Vulnerability Management
Know your cryptography weaknesses
Identify and Remediate Vulnerabilities Before They Become Exploited
Software and Platform Makers: as cryptographic flaws and weakness continue to mount against conventional algorithms, new attacks are discovered, and computers become more powerful, the ability to configure, remove, and update cryptographic functions to respond to risk is seen as a benefit.
Service Providers Example: agile certificates for identity management – customers not concerned about rapid and uncontrolled transition from Classic to PQ identities – the certificate will remain valid for the intended lifetime. This will deliver a higher customer confidence in the longevity of the product or service and lead to a more attractive offering to new customers and retention of existing ones.
Service Providers Example: when a new cryptographic vulnerability is announced as a result of implementation flaws or new attacks, applications and operating systems typically need to be upgraded, patched, re-installed, or flashed with the resulting downtime that entails. Usually this equates to extended periods to implement and long risk exposures with high costs. Cryptographic agility can allow for new cryptography to be implemented by updating a single library or potentially just re-configuring to use a different (not effected) cryptographic provider for the same functions. This allows a service provider to substantially reduce the window of opportunity for an attacker to exploit a new vulnerability and significantly reduces the effort required to migrate to a secure solution.
Example – agile certificates for identities (again). The service provider can reduce the potential for massive churn and attrition as the result of new crypto flaws. This also provides a safety value to migrate users in the event of a new crypto attack or a quantum-risk, without expensive re-issuance of identities. The outcome is reduced costs in the event of a need to migrate from classic to post-quantum cryptography (PQC) + avoidance of uncontrolled migrations.
Resources
Keys in the Wild: The Unseen Vulnerability of Cryptographic Objects
In the intricate web of cloud, on-premises, and hybrid environments cryptographic keys remain high-value targets for the exploitation of our most sensitive data and systems.