QuSecure Makes the Case for Cryptographic Agility

Joey Lupo / Dark Reading / 13 October 2023

Read the full article from Dark Reading here.

Overall, the migration to PQC brings a couple of key considerations for enterprise security to the forefront. First, the PQC standardization process is still ongoing. Experts continue to attack and probe the candidates, while submission teams look to patch deficiencies and optimize implementations in software and hardware. In the short term, the shifting PQC landscape requires cryptographic agility in libraries, protocols, and applications to securely navigate the migration away from vulnerable public-key algorithms.

Second, the PQC process more broadly reminds us that cryptographic algorithms have a life cycle. Classical public-key algorithms are nearing the end of their life cycle, whereas most of the PQC algorithms are still at the beginning. No one can foresee if a new classical or quantum attack will make a particular algorithm obsolete and require yet another migration — or if another technology as disruptive as quantum computing is on the horizon. Consequently, it is critical that we engineer systems that can adequately respond to new developments. Orchestrated and agile cryptography is a vision to achieve this lofty goal and empower organizations to meet security, regulatory, and compliance goals at scale.

Though the PQC migration represents a major challenge for organizations across government and industry, it also represents a fantastic opportunity to shift the enterprise cryptography paradigm toward one of agility and orchestration.