TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Why businesses can’t ignore crypto agility – facing the facts before we’re in a post-quantum world

Why businesses can’t ignore crypto agility – facing the facts before we’re in a post-quantum world

November 09, 2020
Today’s encryption algorithms, when pitted against quantum tools, will be considerably less resilient and leave huge amounts of data vulnerable as a result. Experts have been predicting that this may happen as soon as 2025 – a forecast which has remained the same since the 1970’s. But where billions of dollars of investments are being made to facilitate AI, accelerate new material research, data analysis and more, research into post-quantum cryptography is still growing.

Because of these risks, there are a number of ways cybersecurity researchers, vendors and experts are debating about how to approach this reality. There are already efforts to develop technology that is resistant to quantum hacking, and some academics are even looking to leverage quantum-based cryptographic systems as a more secure alternative than their conventional analogues. This current line of thinking is called “crypto agility” – and it encompasses the range of policies, technology and initiatives organizations must dedicate themselves to in becoming resilient against quantum computing.

Crypto agility for quantum resilience

Crypto agility, which stems from post-quantum cryptography (sometimes also called quantum-resilient encryption) combines both strategic and technological initiatives to ensure effectiveness. In practice, it recommends two lines of action:

  1. Temporary solution: Architect your products and infrastructure in such a way that you can run a classical and a quantum secure algorithm in parallel.
  2. Permanent solution: Architect your products and infrastructure in a way that combines 2 quantum-safe cryptographic methods.

The benefits of being crypto-agile include the ability to quickly respond and recover from a crypto-incident (wide-scale or targeted), your organization’s encrypted data is increasingly resilient even as algorithms become compromised, and the cryptography supporting the backbone of your organization is even more sustainable in the face of quantum computing.

New call-to-actionAn uphill initiative

The challenges of implementing crypto agility protocols, coupled with the fact that this is still a growing faction of research, means organizations will likely struggle to get it right initially. Current protocols are generally used throughout the organization, but under systems controlled by different branches of business. Crypto agility initiatives will challenge organizations to coordinate successfully across them all – whether that is 1,000 employees, 500 administrators and 200 systems. Outlining and implementing unique best practices, as well as choosing and deploying the best technology for their systems will not be quick decisions. But ultimately, future-proofing for a post-quantum world is not something businesses cannot afford to ignore.

Crypto against the clock

There are a few factors that can help businesses make some smart choices about when to kickstart their crypto agility plan. (Hint: sooner is always better than later.) For example, organizations that need to keep “secrets” or ensure data remains confidential for long periods of time should implement crypto agility as soon as possible. However, because a system’s overhaul can be so time-intensive, it’s increasingly likely that the recommended time to start is now, regardless of industry.

Depending on the cost of the crypto-agility update and the value of the assets to be secured, businesses may also want to invest time and money into testing the rollout to determine, for example, the efficacy of the new deployments and note any disruptions or hiccups throughout the process. Blackberry, for example, spent 5 years to move from the Triple DES algorithm to AES as their basis for data encryption – while they were in control of all devices and the server.

So, when do businesses need to begin their crypto agility initiatives to ensure their algorithms are viable against the quantum computer? By calculating, in years, the lifetime of the product or asset that needs to be secured, added to the amount of time needed for testing and roll out and estimating when new, safe algorithms will be available, businesses can work backwards from an estimated deadline.

Here is a brief guide for decision-making based on industry:

  • government: With a lifetime of at least 30 years for IT infrastructure and 15 years for government-issued documents and passports, government entities should already be well on their way to crypto agility.
  • automotive: As the vehicles on our roads become increasingly smart, even working towards becoming fully autonomous, it becomes critical that their systems remain quantum-resilient. Product life is upwards of 15 years and development time is nearly 6 years on average, crypto agility should be integrated at least 21 years ahead of quantum computing.
  • energy: Like automotive, the energy industry is becoming smarter and more connected each day, effectively expanding the Industrial Internet of Things (IIoT). Energy and utilities organizations should integrate crypto agility based on the product lifetime of a smart meter ranging from 12-15 years.
  • healthcare and Science: Connected medical devices such as remote vital signs monitors have a product lifetime of around 5 years, whereas medical records must be kept confidential for 5-10 years depending on location. Hospitals, insurers and device manufactures should be starting their crypto-agility initiatives 5-10 years – plus the time to takes to develop and test the product – ahead of quantum computing.

