data for future adversarial decryption. To counter HNDL, migrating critical systems to Post-Quantum Cryptography (PQC) provides encryption and authentication methods resistant to an attack from a cryptographically relevant quantum computer (CRQC). This looming threat prompted InfoSec Global to collaborate with Thales to provide the market with the ability to kick-start their journey toward quantum safety by collecting granular relevant information on their current cryptographic posture.
Our blog will highlight the significance of utilizing analytics-driven solutions to efficiently discover, manage, and protect cryptographic assets within an organization's environment, including keys and certificates, algorithms, ciphers, libraries, etc. We will describe the value in providing granular cryptographic insights provided by AgileSec™ Analytics into Thales products like CipherTrust Manager (CTM) and Luna Hardware Security Modules (HSM) which will ensure enhanced security, compliance, and operational efficiency. We also revisit the PQC standardization process and its implications for businesses worldwide.
The NIST PQC Initiative
Standardization bodies have been working hard to provide much-needed guidance and resources to facilitate the transition to quantum safety worldwide. In the U.S., The National Institute of Standards and Technology (NIST) has long played an active role in shaping cybersecurity best practices. Notable examples include the widely utilized Advanced Encryption Standard (AES) algorithm, the Rivest-Shamir-Adleman (RSA) algorithm, and, more recently, the Secure Hash Algorithm 3 (SHA-3). Recognizing the looming quantum threat in 2016, NIST embarked on a process to standardize Post-Quantum Cryptography (PQC) algorithms, as illustrated in this timeline detailing the events for this initiative.
From the outset, NIST acknowledged that this undertaking would be notably more intricate compared to the processes for AES and SHA-3. One reason is the increased complexity of requirements for public key cryptography (key encapsulation mechanisms and digital signatures) compared to symmetric cryptography. Another challenge stems from the extensive range of proposed solutions derived from research. Evaluating such diverse approaches presents unique challenges, including considerations of security, key sizes, latency, bandwidth, and the ease of secure implementation. Nevertheless, the standardization process has made great strides, and finalized quantum-safe algorithms will likely be released sometime in 2024. NIST recommends starting the migration process by mapping existing critical systems and building a comprehensive cryptographic inventory as an essential element for this undertaking.
InfoSec Global AgileSec™ Analytics: The Ultimate Cryptographic Discovery Solution
AgileSec™ Analytics is an advanced solution designed to scan an organization's network, applications, databases, and cloud-native and hybrid environments intelligently. By employing sophisticated analytics algorithms and data-driven techniques, this solution ensures the precise identification and management of cryptographic assets, regardless of their location or form.
The integration of AgileSec™ Analytics with Thales encryption and key management products brings forth several compelling advantages:
- Strengthened Security: The integrated solution provides comprehensive visibility over an organization's cryptographic assets by seamlessly discovering and cataloging cryptographic assets in on-prem, cloud-native, or hybrid ecosystems. This heightened visibility reduces the risk of overlooking critical assets or potential vulnerabilities, thus fortifying overall security.
- Streamlined Key Management: Manual asset discovery and management methods are time-consuming and prone to human error. The integrated solution automates the entire process, thereby reducing administrative burdens and streamlining key management workflows, improving operational efficiency.
- Enhanced Compliance: Compliance with data protection regulations necessitates maintaining an accurate inventory of cryptographic assets. The integrated solution assists in meeting regulatory standards by providing an up-to-date record of keys and certificates, enabling smoother audits and compliance checks.
All of it, on the Thales Solutions you are already using:
AgileSec™ Analytics enables organizations to export discovered cryptographic assets in a format compatible with Thales CipherTrust Manager and Luna HSMs. This ensures a secure and smooth transfer of keys and certificates into the CipherTrust Manager ecosystem and Luna HSMs, providing a comprehensive overview of cryptographic assets within the organization.
The Thales integration solution empowers organizations to effortlessly extract digital key information, offering a sophisticated correlation of key usage across the entire ecosystem. This dynamic integration enhances security measures, streamlines key management processes, and ensures a unified approach to cryptographic control.
Moreover, AgileSec™ Analytics streamlines cryptographic discovery and key management processes by providing a centralized platform for discovering and correlating key information. This efficiency not only saves time and resources but also ensures a more proactive and strategic approach to cryptographic asset management. The seamless integration with Thales CipherTrust and Luna HSM reinforces trust in the tool, making it an indispensable asset for organizations seeking heightened security and efficiency in their cryptographic endeavors.
A clear path to quantum safety:
Integrating AgileSec™ Analytics with Thales marks a transformative step toward enhancing an organization's data security. Organizations can efficiently discover, manage, and protect cryptographic assets, including against quantum attacks, leveraging analytics-driven solutions, and improving security, regulatory compliance, and operational efficiency. The seamless portability of assets to Thales cryptographic solutions further strengthens key management practices, ultimately safeguarding sensitive data and ensuring compliance with industry regulations. This integration signifies a significant advancement in cryptographic discovery solutions, unlocking a future where security and efficiency go hand-in-hand. Learn more about this integration here, or please contact us to talk further.