The post pandemic phase of 2021 has been characterised by huge organisational investments into networks, employee access, cloud data orchestration, remote collaboration, supply chain and supplier management, transformation, amongst others. In parallel, there has also been an explosion of cyberattacks threatening the IT industry, threats and attacks from extortion syndicates, national threat actors making their periodic exploits, and highly advanced and offensive activities by select national players. All this while enterprises need to continue with accelerated business and digital transformation.
Organisations must understand that today’s encryption standards are not fit for protecting against the power of quantum computers. Businesses cannot assume they are safe until quantum resistance is achieved. Hackers are actively working to steal data to access years down the line, knowing quantum is coming. As such, adopting quantum-safe encryption is key.
Businesses cannot assume they are safe until quantum resistance is achieved.
The time is now to review security quantum strategy. Considered one of the most significant cybersecurity threats to date, quantum computing is set to make many current security methods, such as encryption, obsolete. While there is no such thing as a silver bullet when it comes to cybersecurity, crypto-agility is the next frontier in protection against the processing power of quantum.
It will enable businesses to deploy algorithms in a flexible way, without significantly altering the system infrastructure, should there be a failure of the original encryption. Meaning that businesses can protect their data from future threats like quantum computing, which is still a bit away, without having to rip up their systems each year as the power of computing grows.
Crypto-agility is the next frontier in protection against the processing power of quantum
The following solutions can help end users more effectively protect themselves from current day threats:
- Thales Luna General Purpose HSMs are the foundation of trust for an organisation’s overall ecosystem including devices, identities, and transactions.
- Thales CipherTrust Data Security Platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralised key management, all on a single platform.
- Thales Data Protection on Demand is a cloud-based platform, providing a wide range of Luna Cloud HSM, CipherTrust Cloud Key Management, and payShield Cloud Payment services through a simple online marketplace. Data security is now simpler, more cost effective and easy to manage because there is no hardware to buy, deploy and maintain.
- Thales Safenet Trusted Access is a cloud-based access management service that combines the convenience of cloud single sign-on with granular access security.
- Thales’ Cryptobox provides businesses and organisations with a sharing and collaboration solution to secure internal and external exchanges, using end-to-end encryption.
- Thales’ Citadel offers professionals secure instant messaging service to connect with your trust community while guaranteeing each user’s identity by requiring a company email address to register. It also provides the guarantee that a company’s data will not be used or sold to third parties.
The fact is, a distributed workforce means more data is migrating to the cloud, and companies are using multiple IaaS and PaaS environments and hundreds of SaaS applications. Organisations must be able to safely rely on the cloud because its significance will only continue to increase. Breaking down the complexity barrier created in this environment will give businesses a clearer view of all their data so they can better control and protect it.
Organisations must be able to safely rely on the cloud because its significance will only continue to increase.
There are three key pillars for a truly holistic approach to data security which Thales has incorporated in its solutions:
- Discover where data resides on premises or in the cloud and classify its sensitivity and importance based on internal policies and external regulations.
- Protect structured and unstructured sensitive data with advanced encryption, access controls and tokenisation. This means making it difficult for unauthorised users to access data. And if data is stolen or leaked, making it useless.
- Controlsensitive data with centralised key management across on-premises and hybrid cloud environments. This simplifies data-centric security, ensures regulatory compliance, and reduces risk across an organisation.
[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f9f9f9″ ]
Recommendation for CISOs
• Focus on the opportunities resulting from the changed engagement model as many organisations are still accelerating their adoption of cloud-based services as result of a more distributed workforce.
• Two of the key questions they should ask themselves while refocusing their sales strategies would be:
o As data security is now more relevant than ever in our changed world, how can we leverage the new way of working as a business case?
o How can we continue to generate demand in this new normal way of working?
[/quote]
Breaking down the complexity barrier created in cloud environment will give businesses a clearer view of data so they can better control and protect it.