Enterprise IT Scenarios Demanding Crypto-Agility

In an evolving cyber security landscape, defenses must continually evolve. Static systems are not only inherently insecure, they are less so with each passing day. This principle applies to cryptography as much as to other types of cyber-defenses. And with the advent of quantum computing, most analysts agree that common cryptographic algorithms will eventually become ineffective. The scale of the potential threat is immense — for nearly all the hardware and software we use in both traditional IT environments and burgeoning Internet of Things (IoT) ecosystems.

Our best strategy is to make it difficult for cyber criminals to crack cryptography through whatever computing resources are available at the time. Ultimately, however, the predictable evolution of computing power will erode the defenses of cryptography. Organizations must become more agile in their readiness to respond to high-level crypto risk. The ability to act before threats become serious results in a condition where crypto-agility is fundamental.

If you’re contemplating swapping out encryption keys, upgrading crypto libraries, or re-issuing digital identities, it’s likely you are responding to a critical security threat. You’d be right to respond swiftly for the ramifications of not responding can be grave. But the consequences of not reacting to the evolving threat landscape through crypto- agility are equally severe. Let’s explore enterprise IT scenarios demanding crypto-agility:

1. Compromise or breach of Root. When a Root of Trust (RoT) is breached, all trust is lost. In the case of a certificate authority issuing certificates, a breach renders the chain of trust and all public and private keypairs moot, or even dangerous, as they can be issued and used maliciously. The immediate replacement of that RoT is required, along with the updating all certificates and keys used by devices.
2. Algorithm deprecation. Similar to a compromised RoT, a complete replacement is required. Any keys using the affected algorithm are insecure. Rogue actors can break their encryption easily, rendering communication insecure while making data readily accessible.
3. Crypto library bug. Discovery of a bug in crypto libraries may result in the need to generate new keys and reissue certificates according to the technology used in patching or replacing it.
4. Quantum computing. In as few as five to eight years, most public-key algorithms in use today will be susceptible to attack by quantum computing processors, according to Gartner analysts Mark Horvath and David Mahdi.
5. Certificate expiration. When certificates are used past their shelf life, they can fail at authentication or establishing secure communication tunnels. Certificate expiry on its own is not necessarily a security response incident like the scenarios mentioned above. The method used to avoid such interruption of service, however, is such a case. It is common to see organizations extend the validity period of a certificate, sometimes to 25, 50, or even 99 years, to avoid any chance of it expiring while in service and requiring replacement. Certificate expiration is an important mechanism to ensure certificates are regularly re-issued. It offers checks and balances, in the form of workflow and approvals, to verify current legitimacy and authorization. Experts recommend validity periods of two to three years for this reason.