Dan2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
Modernizing Cryptography: A New Approach for a Persistent Problem
comforte
Andy Vasey
Modernizing Cryptography:
A New Approach for a Persistent Problem
There’s nothing like a deadline to focus the mind. Just last year, it was thought that the world had until around 2035 before cryptographically relevant quantum computers (CRQCs) would finally emerge. But within the past few months everything has changed. First Google, and then Cloudflare shortened their respective timescales to 2029. Now Microsoft has joined IBM in predicting it will release a fault-tolerant quantum computer in the same year.
For any organization relying on asymmetric encryption, “Q-Day” may represent an existential moment of cyber risk. But an accelerated timeframe for replacing their ciphers is not the only challenge facing HPE Nonstop customers. Many still rely on a cryptography operating model no longer fit for purpose. They urgently need to update key, secrets and certificate management mechanisms to ensure they can withstand the compliance and security risks of today – and tomorrow.
Q-Day is fast approaching
Various parts of the HPE Nonstop stack rely on the asymmetric encryption which will be rendered obsolete by CRQCs. But the SSH and SSL tunnels used to secure remote access to terminals and traffic between terminals are particularly critical. And as for those PQC migration timelines, even 2029 may be too late to fully mitigate the associated risks.
That’s because of harvest-now-decrypt-later (HNDL) attacks, which the NSA warned organizations about as far back as 2021. According to security expert, Rik Ferguson, the US and its superpower rivals are already likely to be harvesting massive volumes of long-lived data with a view to decrypting it later.
That effectively brings forward the deadline for post-quantum cryptography (PQC) migration to today.
Security and regulatory risks mount
If that wasn’t a big enough headache for IT leaders running HPE Nonstop, there’s more. The way crypto is managed in these environments has long failed to keep pace with best practice security and compliance expectations. Encryption keys are stored in clear text on disks or in config files, creating a single point of failure that regulators and auditors do not look favorably upon.
Certificates are too often still managed manually, increasing admin spend, human error and potential downtime. These challenges are compounded by the ever-shrinking lifespan of certificates – which will end up at just 47 days by 2029. Local, fragmented, and ad-hoc key management increases the chance of leaks, adds to operational overheads, and means auditors can’t get a single source of truth.
A better approach
Organizations that do nothing are exposing themselves to HNDL and quantum-era attacks which will unmask their most business-critical data. The cost in regulatory fines and reputational damage will be significant. Key and certificate management processes will become more expensive, more complex, and consume an ever-larger quantity of engineering resources.
The good news is, there’s a better way: one that will help HPE Nonstop customers minimize these risks and future-proof their organization for competitive advantage.
With a drop-in, PQC ready SSH/SSL upgrade from a trusted partner, they can mitigate the risks of HNDL and CRQCs today. Centralized key and secrets storage will eliminate clear-text keys and streamline auditing with comprehensive logging. Automated certificate lifecycle management will take the pain out of certificate issuance, renewals and rotation.
How comforte can help
All of this is possible with comforte TAMUNIO Assure. Its classic + PQC hybrid model offers a clear cryptography migration path for HPE Nonstop customers. It installs with zero downtime. And its HSM-backed, MFA-protected key and secrets store reduces operational overheads, simplifies audits, and lowers risk. It can even be used for other secrets across the HPE Nonstop environment, further reducing sprawl and simplifying compliance.
Better still, it’s available today. In enterprise security terms, Q-Day really is just around the corner. Smart enterprises will use it as a lever to overhaul legacy crypto operating models. And carve out lasting strategic advantage.
