A Call to Cryptographic Arms

Just as we see national security issues being played out on today’s international stage, we also see a steady drumbeat of activity coming from Joe Biden and his Administration that aims to address what the President calls the 'core national security challenge' of the United States – cybersecurity.

Just this past Wednesday President Biden met with leaders of the tech, critical infrastructure and education communities to discuss what's needed to address cybersecurity threats. Late last month he announced actions to protect critical infrastructure from sophisticated cyber threats, and just two months prior to that in May, on the heels of the now infamous Colonial Pipeline attack, he issued an executive order that laid out steps to "chart a new course" in improving the nation's cybersecurity networks.

This order, in part, looked to "modernize and implement strong cybersecurity standards in the Federal government" by moving the government to a zero-trust architecture, and mandating the deployment of encryption within a specific time period.

Encryption – along with its attendant digital keys and certificates, i.e., cryptography – is seen by both public and private sector leaders as critical infrastructure. We at InfoSec Global like to refer to it as the backbone of digital trust. Cryptography plays a key security role in all digital systems, from public infrastructure, private networks, the phones we use, the web sites we visit, the products we buy.

Unfortunately, it’s often one of the biggest blind spots across public and private digital networks, which is likely why the Biden Administration is calling special attention to it; and why it took a global pandemic to get Zoom to upgrade its encryption.

It's also why organizations in the private sector, particularly those in highly-regulated, compliance-heavy industries like Financial Services, must have a process in place to provide complete visibility into all the cryptographic instances across their networks, as well as the capability to remediate vulnerable, outdated cryptography when necessary, quickly and efficiently, without major disruptions to operations.

That’s our mission at InfoSec: to help highly-regulated industries and Government agencies discover, protect and automate the management of their cryptographic assets – today and tomorrow.

Today, our AgileSec™ Analytics solution provides the deepest, most thorough, robust cryptographic scanning and analysis capabilities on the market to discover EVERY cryptographic instance (including shadow IT, improperly implemented, etc.) that exists within and outside a company’s network, assess the threat level and prioritize action. And that's where our first-to-market AgileSec™ Crypto Agility solution comes in, which allows users to swap out vulnerable cryptography without changing source code or impacting operations.

Regarding the challenges of tomorrow, quantum computing is widely seen as the next major challenge to cryptography (or even the Cryptography Apocalypse). InfoSec’s cryptography researchers spend a lot of time thinking about this, too. As an example, we are partnering closely with the folks at NIST as they work to define next-generation cryptographic standards to protect us all from the threat of quantum computing.

In fact, in collaboration with partners from academia and industry, the InfoSec brain trust has submitted two potential cryptography solutions to the NIST Post-Quantum Cryptography (PQC) competition – both of which have been advanced by NIST to the final rounds of selection.

But whichever post-quantum standards are finally selected and promoted by NIST, and as countries continue to refine their cybersecurity mandates and policies, InfoSec Global and our Crypto Agility Management Platform will be there, facilitating the process of remediating the cryptographic attack surfaces of companies and nations throughout the world.