Post-Quantum Cryptography Solutions: A New Era for Secure Online Transactions

Post Views: 5

Establishing Post-Quantum Cryptography Readiness in Enterprises

The ongoing debate surrounding post-quantum cryptography (PQC) has led many organizations to focus on algorithms and timelines, but they often struggle to identify their existing cryptographic usage. Recent announcements from major players like Google and Cloudflare highlight the importance of moving towards PQC, with goals to fully migrate by 2029.

Current Challenges

Lack of visibility into cryptographic inventory
Cryptography embedded in multiple aspects of modern computing
No single tool providing comprehensive coverage

Organizations face a complex challenge due to the widespread nature of cryptography, which includes public key infrastructures (PKIs), cloud storage, and application code. Establishing a centralized “Crypto Center of Excellence” (CryptoCoE) is recommended to maintain a comprehensive bill of materials and guide policy-making.

According to experts, continuous discovery, prioritization by risk, and remediation strategies are essential for effective PQC implementation. Risk assessment should consider factors such as credential lifespan, attack surface exposure, blast radius, and dependency chains.

The Path Forward

Discover: Identify cryptographic usage
Prioritize: Assess risk and determine order of remediation
Remediate: Implement changes to address vulnerabilities
Add Crypto-Agility: Continuously monitor and adapt

Leveraging technology and automation is crucial to expediting progress, similar to the approach taken in software Bill of Materials (SBOM). Organizations can estimate the time required for PQC adoption based on size and scope, ranging from 5 to 12 years for small and medium-sized enterprises, respectively.

Those who start this process now are doing so on time, considering the planning horizon set by major players operating significant portions of the internet’s cryptographic surface.