I recently read “The Code Book” by Simon Singh and found it a fascinating history told through the prism of cryptography. It turns out that keeping secrets used to be very difficult, and great efforts had to be invested. You might have had to wait for a messenger’s hair to grow back to cover the message written on their head, or carry a bulky device into battle that encrypted one letter at a time after configuring it with the day’s settings. Secret communication was cumbersome and slow.
But then the 1970’s came along and finally we had a solution which was not just highly secure, but also scalable and allowed secure communications between parties who had never met (avoiding the need to share a key). (Want to take a deeper dive into the history of cryptography? Go here.)
Now, cryptography is built into the applications we use on a daily basis, whether that is the TLS session which secures the credit card details we use for online shopping, or the device identity that allows our PCs to join our corporate networks.
So crypto is no longer a problem, it’s “fixed”, right?
It is certainly easier to deploy cryptographic systems today. In fact, we do this all the time without even being aware. Applications have embedded cryptography, and in some cases they will even generate the keys required to secure the application. Applications embed crypto libraries which implement the encryption that secures organizations, and it is so easy to set up a new certificate authority to issue keys within a business unit that over the years the amount of crypto has proliferated.
Unfortunately we have gotten to the point where crypto is now critical infrastructure within our organizations, but we do not always recognize it until a certificate expires and brings down an ATM network, website or other critical business application. Yet, when a new crypto vulnerability is discovered most organizations do not have the same level of maturity for keeping track of crypto as they do for inventory management of other physical and digital assets, like software licensing or hardware.
The upshot − we need to take better care of our crypto. The reality is that skills in this area are scarce, and keeping up to date with the latest standards and best practice often takes a backseat to pressing strategic business or operational needs. For this very reason, Entrust has leveraged 25 years of experience to create the Entrust Cryptographic Center of Excellence (CryptoCoE) solution. Through the ECryptoCoE solution, we support our customers in establishing crypto teams and arming them with the governance and technical tools to set crypto policy and start building an inventory of crypto within their enterprise. Entrust has 25 years of experience developing, deploying, running and supporting cryptographic systems. We are excited about sharing our experience with our customers to help them manage crypto as critical infrastructure.
For more information on Entrust’s CryptoCoE solutions, visit our website: https://www.entrust.com/digital-security/certificate-solutions/c/introducing-entrust-cryptographic-center-of-excellence