What is Utimaco’s focus within cybersecurity?
So, basically, we do a few things, and I like to say we do them very well. Our focus is on data protection, specifically secure payments and key management. This is a niche in the market and is essential to meeting regulatory requirements most of the time. That’s essentially what we do here. As you can see, we are a company that operates entirely through the channel, and in the Middle East we work with Bulwark Technologies.
Basically, what we do is primarily driven by regulations. For example, take the NCA regulation in Saudi Arabia, or similar regulations in other countries, where encryption is a key requirement for data protection. These regulations typically don’t specify exactly how to achieve this, but they clearly state that data protection must be accomplished through encryption. What we offer is hardware, which is a solution for generating and storing encryption keys. So, behind every regulation, there is a project, and behind every project, there is this need.
Quantum computing is emerging. How are you helping your customers prepare for post-quantum cryptography?
We are actually one of the pioneers in this field. Essentially, quantum computing requires preparation with algorithms that a quantum computer cannot easily break. Currently, the algorithms everyone uses—although we might not think about it—are behind every online connection, securing them through encryption, which is essentially math.
What we are doing is offering new algorithms approved by international bodies working on post-quantum cryptography. We also provide HSMs (Hardware Security Modules) that are already compliant with these new algorithms. In short, if you’re an organization that needs such a device for your current requirements, you can also begin future-proofing with the same device, preparing for the post-quantum era. This allows you to manage your encryption in two ways: the standard method for today and the new method for tomorrow. This means everyone in your organization can start testing and understanding what will eventually come.
Utimaco also offers critical infrastructure protection. Can you shed more light on this?
Yes, of course. It’s a space we are very active in. We work with most governments on projects like document security, insurance, and key management for passports. Although it’s not limited to governments, banks are also frequent targets of cyberattacks. So, what do we do? We ensure that most of the security is centered around encryption. Essentially, even if data is stolen, it’s useless because the thief cannot read it without the decryption key.
Encryption relies on keys. You could have the most secure infrastructure, but if someone has the key, they can access everything. What we offer is a solution that is certified to securely generate and store these keys. For example, if you have a database containing employee, customer, or citizen information—whether you’re a bank or a government—if someone steals the database, they can’t read the data without the key. However, if the key is stored alongside the data, they can steal both. But if the key is inside tamper-proof hardware specifically designed for security, the data remains protected. We are essentially the foundation of security for critical infrastructure like governments and other key organizations.”