Technology Record - Issue 29: Summer 2023

63 isn’t only because of the time and effort it will take to transition to post-quantum cryptography (PQC) but also because there are threats that exist today – namely with long-life data and devices. The main known threat for long-life data – which needs to remain confidential for more than 10 years – is ‘harvest now, decrypt later’. This is where bad actors harvest data today with the intention of decrypting it once we have a quantum computer with the capabilities to do so. To prepare for the transition to PQC, businesses must take a series of steps to ensure the migration is smooth. The first step is to assign a leader to oversee the organisation-wide strategy and then take a cryptographic inventory, looking at the hardware and software, as well as cryptographic assets like keys, certificates and secrets. This will ensure organisations have the right technology in place to support the requirements of PQC or provide visibility into all cryptographic assets to help determine if they are crypto agile. From there, businesses must modernise their infrastructure around cryptographic assets and technology, ensuring all essential components are in place such as a centralised certificate life cycle management. It’s also important to have postquantum-ready infrastructure including public key infrastructures and hardware security modules. Although the standards are not yet finalised, we do have a first set of approved quantum-safe crypto algorithms from the US National Institute of Standards and Technology’s PQC competition. While draft standards are expected this summer, it’s important for firms to be working with vendors to identity PQC testing opportunities within their networks and start testing with these initial algorithms to understand their overall impact. It’s also vital to remember that crypto is dynamic and changes over time, as do best practices for adopting standards, so these initial steps will put businesses in a good position to evolve as the landscape does. The quantum threat is inevitable, and the journey to quantum safe will be complex, but there is still time to prepare – and that time is now. Samantha Mabey is product marketing director at Entrust Photo: iStock/shapecharge

RkJQdWJsaXNoZXIy NzQ1NTk=