Learning Library

← Back to Library

Quantum‑Ready Crypto: Discovery to Transformation

6mUnknown ChannelsecuritytutorialintermediateWatch on YouTube ↗

Key Points

  • Quantum computers will soon be able to break today’s encryption, enabling fraud‑ultra‑authentication, forged signatures, and “harvest‑now/decrypt‑later” attacks on stored enterprise data.
  • The first defensive step is to discover all cryptographic artifacts in both source and object code and compile a Cryptography Bill of Materials (CBOM), akin to an SBOM, to create a single source of truth.
  • Organizations must then observe their cryptography by combining static analysis with dynamic runtime monitoring to inventory assets across applications and network layers (e.g., TLS/SSL).
  • With a full inventory, leaders should prioritize assets based on risk exposure, regulatory compliance, and overall cryptographic posture.
  • Finally, the prioritized assets must be transformed by replacing vulnerable algorithms with quantum‑safe encryption methods.

Sections

Full Transcript

# Quantum‑Ready Crypto: Discovery to Transformation **Source:** [https://www.youtube.com/watch?v=c5t0m_nd4hk](https://www.youtube.com/watch?v=c5t0m_nd4hk) **Duration:** 00:06:07 ## Summary - Quantum computers will soon be able to break today’s encryption, enabling fraud‑ultra‑authentication, forged signatures, and “harvest‑now/decrypt‑later” attacks on stored enterprise data. - The first defensive step is to discover all cryptographic artifacts in both source and object code and compile a Cryptography Bill of Materials (CBOM), akin to an SBOM, to create a single source of truth. - Organizations must then observe their cryptography by combining static analysis with dynamic runtime monitoring to inventory assets across applications and network layers (e.g., TLS/SSL). - With a full inventory, leaders should prioritize assets based on risk exposure, regulatory compliance, and overall cryptographic posture. - Finally, the prioritized assets must be transformed by replacing vulnerable algorithms with quantum‑safe encryption methods. ## Sections - [00:00:00](https://www.youtube.com/watch?v=c5t0m_nd4hk&t=0s) **Untitled Section** - ## Full Transcript
0:00Today cryptography is the ultimate line of  defense that protects our data. But it's based on 0:06an assumption that it cannot be broken by classical  computers. In the near future, quantum computers 0:12may be able to crack these encryption algorithms.  That's why every organizational leader needs 0:18to understand the risk to their data and the  solutions that will make them quantum safe. 0:24Let's get to it. 0:25What bad actors and cyber criminals  can do once quantum computers mature? First 0:31thing they can do is fraudulent authentication,  which means they can get access to our data--the 0:38secure data that we have in our applications, our  systems, and our databases. Second thing they can 0:44do is forge signatures, which means they can fake  the records, fake the audits, and also can make 0:50the fake identity and tamper [with] our blockchain  assets as well. Third thing they can do is harvest 0:57now/decrypt later, which is very, very important  for us today. We are understanding that they 1:01cannot steal and decrypt the data today, but they  will be sitting on it until the quantum computers 1:08mature and they will be able to decrypt that and  find out the crown jewels from your enterprise. 1:14The first step is to discover. Discover your  cryptography means you need to identify the 1:20cryptography-relevant artifacts in your business  applications--source code as well as object code. 1:26What this means is that brings you the visibility  where the cryptography function library's 1:32methods are being used. Once you have them,  you need to also find out the dependencies 1:38across all of these artifacts and then create a  single source of truth. A similar concept like 1:44in a supply chain inventory called SBOM (software  bill of materials). You need to have the concept 1:49called cryptography bill of materials (CBOM). IBM  has been helping bringing that as a standard as 1:55part of the CycloneDX. And this capability can bring  you a static view of your business applications 2:04environment. Once you have this, the next step  is observe. Observe your cryptography means 2:10bringing the dynamic view along with static  view. Often many organizations have either one 2:16or the other, but you need to have both. And  as part of bringing both of these together, 2:23you need to have a full inventory of your  cryptography assets from network perspective as 2:30well as your applications' perspective. And then  you need to understand how these key exchanges are 2:35happening from cryptography perspective like TLS,  SSL from your network environments. And then once 2:42you get the full visibility of that inventory,  you need to prioritize where your cryptography 2:47relevant artifacts are important based on  your cryptography posture or your regulatory 2:54compliance requirements, and then create  that list. And once you have the prioritized 3:02inventory of your cryptography assets, you need  to transform the cryptography by implementing 3:10and applying the quantum safe algorithms, or  encryption algorithms, or new certificates, 3:16or key lifecycle management capabilities that are  quantum safe. By doing this, you need to make sure 3:22that you are also following a process that you  can achieve crypto-agility. What we mean by 3:28crypto-agility is that [is] how can you reduce the  burden on development as well as the operational 3:36environment so that it's not disrupting your  existing systems and applications--and rather 3:42giving you an ability to move from old algorithms  to new algorithms seamlessly, which means you can 3:51have crypto-agility as a service capabilities,  starting from encryption, key lifecycle management 3:57and certificate management capabilities that  would be quantum safe. And whenever you need 4:01them in your business applications, you can simply  make an API call when you need a new encryption, 4:08when you need a new certificate, when you need a  new key in general. So this helps you bring a full 4:14capability across Discover, Observe and Transform.  Now you understand the three key steps. What tools 4:23should we use to get to your journey to quantum  safe? IBM Quantum Safe Explorer helps you discover 4:31your cryptography by scanning the source code and  object code of your enterprise applications. Also, 4:38it can create and generate the CBOM, what we  call the cryptography bill of materials. This 4:43gives you the static view of your IT enterprise  applications. IBM Quantum Safe Advisor can help 4:51you bring both the static as well as the  dynamic view of your cryptography assets 4:57and also prioritize them based on the cryptography  posture in reference to your compliance and the 5:04vulnerabilities. IBM Quantum Safe Remediator  is a capability that can bring and allow you 5:12to remediate with quantum safe algorithms,  quantum safe key management capabilities, 5:18as well as the certificate management capabilities  that can allow you to be crypto-agile. And there 5:25are a set of remediation patterns that are part  of Remediator that can enable you based on your 5:31requirements in terms of VPN, in terms of  proxy, in terms of TLS connections. All 5:38of those remediation patterns are based on  the best practices that we know as of now, 5:42based on our current client needs. IBM Quantum  Safe can help any organization not only prepare 5:48for the post quantum cybersecurity landscape, but  also improve and maintain their cyber security 5:55hygiene overall. How your organization can prepare  for the quantum era--Check out the links below.