Cheetahs, COVID-19 and the demand for crypto-agility

Abstract

‘Digital transformation’ means many things to the different stakeholders who drive today’s business and technical strategies. For the business manager it means creating hyper-responsive, always-on, multichannel paths to profitably engage with customers and partners. For the technologist it means leveraging the newest capabilities in cloud delivery, application development, and DevOps tooling and doing it faster and more economically than ever before. But in all of these cases, digital transformation relies on the underlying foundation of well-protected ‘machine identities’, as well as the technologies that create them, such as TLS certificates, SSH keys, API keys and code-signing certificates. These, in turn, all rely on cryptography: the process of ‘constructing and analysing protocols that prevent third parties or the public from reading private messages’ while also assuring safe machine-to-machine authentication. This paper focuses on the increasingly critical need for an organisation’s cryptographic processes to be agile. Readers will learn what ‘agile’ means to them, and how it leads to a kind of cryptographic flexibility they can leverage whether they deliver applications and services through new cloud architectures, traditional on-prem environments or hybrid models. They will learn how this agility can rapidly replace cryptographic algorithms, tools or providers that have been compromised, without affecting the availability or integrity of the applications or services they enable. They will also learn how organisations can control costs and limit their dependency on third-party services, all while maintaining a robust posture around their rapidly increasing population machine identities.