Sectigo has introduced Sectigo PQC Labs, a testing platform developed in collaboration with Crypto4A, a provider of quantum-safe Hardware Security Modules (HSMs).
The platform aims to help companies prepare for the transition to post-quantum cryptography (PQC) by offering a secure environment to test, validate, and implement quantum-resistant cryptographic certificates.
Start Planning for Postquantum Cryptography
According to Gartner: “Security and risk management leaders need to begin planning for their move to postquantum cryptography (PQC) now, due to the wide and deep impact of replacing cryptographically dependent systems.”
Sectigo PQC Labs enables entities to safely explore, test, validate and create postquantum cryptographic certificates now, for eventual use in their technology stacks. Doing so allows businesses to gather insights to come up with mitigation plans against PQC’s two main threat scenarios of current concern, which are:
- Harvest Now, Decrypt Later Attacks: Malicious actors collect encrypted data today with the intent to decrypt it once quantum computers become capable of breaking current encryption methods.
- Long-Lived Digital Signatures: Critical digital signatures used in PKI, IoT devices, legal contracts, and medical records could be vulnerable over time as quantum computing advances.
Sectigo CEO Kevin Weiss stressed the importance of addressing quantum threats, stating that the platform provides a secure testing environment for firms to evaluate their systems and plan for a smooth transition to post-quantum security.
Crypto4A’s quantum-safe HSM technology plays a key role in the platform’s security framework. CEO Bruno Couillard noted that with NIST’s plans to deprecate current cryptographic algorithms by 2030 and ban them entirely by 2035, the time for businesses to act is now, to future-proof their encryption strategies.
Sectigo PQC Labs offers:
- A sandbox environment for testing PQC assets, including post-quantum certificates.
- Educational tools to facilitate PQC integration into existing PKI.
- Security strategy enhancements for organizations adopting a quantum-readiness approach.
The launch aligns with Sectigo’s broader QUANT (Quantum-resistant, Uncover, Assess, Navigate, Track) readiness strategy, aimed at guiding organizations through the transition to PQC.
A Very Real Threat
Quantum computers that can break modern cryptography should become a reality within the next decade, comments Dr Adam Everspaugh, Cryptography Expert at Keeper Security. “Though the date is uncertain, the superiority of quantum computing capabilities poses a very real threat to nation-states, enterprises, and individuals.”
Everspaugh says while quantum computing has the potential to revolutionize various fields, it also threatens current public key encryption methods. The primary attack of concern is store-and-crack (harvest now, decrypt later) where attackers may capture and store encrypted information and web traffic now, and then, when quantum computers are available, break the encryption to read the data that is stored.
“If this information is still valuable in the future, attackers can use it to exploit sensitive systems. At Keeper Security, we are actively tracking developments and updating our product roadmap to ensure we’re ready to integrate the latest cryptographic standards as soon as production software libraries fully support them,” Everspaugh adds.
Considerable Time and Effort
Philip George, Executive Technical Strategist at Merlin Cyber, says Post-Quantum Cryptography (PQC) presents an opportunity to introduce quantum-resistant cryptography and system-level agility into IAM and zero-trust protection strategies.
This, George adds, will ultimately grant the industry more time to explore QIST-based enhancements to the digital identity and access management ecosystem as well as a greater technology landscape. “Whether leveraging classical, PQC, or QIST based computing, data and human/machine based identities will remain high value targets, especially in a potentially quantum connected world.”
Migrating to the new post-quantum algorithms will take considerable time and effort, says George. Aligning these activities with similar large-scale modernization efforts like zero-trust will be key. “As such, an alignment will ensure the significant effort to adopt ZTA principles won’t be undone by continuing to rely on soon-to-be deprecated cryptography. Lastly, consider cryptographic agility as a mechanism to reduce the level of effort to adopt the next batch of standards. Such an approach may be necessary to offset more frequent changes to approved crypto standards. We may now be entering a time where long lived standards become a thing of the past as continued progress is made on viable quantum computers.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.