Here in the vast expanse of the Quantum Sands—immediately adjacent to the Certificate Savannah—situations feel like they can change at the drop of a hat. Droughts then floods, familiar vulnerabilities and all-new threats.
Oh, speaking of—one lingers on the horizon right now.
A quantum sandstorm. And she’s a doozy. The swirling sands quickly approach, claps of thunder and arcs of lightning heralding its arrival. And right in front of it, a herd of ostriches. Let’s move in for a closer look. Careful now.
See how they poke and preen. It’s quite curious, that very stark contrast in their behaviors.
On the one hand, half have already noticed the oncoming sandstorm, and they stand paralyzed in fear as the first few granules sweep across their claws.
Meanwhile, the other half simply dunk their head into the nearest dunes, ignoring the storm in the hopes it’ll dissipate.
More lightning crackles, and yet, the storm rolls ahead…
Let’s pull back from our feathered friends to examine the broader landscape of post-quantum readiness—which, you’ll soon see, isn’t so different.
Struthious, Attenborough-esque asides, well, aside, the current state of quantum readiness is an alarming one, and it mirrors the curious patterns described in the introduction.
In our recent research report gauging readiness for 90-day TLS certificates, we also surveyed 800 security leaders about present sentiments on quantum computing and the migration to quantum-resistant cryptography.
Two camps emerged: dread and denial. Let me explain.
Of those surveyed, 86% believe that taking control of the management of keys and certificates is the best way to prepare for future quantum risks.
But that sounds like it’s easier said than done, because:
- 67% of security professionals think shifting to post-quantum cryptography will be a nightmare, as they currently don’t know where all their keys and certificates are located.
- 67% dread the day the board asks about their post-quantum cryptography migration plan, for similar reasons.
In addition to those fearing the transition, large percentages of others would prefer to deny that it’s happening at all, while knowing full well that quantum will inevitably catch up with them sooner or later.
Nevertheless, they’re postponing any action for the time being.
- 78% say that if a quantum computer capable of breaking encryption is built, they will “deal with it then.”
- 60% say quantum computing doesn’t present a risk to their business today or in the future.
- 67% dismiss the issue, saying it has become a “hype-ocalypse.”
Organizations Largely Unprepared for the Advent of 90-day TLS Certificates
Why quantum readiness can no longer be a “tomorrow problem”
The winds of change are certainly whistling through today’s digital landscape, because on August 13, 2024 the National Institute of Standards and Technology (NIST) released their first three quantum-resistant standards: FIPS 203, FIPS 204 and FIPS 205.
With this monumental step, it’s apparent that perspectives and tendencies related to quantum computing need to change. Why? Well, now that developers and security teams are no longer stuck in limbo, waiting for the first set of standards to arrive, it’s time for rubber to meet the road.
Because long before that quantum storm rolls in, teams will need to implement automated certificate management to meet five times the number of TLS certificate renewals they have today.
The double whammy of 90-day TLS certificates and post-quantum cryptography
Just as the herd above is about to face a looming threat, our cryptographic ecosystem is experiencing its own challenges, with quantum computing being just one of them. Another major concern for security teams is Google’s proposed reduction to 90-day maximum TLS validity (from the current 398 days), which is expected to go into effect in 2025.
Both impending squalls require a similar, underlying foundation of automated, crypto-agile machine identity security, which allows your team to quickly track down and swap out susceptible or expiring machine identities.
But automation is only one part of the equation. A successful readiness plan for 90-day TLS and post-quantum cryptography also requires careful, systematic coordination of your people, processes and technologies.
It can be helpful to view the shift to 90-day TLS certificates as a dress rehearsal for your migration to post-quantum cryptography. If you prepare for 90-day TLS certificates now, you’ll make your job significantly easier when the time comes to navigate a post-quantum migration.
Prepare for the Future of Cybersecurity: InfoSec's Guide to Post-Quantum Readiness
Don’t be a quantum ostrich. Prepare now with Venafi.
We understand that ever-evolving cryptographic scenarios, like the recent announcement of post-quantum standards from NIST, may have you feeling a little ruffled. But Venafi’s industry-leading experts can help you weather the storm, both for 90-day TLS readiness and post-quantum migration.
Plus, our purpose-built Control Plane for Machine Identities is already equipped with the CA-agnosticism and crypto-agility you need to handle large-scale changes like these.
So, whether you’re traversing the vast expanses of the Quantum Sands or the Certificate Savannah, remember that you can rely on Venafi to help your business stay successful—and secure.