3 Steps to Confidence in Your IT Security

| September 30, 2016

article image
IT security is often an invisible problem for the typical business manager. If you are feeling that way about your IT infrastructure, consider these 3 steps to gain confidence in your security. If you’re not a cybersecurity expert, it’s hard to know if your company’s digital information is secure. To be sure, you must have a complete grip on the data you have, where it’s housed and how it’s accessed. A formal security audit is a method of inspecting and documenting the data assets, networks and IT systems of an organization or company. The audit is typically conducted by an independent body skilled in cybersecurity analysis.

Spotlight

Serenova

Serenova simplifies every aspect of the customer experience to make life easier for contact center executives, their customers and employees. The world’s most passionate, customer-focused brands achieve better interactions, deeper insights, and more meaningful outcomes with Serenova’s contact center solutions. Headquartered in Austin, Texas, Serenova has operations in California, Canada, the United Kingdom and Australia.

OTHER ARTICLES

What Makes an Application “Modern” Anyway?

Article | August 9, 2020

Just because something is labeled a “thing,” in this case DevOps, doesn’t mean that an organization is doing anything modern in its application development practice.Many people will think that technology decision points drive the “modernization” of applications. To be sure, technology plays a key role, but I prefer to think of application modernization as a three-legged stool.

Read More

Culture of Innovation and Collaboration: Hybrid Cloud, Privacy in AI and Data Caching

Article | August 14, 2020

Red Hat is continually innovating and part of that innovation includes researching and striving to solve the problems our customers face. That innovation is driven through the Office of the CTO and includes OpenShift, OpenShift Container Storage and use cases such as the hybrid cloud, privacy concerns in AI, and data caching. We recently interviewed Hugh Brock, research director for the office of the CTO, here at Red Hat about these very topics.

Read More

How safe is our quantum future?

