The first thing is to ask ourselves what is crypto agility? It’s an ability to adopt alternate crypto primitives without significantly changing the entire infrastructure. If we're going to do a migration, then crypto agility is one of those tools or methodologies that's going to allow us to continue needed transitions over time. This becomes especially important when we look at the transition to support encryption in new quantum computing environments.
Crypto agility is that critical kind of safety measure or response mechanism that's going to aid us in seamless, less disruptive migration to quantum-safe cryptography. It's also why Crypto4A has really focused on ensuring that our QxEDGETM and QxCloudTM Hybrid Security Platforms could do hardware-based crypto agility by leveraging FPGA technology at the core of our processing platforms. We've got to be able to adapt and change as we go forward. While, there are still some unknowns as we continue to get closer to NIST’s post-quantum cryptography standardization, we can also predict that post-quantum cryptography may also continue to evolve. We don't know about future threats that may occur. We need to have that ability of full stack crypto agility to ensure that we can make the right tweaks and changes over time as part of an overall migration and operational strategy.
Here's one way to look at it. If we think about preparing for crypto agility, it’s important to remember the old saying, “never let a good crisis go to waste”. The opportunity here is to think about how and where you're using crypto within your environment, then take the opportunity to think about how you are going to change it in the future – and in an easier way. It’s like home renovations where you have to move some structural walls around. it’s a good time to do both the electrical and plumbing -it makes sense as its both easier and cheaper to make changes to those underlying systems. That's what we really think the work is all about when we're in this ‘architecture’ stage.
We talk to a lot of customers about quantum-safe crypto, and often the first question we get is, “well we don't really know where all our crypto is to know what the scope of any issues might be” (like what’s lurking behind that old wall). It’s that discovery stage where you create an inventory of applications, devices and systems that use encryption that we need to think about here, and this is the opportunity to plan for that transition to quantum safe to minimize system downtime and provide ample time to test and remediate any issues that may arise during the implementation phase. It’s also a great opportunity to do that discovery that will help you down the road. Here’s a checklist to consider:
- What certificates are in my environment?
- Where are they?
- What are they used for?
- What crypto are the systems that use those certificates using?
- What are you building yourself?
- What are you getting and when from your vendors?
- What is their roadmap to become quantum-safe?
Look at this as being a plan that you're forming that will solve the problem for you around quantum safety. But consider building in the crypto agility component so that the new next transition will be even easier and cheaper for you.
Incorporating new crypto into your machine identity management strategy is not something you want to wait on. You can get started with quantum-safe machine identities today with integrations that Crypto4A and our partner, ISARA, have built for the Venafi Trust Protection Platform. You can learn more about our quantum-ready integrations on the Venafi Marketplace.