Making wholesale changes to the elements that guarantee trust in your network is rarely easy and simple. Many organizations may not be fully aware of the extent of the usage of cryptography in all their operations and applications. Whenever considering a project, it is worthwhile to consider and analyze at least the following aspects:
Increased key size and processing power requirements
The post-quantum algorithms generally use longer key sizes and require more processing power. This may disrupt some applications or affect latency by the application responses to the users. Proper testing and adequate computing power adjustments may be necessary.
Legacy application compatibility
Some libraries used by legacy applications may not support post-quantum cryptography, sometimes the cryptographic objects are even hard coded to the application. In such instances, it is necessary to make corresponding changes to the systems and preferably migrate to the protocols and libraries, which support the transition to post-quantum cryptography.
Coordination with external partners
Cryptography is often used to secure communication between external parties. If you want to switch to post-quantum algorithms, you will need to synchronize with the external parties with whom you want to communicate in a secure way. This process may be ever more difficult, in the case of service providers, who provide trusted certificates to guarantee trust on the internet. If you have thousands of small customers, you should have a gradual migration process prior to switching off the legacy technology and algorithms.
Securing already encrypted and signed data
Most companies store substantial amounts of data as back up or evidence of their records. Such data is often signed or encrypted to protect its integrity and confidentiality. This data can be of enormous importance to them, if they ever have a cyberattack or some operational incident, which affects the running databases. It is particularly important to bear in mind that such data is no longer secure if the algorithms which protect them are broken. Ensuring long term protection, validity and integrity requires applying new secure algorithms also to such data and applying timestamps, so that long term validity and integrity can be unequivocally proven.
Lack of accurate data about cryptographic objects
Having an up-to-date inventory of all your cryptographic objects with a good understanding of their use and purpose is a prerequisite for any successful migration project.
Lack of investment and attention
Cryptography is often below the radar of some of the decision makers, who allocate resources and funds for IT projects. This may result in inadequate tools and underestimated resources.
Lack of automation and crypto-agility
Many technologies are not prepared to make wholesale changes to the cryptographic objects and may require manual efforts to upgrade the existing technology stack. This may not be viable, if the number of certificates and cryptographic keys is in the millions as is the case with some larger corporations.
Successfully navigating these challenges requires careful planning, resource allocation, and collaboration across different teams and external partners. It is essential for organizations to prioritize post-quantum cryptography migration to ensure the continued security and integrity of their data and communications in the face of future quantum computing threats.
Get more information about the CZERTAINLY
CZERTAINLY is an open-source platform for effective and efficient trust lifecycle management and automation for companies of any size and individuals. One of its goals is to provide an easy and affordable way to secure digital communication and support information security in more and more connected world.