It may sound obvious, but not all encryption solutions are the same.
Different solutions offer different degrees of data protection assurance. Those that offer the greatest level of assurance are, naturally, favoured by security-aware organisations.
The trouble is, not all these organisations could be considered “the good guys”. Hence, the calls in recent years by law enforcement to mandate backdoors in what the FBI itself referred to as “unbreakable” encryption.
In our experience, government and commercial organisations alike mandate “unbreakable” encryption as it also typically offers an independently certified standard of data protection.
If resources like the Gemalto Breach Level Index have taught us anything, it’s that data breaches are inevitable. When breach prevention technologies fail, the best way to ensure your data doesn’t fall into the wrong hands is to protect the data itself with what the GDPR calls “strong and effective” encryption”.
High-assurance encryption solutions (like those developed by Senetas) provide end-to-end, authenticated encryption and feature client-side-only key management and standards-based algorithms. They help protect data in motion across networks operating at anything from modest 10Mbps to ultra-fast 100Gbps bandwidths.
Adding agility to security
The cyber security landscape is a diverse one, with threat vectors constantly evolving. In addition to high-assurance encryption security, we are seeing an increased demand for scalable, flexible solutions that offer a degree of future-proofing against these emerging threats. Something we call crypto-agility.
Agility is as much about choice as anything else. When it comes to data encryption, there is no single “right” answer. Customers may have any number of reasons why they require their own external source of entropy (randomness) for key generation.
They may want to “draw” their own elliptic curves, utilise a specific type of algorithm or use S-Box to produce substitute values in the tables to obscure the relationship between keys and ciphertext. That’s why we use an FPGA encryption engine; so, our clients can customise their encryption solution to meet their specific security needs.
As we approach the dawn of a new, quantum computing era, we are increasingly being asked how today’s encryption technologies will fare in the face of an exponential increase in processing power. The long-term value of sensitive data, including everything from military secrets to personal medical records, means that data stolen today could be stored and decrypted sometime in the future.
Our crypto-agile hardware and software encryption solutions are compatible with a range of quantum-safe encryption technologies, including quantum-resistant algorithms and quantum key distribution (QKD).
QKD has already proved itself in real-world applications and is being used to guard against eavesdropping and ensure provable forward secrecy of data in a variety of government, telecommunications and financial services applications.
IT security professionals should be planning for the impact of the quantum computer by introducing crypto-agility today.