Worry about data security and the prospect of RSA decryption by future quantum computers has prompted a surge of efforts to advance cryptography tools in recent years. Last summer, for example, NIST selected four new algorithms to help combat the quantum threat and initiated a Migration to Post Quantum Cryptography (MPQC) project in collaboration with industry to develop tools and migration practices to protect data.
Today, SandboxAQ, a MPQC participant, launched a full toolset, the SandboxAQ Security Suite, which the company says is an end-to-end solution for cryptographic vulnerability scanning and remediation for industry and public sector clients. The suite includes a module to provide discovery and continuous inventory of vulnerable cryptography and another module, currently available for preview to select customers, for encryption remediation and supervised enforcement. These modules are integrated into a Control Center, which presents customers with an actionable dashboard view of their organization’s complete cryptographic infrastructure.
According to SandboxAQ, the cryptosense analyzer platform is “the industry’s first complete solution for cryptographic inventory that includes analysis and inventory of filesystems, applications, and networks.” SandboxAQ says the Cryptoservice module will be available by the end of 2023. Product pricing is an annual subscription model.
“Many large enterprises have legacy systems that are riddled with old protocols such as MD5 and SHA-1 that have been broken for more than a decade,” said Jack Hidary, SandboxAQ CEO, in the formal announcement. “SandboxAQ’s Security Suite helps organizations transition to secure encryption protocols with forward-compatible security, including post-quantum cryptography standards, providing them with the software necessary to protect their customers, their intellectual property, and critical infrastructure.”
SandboxAQ is hardly alone in tackling the data security opportunity/challenge. Most major consulting companies and many tech vendors – Deloitte, Accenture and IBM are just three examples – have been rushing to develop cryptography solutions. The broad focus by all vendors is enabling so-called crypto-agile toolsets based on modular software technology, such at SandboxAQ’s suite.
Prior cryptography management practices tended to encompass a hodgepodge of hardware and software spread throughout company IT infrastructure. Just locating these legacy cryptographic tools is often challenging. The crypto-agile idea is to make such systems modular, mostly software-based, and easy to manage and easy to upgrade as cryptography protocols change.
The NIST Migration to Post Quantum Cryptography project will no doubt spur many new offerings. Here’s a snapshot of the NIST program’s main goals and a list of some of the participants:
- Demonstrate the use of automated discovery tools to identify instances of quantum-vulnerable public-key algorithm use, where they are used in dependent systems, and for what purposes.
- Once the public-key cryptography components and associated assets in the enterprise are identified, the next project element is prioritizing those applications that need to be considered first in migration planning.
- Finally, the project will describe systematic approaches for migrating from vulnerable algorithms to quantum-resistant algorithms across different types of organizations, assets, and supporting technologies.
- Some of the NIST project participants include – Amazon Web Services, Inc. (AWS), Cisco Systems, Inc., Crypto4A Technologies, Inc., Cryptosense SA, InfoSec Global, ISARA Corporation, Microsoft, Samsung SDS Co., Ltd., SandboxAQ, Thales DIS CPL USA, Inc., and Thales Trusted Cyber Technologies, VMware, Inc.
SandboxAQ reported a “range of enterprises and government agencies are already using one or more modules of the SandboxAQ Security Suite including Cloudera, Informatica, the U.S. Air Force, the U.S. Department of Health & Human Services, and a range of global banks. SandboxAQ has also formed strategic alliances with leading global systems integrators Deloitte and EY to help enterprise customers identify and remediate encryption vulnerabilities.”
Link to HPCwire background article, The Race to Ensure Post Quantum Data Security
