With the US National Institute of Standards and Technology (NIST) post-quantum cryptographic standard expected to be published this summer, companies need to start navigating the migration to quantum-safe cryptography. The most sustainable and effective way to make cryptosystems resilient for the quantum era is to establish cryptographic agility, or crypto-agility for short. IBM’s June Quantum Research blog provides guidelines written by Ray Harishankar,Michael Osborne, Jai S. Arun, John Buselli and Jennifer Janechek. IQT Briefs summarizes here.
Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it’s not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization’s cryptographic architecture, automation, and governance to allow for greater control and flexibility as you work to anticipate evolving cyber threats efficiently and with minimal disruption.
New quantum-safe cryptography standards will continue to emerge along with new regulations for security protocols as quantum computing technology advances. Therefore, you must be able to quickly locate and update cryptography across your IT landscape to address emerging cyber threats and vulnerabilities. That means understanding where cryptography is deployed across all the dependent components in a system and how it is implemented in each component.
Crypto-agility also manifests at the level of algorithm design and assurance. Cryptography providers should ensure that there are different algorithm implementations for different security strengths and that the algorithms dynamically scale in security strength based on configuration.
Building crypto-agility might seem like a significant undertaking, but the quantum-safe migration is the perfect time to begin this work.