Blog

How Crypto-Agile Is Your Organization?

July 9, 2020
Steve Fox

Cryptographic agility (crypto-agility) is the new imperative for CIOs. The National Institute of Standards and Technology (NIST) calls crypto-agility the new imperative for the quantum computing era. The idea of agility in business is nothing new; our digital transformation has catapulted the idea of product flexibility within tumultuous markets into a standard best practice. Quantum computing has arrived ...

But the concept of crypto-agility has risen to the forefront of tech in part because of the staggering volume of cryptographic algorithm breaks occurring. As the number of digitally connected devices skyrockets, how should your crypto technology that makes these diverse platforms interoperable remain secure?

UNDERSTANDING CRYPTO-AGILITY

To the layperson, the nebulous idea of encryption may be the standard, but IT security teams know what can be made, can also eventually be broken. Think back to 2017’s discovery of “Secure” Hash Algorithm 1’s (SHA-1) weakness that allowed cybercriminals to forge a digital fingerprint to create fake software updates. When Google released the latest Chrome version, they marked SHA-1 HTTPS certificates as unsafe and NIST banned their use way back in 2010. But we know organizations still rely on these algorithms to process credit cards and protect electronic documentation.

Fast forward to 2020, where we’re on the cusp of quantum computing, a time when Security Boulevard predicts, “Along with this greater power, some of today’s foundational crypto algorithms will be broken by quantum computers, making data security in a post-quantum world a top concern.”

The idea of algorithm security is cybersecurity at the micro-level. Creating a security strategy for the backbone functions used to encrypt digital data flows requires a level of crypto-agility that is both necessary and difficult for the average enterprise to transition to.

BEST PRACTICES FOR CRYPTO-AGILITY

The first step toward crypto-agility is to inventory the digital tools that use these algorithms. This is extremely difficult when the list of digitally connected devices is so long. While it’s standard to maintain a software and hardware inventory, tracking cryptographic algorithms takes security to a new level. But without this kind of visibility, your organization simply will not stay ahead of security threats. Crypto-agility requires an understanding of the encryption algorithms your vendors are using and how often and how quickly they provide updates. Some best practices include:

  • Look for hardware vendors that have a certificate for the use of crypto algorithms such as Transport Layer Security (TSL)/Secure Sockets Layer (SSL).
  • Select vendors that use public-key cryptography such as RSA to encrypt messages.
  • Symmetric-key encryption with sizes from 128 to 256 bits is important. (The higher the key size the harder it is to break.)

But this is just the first step toward crypto-agility. The point is that, like any IT security, the threats are evolving. For example, SHA-2 has the same weakness as SHA-1, so most security teams recommend SHA-3. But SHA-3 is so new that most software and hardware don’t support it yet. In either case, creating a plan for how your enterprise will migrate from older crypto algorithms is the next step in the process toward true agility.

But quantum computing is coming, and that is perhaps one of the best arguments for why crypto-agility will be so important in the future. With the new era of faster, smarter computing comes more risk that our core crypto algorithms will become a security threat. In fact, NIST and other security watchdog groups say that quantum computing will break RSA public-key cryptography, which is our current encryption standard.

Organizations must make the move to crypto-agility. The worst time to consult a cybersecurity firm is when you need one. Consult with a qualified cybersecurity team to help your organization be proactive in evaluating and mitigating emerging security threats.

«  Back To All Articles
Next Article
  »
Misconfigurations for Office 365
5 Most Common Attacks That Dodge Your Firewall.
4 Pentest Paradoxes You Must Get Right
Do a Risk Assessment before buying MDR
6 Rules of Engagement for any Penetration Test
Cyber Alliance Program
Your Perimeter is Disappearing
Cybersecurity Acronyms for Retirement Administrators
XDR, MDR, SOAR - Acronyms of Cybersecurity Detection & Response
Test Blog Post 3
Test Blog Post 2
White Paper - XDR for Retirement Systems
The Total Cost of Ransomware - 7 Categories
The Power of Data Continues to Grow
Who Shares Responsibility for Data Security in a Health Crisis?
Identifying Cloud Security Gaps in a Remote Workforce
Mid-year Threatscape Assessment and Review of Significant Cyber Incidents
Front Line Report: 2020 Election Cybersecurity Threats
The Rising Stakes of Compliance: GDPR, CCPA, and Others
Increasing Healthcare Cybersecurity With a Proactive Defense Strategy
5 Ways to Lower Risk and Maintain Privacy in Your Organization
9 Tips for Detecting and Preventing DDoS Attacks
5 Ways to Secure Your Access Control Vulnerabilities
6 Strategies to Prevent SQL Injection Attacks
7 Commonly Neglected Security Tasks: DMARC, DNS Calls, And More
The Impact Of A Cyber Attack On A Nation
History Matters: Cyber Attacks From The 1980S
What Healthcare Organizations Need To Know About Samsam Attacks
Reflecting On 2019: Blockchain, AI, Machine Learning, Cryptojacking, And More
California Consumer Privacy Act (CCPA): What You Need To Know
Why Covid-19 Phishing Criminals Love Machine Learning (Ml)
Malicious Bot Activity Continues To Rise As Employees Work From Home
How Crypto-Agile Is Your Organization?
How Businesses Can Prepare For The Coming Iot Surge
Where To Find Cybersecurity Help: Addressing The Security Expert Shortage
Ransomware: To Pay Or Not To Pay?
How Expensive Is A Data Breach?
Looking Ahead: The Cybersecurity Landscape In 2021
Attack On Solarwinds Infiltrated U.S. Government Networks: What It Means For You
5 Best Practices To Secure Your Remote Workforce
Top 5 Most Dangerous Ransomware Attacks — And How To Protect Your Business
Reduce Data Breach Costs With Artificial Intelligence
5 IoT Trends To Continue Watching In 2021
AI Poisoning: What You Need To Know To Protect Your Business
Zero Day Exploits: Advanced Cyberattacks
Why Users Should Never Auto-Fill Forms: Browser Exploit Overview
Don't Be Fooled By Padlocks And SSL Certificates
5 Ways To Shield Executives From Whaling Attacks
How Artificial Intelligence (AI) Is Helping Cyber-Criminals
Why Breaches Are Becoming More Difficult To Defeat
History Matters: Cyber Attacks From The 1960S
History Matters: Cyber Attacks From The 1970S
History Matters: Cyber Attacks From The 1990s
History Matters: Cyber Attacks From The 2000S
The Rise Of Mobile Malware
Growing Concerns Over Voice Phishing Scams
Stopping The Spread Of 5G Security Vulnerabilities
Why Small Business Is A Big Cyber Crime Target
Feeling The Heat: Geopolitical Cybersecurity Threats
The Role Of Artificial Intelligence In Effective Cyber Attacks
Absolute Zero: Zero Trust And Zero Standing Privileges
Data Security Challenges in the New Era of Remote Work
Why Penetration Testing Has Never Been More Important
5 Ways to Protect Your Business From Phishing Attacks in 2021

join our email list

Security Pursuit logo
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
Professional ServicesProduct Solutionsaboutpartnersblogcontact
denver office
2000 Araphahoe Street, Suite 1
Denver, CO 80205
720-675-7668
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
san francisco office
2315 Montgomery Street, 10th Floor
San Francisco, CA 94104
415-735-4225
© 2021
Designed by H1 Web Development