Post quantum cybersecurity

A high-level assessment of your use of cryptography, which can be enriched as data emerges, allows a preliminary risk assessment, cost estimate and business case to be developed.

Developing a cryptographic inventory, either manually or automatically maintained, will give visibility over the use of cryptography and enable both proactive migration planning and reactive responses for if /or when different cryptographic algorithms become vulnerable. This step has been a key element for most ICT regulations in recent years.

A detailed assessment of your use of cryptography based on automatically discovered usage across your estate, coupled with IT asset data, allows a detailed risk assessment, cost estimate and business case to be developed to quantum resilience.

Enhancing your incident tracking framework ensures visibility over historic data loss events deemed immaterial due to data encryption.

Plan – moving from visibility of your risk exposures and business case, you create an agile plan for quantum resilience, which allows you to lifecycle your technology and supply chain over to quantum resilience solutions, reducing costs and being proactive. In line with industry leaders, the plan is reviewed and adjust periodically.

Building on your cryptographic risk assessment, business case and cost effort estimate, combined with your business and technology strategy, a PQC strategy can be launched that strikes a balance between risk and cost of remediation. In line with global efforts, the strategy is designed to be agile and reviewed annually as technology factors evolve.

Updating your technology buyer-guides at the right time ensures you lifecycle in as much quantum ready infrastructure as possible, reducing once-off costs from needing to replace incompatible infrastructure. Ensuring your cloud governance and third party risks processes adequately ensure cryptographic resilience from your suppliers, and that you have sufficient understanding of their state or readiness and risk exposure, is generally equally as important as having this data about your own on-premise solutions.

You can begin to migrate your highest risk exposures to Post Quantum Cryptography (PQC) as your technology refresh program delivers PQC ready infrastructure, and inline with your risk assessment.

Implementing cryptographic agility allows for automated switching of certificates or cryptography in future, either at regular intervals or in response to growing threats.

Establishing situational awareness ensures your threat intelligence teams are equipped to assess and triage threat events for cryptographic relevance and create taskings when operational or tactical actions are required. The strategic remediation plan should be regularly reviewed, with input from the situational awareness team a key consideration in amending future plans.

PQC initiatives and migration – The PQC centre of excellence coordinates efforts across the enterprise, bringing together internal and external remediation plans to ensure your multi-year strategy stays on track. The periodic review of the strategic timeline for remediation is overseen by the CoE, ensuring latest developments in situational awareness and developments in quantum, cryptographic research and supercomputer, are factored into the overall timeline to deliver secure outcomes with minimal risk exposure.