Contributed articles from thought leaders in enterprise software categories are collected in Solutions Review's Contributed Content Series. AppViewX's Murali Palanisamy examines the difficulties that digital certificate management will inevitably encounter in the "Quantum Era."
Digital certificates (SSL/TLS), most famous for showing a lock icon next to the “https” in a webpage's URL, give users the impression that the website they are interacting with is reliable. However, these certificates safeguard workloads and computers as well by encrypting connections between users, apps, and other digital assets. Organizations will eventually need to replace thousands of certificates across their hybrid and multi-cloud environments as quantum computing approaches.
Recently, organizations have been forced to update their digital certificates more frequently and upgrade their encryption algorithms as part of a security overhaul. The CA/Browser Forum's certification authorities (CAs), along with browser vendors like Apple and Google, have shortened the certificate's validity period and started thinking about what will happen to certificates and encryption algorithms in the future when quantum computers render them obsolete.
These modifications now make crypto-agility—the capacity to switch encryption standards and certificates with little to no disruption—essential for any organization hoping to secure its future before quantum computing forces its hand.
Overcoming the Quantum Era's Challenges with Digital Certificate Management
Quantum-Post Cryptography
Although post-quantum cryptography (PQC) is still in its infancy and is still in development, security experts are already working hard to create it because they believe the future of quantum computing is not far off. According to a recent study, it would still take a very strong quantum computer 104 days to crack current encryption. However, if Moore's Law is any indication, users—and hackers—will eventually have access to those powerful quantum computers.
PQC must go above and beyond traditional cryptography, which depends on parsing big numbers, which is easy for a quantum processor to accomplish. It makes use of mathematical techniques like code-based cryptography, which is concerned with error correction and changing numbers, lattice-based cryptography, which organizes its computations using a grid-like structure, and multivariate polynomial cryptography, which is based on a set of quadratic equations, that resist the straight-line factoring of numbers that quantum computing makes possible.
Several organizations are addressing the situation and working to establish standards for post-quantum cryptography before hackers gain access to quantum computers. Notably, to assist organizations globally in safeguarding the certificates that permit encryption from this new technology, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) is finishing up a review to standardize quantum-resistant encryption algorithms.
Asymmetrical encryption is used in most modern encryption, including Secure Socket Layer (SSL) and Transport Layer Security (TLS) certificates used in websites, applications, and cloud services. In this type of encryption, data is encrypted using a public key that is accessible to authorized users only, and is decrypted using a private key.
Regrettably, new standards are being developed because most of the protocols commonly used in this kind of encryption, like RSA and ECC (Elliptic Curve Cryptography), are susceptible to quantum decryption. As we get closer to the quantum era, one of them—AES (Advanced Encryption Standard), which was created by NIST and is currently in use by the US government—is advised for data protection.
Order Quantum Crypto-Agile Right Away
Organizations need to figure out how to implement new PQC certificates while preserving their current operations, especially with quantum computing just around the corner. By laying the groundwork for PQC and the inevitable regulatory issues that follow, crypto-agility can assist in this situation.
Additionally, it can assist organizations in being more proactive in preventing crypto compromises, mitigating attacks, and facilitating the switch to the safer SHA-2 in the interim. Organizations ought to think about implementing crypto-agility immediately in order to get ready for Google's plan to shorten the validity of TLS certificates from 398 days to just 90 days.
Take into account the following best practices when creating a crypto-agile certificate lifecycle management (CLM) process:
- Recognize your advantages: Locate, examine, and compare all of the organization's cryptographic assets—public and private keys, digital certificates, and machine identities—with the resources—devices, apps, machine identities, and cloud services—that they are protecting.
- Take stock of your cryptocurrency holdings: One of the objectives of crypto-agility is visibility, so monitor and assess the cryptographic standards being used to ensure that they adhere to industry standards. Organizing a thorough inventory of all your certificates, correlated with their owner, location, expiration date, and Certificate Authority (CA), can be beneficial.
- Establish policies: To ensure that the most recent cryptographic techniques are being used, set up and enforce enterprise-wide crypto policies for the entire company. These policies should specify when and how to use, modify, and phase out crypto instruments and algorithms.
- Leverage Automation: By creating a single point of control for more effectively managing digital assets and the certificates that go with them, CLM automation can enable crypto-agility. Additionally, it can aid in minimizing crypto failures that might render the organization inoperable. Most importantly, automation can meet security and regulatory requirements as cryptography advances and ease the transition to PQC without requiring time-consuming or expensive retrofitting.
Although the post-quantum future is still theoretical, it will come into reality sooner than we think, much like most digital tools. Think about how quickly most businesses now face enormous management challenges as a result of artificial intelligence. To stay ahead of the disruption, now is the moment to embrace crypto-agility and get ready for the quantum computing leap.
No comments