Dude, Where’s My Encryption?
Quantum computers sound scary. Sure, we hear predictions about how they’ll help with drug development to help fight the next pandemic or cure cancer – use cases that will truly change life on planet earth. At the same time, there is also great fear in the cybersecurity world because quantum computers will render much of modern encryption useless like an umbrella in a hurricane…While at some point, encryption worked well for cybersecurity, in more extreme scenarios our usual tools just don’t hold up.
One of these extreme scenarios relates to advances being made in quantum computing. While this is not possible anytime soon, some scientists estimate that we could reach a point where these systems will be able to break asymmetric encryption ciphers like RSA or Diffie-Hellman almost immediately. For symmetric encryption – like AES – the threat is not quite as existential, but changes are still needed to double key length which can make brute-force attacks less practical. In layman’s terms, this means that most of the current protocols to authenticate users or machines MUST be replaced. Additionally, all data-at-rest encryption that is commonly used to protect our data at banks, retailers, insurers, or anywhere else we make transactions, will need to make changes if 128-bit encryption is still being used (hopefully it isn’t used all that much anymore…but you never know…).
While quantum computers are not yet here or readily available, organizations need to start taking actions today to secure the future. The main questions we need to ask are similar to any other data security assessment:
1) What do I have in my environment?
2) Where is it?
3) How much of it is there?
4) How do I prioritize remediation or protection?
What this problem requires is a tool to help organizations discover, classify, and inventory their cryptographic assets. Once they have a searchable inventory, they can begin to prioritize which cryptographic assets need to be replaced – and ideally the prioritization is based on the sensitivity of the data or systems being protected with those cryptographic assets.
This is where 1touch.io Inventa can help. As part of our 3.3 release, we built Secrets Discovery to find cryptographic assets in storage. Examples of these assets include:
- Type of secret (key, token, credentials, etc.)
- Crypto function (MD2/5, SHA, HMAC, etc.)
- Crypto algorithm (DSA, EC, DES, AES, CMS, etc.)
- Length of encryption key (128 bits, 256 bits, etc.)
With our classification search, the user can easily filter to find “128 bit keys” or “DES” to create a simple inventory of vulnerable encryption within their environment. Then, with a single click, the list can be exported to the relevant tools – ServiceNow, SIEM, SOAR – for remediation. In future releases, we will also correlate this data with our sensitive data intelligence to provide an understanding of both sensitive data within a repository AND what encryption is being used to protect it in order to help end users prioritize what needs to be replaced.
So, while quantum computers are creating a ripple of fear throughout security organizations, 1touch.io Inventa is here to help and ensure there is an accurate, scalable inventory of both sensitive data and cryptographic assets across any environment.
Check out the screen shot of our new cryptographic search capability on our Cryptographic Discovery page here: https://1touch.io/cryptographic-discovery