New call-to-actionGetting started

Before embarking on their crypto agility journey, it’s recommended that organizations compile a precise and detailed inventory of their cryptographic assets – where each and every key has been injected across IT infrastructures and where they are stored.

Once the organization has a clear picture of its cryptographic ecosystem, it can begin to define strict policies for employees to manage the keys. Key groups are implementing the activity needed to secure their systems within the framework of post-quantum cryptography (PQC). With roles dispersed across the organization, it can act much quicker and be more effective should any of its algorithms become compromised. Driving this “culture” of crypto agility will likely be the IT/security team.

When it comes to the technology implementation and designing crypto agility into the foundation of protocols, it’s often recommended to use stateful hash-based signatures, which are widely accepted as a strong quantum-secure option. This is especially true for code signing. Nearly all experts agree that this can be accomplished today with existing technology.

A hybrid approach – marrying both stateless and stateful schemes – is another option for organizations looking to maximize quantum-resilience. For a given environment, organizations will need to consider signature size, performance and implementation concerns when considering which scheme will be implemented where, leveraging the benefits of each depending on the use case.

NIST has held an open call for quantum-resistant cryptographic algorithms for new public-key crypto standards, including digital signatures and encryption/key-establishment. With submissions closed in late 2017, the group is planning on selecting one or more quantum-safe algorithms to standardize and implement on a wide variety of platforms and applications. It’s likely that this will become one of the highly endorsed quantum-resilient options, however, it’s not recommended for organizations to wait until this becomes available.

A stronger foundation

It’s no secret that crypto agility initiatives will be challenging, especially as entities and individuals across the globe work out PQC in real time. However, the threat of the quantum computer against current algorithms is too great to ignore. Without crypto agility in place, organizations’ cryptographic assets become their Achilles’ heel.

New call-to-action

First published on:
Infosecurity Magazine – Why Businesses Can’t Ignore Crypto Agility

Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

CewTec S.A. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner CREAplus Italia S.r.l Rohde & Schwarz Cybersecurity GmbH Fortiedge Pte Ltd. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner Versasec MTG - Utimaco Hardware Security Modules Partner Microexpert Limited ESYSCO Sp. z o.o. PKI Solutions Inc. Utimaco HSM - InfoGuard Swiss Cyber Security Thomas-Krenn.AG Macroseguridad CertiSur S.A. Abrantix AG Encryption Consulting LLC PrimeKey Labs GmbH Telegrupp AS Primekey Solutions AB MIcrosec IQuantics Corp PETA (Thailand) Co., Ltd. Softline Solutions GmbH cv cryptovision GmbH intarsys AG Fornetix - Utimaco Hardware Security Modules Partner JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner Utimaco HSM - PTESA_profesionales en transacciones electronicas Cryptomathic GmbH Utimaco HSM - QuintessenceLabs Real security d.o.o. Perceptus-sp.-z-o.-o. Compumatica secure networks B.V. Cryptomathic A/S Altacom UAB Baas Control s.r.o. CREA plus d.o.o. Compumatica secure networks GmbH Nexus - Utimaco Hardware Security Modules Partner Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner VAR Group SpA - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd Nexus - Utimaco Hardware Security Modules Partner Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd EUROPEAN DYNAMICS SA. Nexus Technology GmbH E-Sign S.A. MALKOM D.Malińska i Wspólnicy s.j. Clearkey Consulting - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Ascertia - Utimaco Hardware Security Modules Partner CEGA Security SecureMetric Technology Sdn. Bhd. Cryptomathic Inc. Safesoft Kft.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research