As businesses went remote to follow the lockdown protocol and protect their employees, the risks to their security infrastructure have increased multiple folds. Therefore it is crucial for enterprise CISO’s to focus their attention on crypto agility.
The worldwide lockdown due to the novel coronavirus’s escalation forced enterprises to adopt a completely remote business model. Though it has made the lives of employees easier and allowed organizations to sustain and even thrive, they are still under threat of cyber-attacks that were increasing at an unprecedented rate.
Therefore, organizations need to focus their attention on achieving crypto agility.
Though cryptographic methods have already been put in place for the security of business exchanges and applications, they are not effective and still vulnerable to attacks. Even after being in existence for a few years, CISOs are still not sure where crypto can be used in the enterprise-wide IT infrastructure.
“The reality is that most organizations have not made crypto key management a priority and therefore have a long way to go to achieve crypto agility. Many organizations have yet to fully understand what keys they have, where those keys live and the assets they protect, let alone be able to seamlessly manage those keys in an automated fashion,” says Chris Hickman, CSO, Keyfactor.
On the surface, crypto-agility looks like it is just the ability to use different algorithms for critical functions such as hashing, signing, encrypting, etc. However, the picture is much broader. As most crypto transitions take place over the internet, swapping one algorithm for another requires all departments in the organization to come together and work.
Strategies for achieving crypto-agility
To achieve crypto agility, CISO needs to pay close attention to their IT infrastructure. Achieving crypto-agility requires the inclusion of CISO and framework architects to the programmers and developers. The enterprise IT security framework needs to be crafted with a crypto-agile way with the latest crypto algorithms. The existing framework must be updated to the ones that are safe and agreeable.
“Organizations who embark on a crypto agility path gain better insight into the keys in use in the organization, reduce or eliminate outages due to expired keys, have significantly reduced overhead in responding to audit enquiries and reap the rewards of a lower cost of operations by leveraging automations,” comments Chris.
To further make the environment suitable for an agile crypto framework, organizations must practice policy suggestions and technical suggestions. CISO must implement the policy that all the business applications, including those that utilize any crypto-innovation, should include most recent cryptographic algorithms before it comes past to the point of no return. On the technical side, it is essential that the secure and updated hash algorithms must be utilized with larger key sizes, which makes it very difficult to break.
“At every step of implementing crypto agility, leaders will gain visibility and the knowledge required to mitigate risk and respond to threats with the confidence that not only are they prepared for a big crypto event, the smaller ones that happen every day, are also being handled,” adds Chris.
By having the crypto agile framework in place, enterprises can successfully tackle cyber-attacks and ensure the cybersecurity of the organizations remains intact.