Content
PQC
What is the quantum risk and its impact on data security?
The strength of data encryption depends on the algorithm used to protect it. The effectiveness of encryption relies on the algorithm's robustness against potential attacks.
Quantum risk refers to the threat of quantum computing, which could compromise encryption methods like RSA and Elliptic Curve Cryptography. This poses a challenge to the foundation of current data security practices.
What are the implications of data sensitivity vs time?
The "Harvest now, encrypt later" concept suggests that attackers can harvest data until technology catches up, even if it is currently adequately encrypted. It raises questions about the long-term sensitivity of data, especially considering evolving threats and technology advancements.
When will quantum computing pose a threat to encryption methods?
While no concrete date exists, strong indicators suggest that the post-quantum era may begin between 2023 and 2030. This shift could render many public key-based protocols vulnerable to eavesdropping and disclosure of data that is encrypted with today's algorithms.
Which protocols and certificates may become vulnerable in the post-quantum era?
TLS/SSL, IPSEC, SSH, Internet of Things (IoT), digital signing, and code signing will become susceptible to quantum attacks. Root Certificate Authorities (CAs), data retention requirements, code signing certificates, and document signing solutions may also face vulnerabilities.
How can enterprises prepare data security strategies for the post-quantum era?
The first step is to have a comprehensive inventory (enumeration) of sensitive data and existing encryption strategies. Enterprises may need help with key sprawl, involving multiple Key Management Solutions (KMS) per cloud platform, legacy Hardware Security Modules (HSMs), and decentralized key generation and storage practices.
The next step involves assessing which encryption strategies need updating and determining the suitable algorithms. NIST still needs to provide a comprehensive list of final candidates. Remediation and key lifecycle management are essential aspects of this process.
Do current cloud platforms support post-quantum algorithms?
No, as of now, cloud platforms do not yet support post-quantum algorithms. Updating a data service to use a new key involves ensuring compatibility with both the service and the KMS/HSM, which adds complexity to the transition process.
Why is data classification important in the context of post-quantum readiness?
Data classification is essential for identifying critical infrastructure and systems that require a transition to post quantum cryptography algorithms. This prioritization is necessary to protect sensitive data assets from the 'harvest now, decrypt later' attack model, reducing the risk of exposure.
What features does Fortanix DSM offer for key lifecycle management in PQC implementation?
Fortanix DSM features a REST API-based architecture, a key discovery toolset, key metadata handling, and reporting and auditing capabilities. These functionalities enable automated and comprehensive management of a key estate, simplifying the implementation of a PQC transition strategy.
How does Fortanix DSM facilitate integration with leading applications in PQC implementation?
Fortanix DSM offers easy integration with all leading applications, including databases, PKIs, and data signing, both on-premises and popular cloud platforms. This ensures a seamless and efficient transition to PQC across diverse application landscapes.
