From PKI to PQC: Devising a strategy for the transition

2023-11-16 06:30

The Ponemon Institute recently canvassed 1,426 IT and IT security practitioners knowledgeable about their organizations' approach to post-quantum cryptography, and found that 61% of them worry that their organization will not be ready to address the security implications of post-quantum computing.

Obstacles to remove for a successful transition to post-quantum cryptography.

Organizations should know the answers to the following questions: Who holds the budget for the transition to post-quantum cryptography? Who is going to drive the effort? And where does the responsibility lie?

"Independently of PQC as a topic, one of the challenges often voiced by our customers is that public key infrastructure can exist in a company in a broad range of departments, making it difficult centralize the responsibility for and ownership of it," Jason Sabin, Chief Technology Officer at digital security company DigiCert, told Help Net Security.

"As a customer, I want to know which companies are investing in getting ready for a post-quantum future, and especially which are not! And companies will care whether their vendors and suppliers are 'quantum-safe'," Sabin pointed out.

Ideally, the organization already has a "Central hub" that deals with all internal PKI matters, and the allocated budget can be used to - among other things - engage experts that will test post-quantum algorithms and generally work on the transition to post-quantum cryptography.

News URL

https://www.helpnetsecurity.com/2023/11/16/transition-post-quantum-cryptography/

#PKI