Article | June 28, 2021

If you're my age, you will remember the critical premise of the 1992 classic "Sneakers" premise, starring Robert Redford and Ben Kingsley - a top-secret black box that can break the encryption of any computer system. Quantum computing is that "black box." In the next 2-7 years, quantum computers could change the face of cybersecurity. Once they can factor products of large prime numbers (the basis of current cryptography) (expected between 2024 and 2030) – existing cyber-defense mechanisms will be rendered obsolete. We need to plan for encryption in the quantum future. What is Quantum Computing? Classical computers use binary arithmetic - all numbers are a sequence of bits - either a 1 or a 0. However, a quantum bit (qubit) exists not as a 0 or 1 but as a superposition of the two (think Schrödinger's cat). Every additional qubit doubles the processing power of a quantum computer, allowing it to execute multiple computational paths simultaneously. Similarly, as per Grover’s algorithm, it is a known fact that quantum computing divides the key space of symmetric cryptography algorithms by two, meaning that their key sizes have to be doubled to keep the safety margin of today. In October 2019, Google demonstrated quantum supremacy with Sycamore. It performed a series of operations in 200 seconds that Google claimed would take a supercomputer about 10,000 years to complete. In December 2020, physicists from the University of Science and Technology of China in Shanghai performed a Gaussian boson sampling technique with their photon-based quantum computer, named Jiuzhang. They declared that Sunway TaihuLight (the fourth fastest supercomputer in the world) would require 2.5 billion years (approx. half the age of the Earth) to finish the computations done by their quantum computer in a mere 200 seconds. Cryptography: The gatekeepers of security As the wise Spider-Man said – "With great power comes great responsibility. And great risk.” Much of the world's encrypted data is protected using mathematical equations with millions of reasonable solutions. These encryption models are too complicated for even supercomputers to solve within an acceptable period, which quantum systems can quickly solve. Modern cryptography relies on symmetric and asymmetric standards. The significant difference is that symmetric cryptography is based on substitution and permutation (there is no underlying mathematical assumption) and uses a single key for encryption and decryption. In contrast, asymmetric key / public key cryptography uses two different keys for encryption and decryption. Since the mid-90s, researchers have theorized that quantum computers can break current public-key cryptographic (PKC) systems. Their ability to concurrently test multiple hypotheses (using Shor's factorization OR Grover's exhaustive search) at unprecedented speeds will make both asymmetric and symmetric cryptosystems redundant. Understanding 5G 5G is one of the most eagerly awaited technologies in the digital world, and with good reason. In the years ahead, 5G coupled with IoT, could revolutionize the integration of digital and physical worlds. What sets it apart from its predecessor? 5G speed - it is nearly 20x faster than 4G. An average-length movie takes 6 minutes to download on 4G and less than 20 seconds on 5G. 5G supports 10x more devices per sq. km. It will seamlessly handle many more devices within the same area – a boost for IoT infrastructure. 5G latency is 25x less than 4G. According to McKinsey, 5G will speed up the mainstream adoption of IoT across multiple industries: Transport, Manufacturing, Healthcare, to name a few. 5G and Quantum – the Perfect Storm While quantum systems provide the compute, 5G provides the channel to connect more than just mobile networks (self-driving cars, personal medical tech), thus expanding the 'threat surface.' In a 5G world, secured communications are a critical component of connectivity, and post-quantum cryptography will play a key role. Researchers globally are devising ways to embed quantum-safe cryptography into 5G networks without compromising QoS. I even came across a patent for a quantum-resistant 5G SIM card by a Swiss company that set an industry best practice in ITU-T X.1811 for quantum-safe 5G. Cryptocurrency Wallets: A prime candidate for Quantum hacking Imagine you forget the password of your Bitcoin wallet, which in theory had millions of dollars in the balance. With a quantum computer, you could unlock your wallet and save yourself many worries, which worries all cryptographers. If malicious players had a quantum computer, the first thing they would try and break is the Elliptic Curve digital signature algorithm, reverse-engineer your private key, forge your digital signature, and subsequently empty your wallet. Thankfully, we are still years away from that scenario, yet that is a telling tale for designing national digital currencies that are supposed to withstand the test of time. Likewise, this vital subject – including applications with legal consequences such as smart contracts enabled by blockchain technologies, which share the same technical basis and, therefore, vulnerabilities to quantum IT -, would need a dedicated article, hopefully soon as time enables it! The real question is: when will quantum computers become a threat to public-key cryptography? As of December 2020, IBM claims to have a 65 qubit quantum computer and already delivering a 53-qubit model to a client (it would take around 1500 qubits to hack Bitcoin private keys). Quantum computers could achieve the required processing power range from as soon as 2024 to as far as 2040 per estimate. How do we solve it? Public Key Cryptography enables over 4.5 billion users to securely access over 200 million websites and engage in over $3 trillion of e-commerce transactions. Further, an estimated 20% of all IT applications rely on PKC and an even higher percentage on symmetric cryptography. According to Prof. Davor Pavuna of the École Polytechnique Fédérale de Lausanne, "several quantum prototypes might already become functional in 2023 (specifically in China)," and that potentially poses a severe protection challenge much earlier!" Many companies are developing "post-quantum cryptography" (PQC) or "quantum-safe cryptography" (QSC) – algorithms whose security is not degraded by any known quantum computing algorithms. Typical ones are McEliece cryptosystem, Lattice-based cryptosystems, Code-based Cryptography, and Hash-based cryptography. While these developments promise 'quantum resistance,' they only reflect our current knowledge of quantum computing capabilities and have a relatively low benchmark set for their security. These methods aim to create mathematical problems that are too difficult for even a quantum computer to solve, with the US National Institute of Standards and Technology (NIST) planning to recommend a PQC standard by 2022-23 and already having done so specifically for hash-based signatures. Similarly, German BSI issued official guidance for using post-quantum key exchange mechanisms, somewhat differing from NIST, and the IETF standardized two hash-based signature schemes, LMS and XMSS, independently, also with differences. Last but not least, the ITU-T issued without much publicity an amended recommendation on IPTV security X.1197 Amd1 that provides comprehensive guidance on state-of-the-art standard PQC options available as of late 2019, for use in multimedia transmission, with a corrigendum issued in early 2020. Applying the Solution Post Quantum cryptography is a developing field. Although these algorithms are quantum-resistant in theory, there is an unpredictability about their efficacy. Secondly, these algorithms are heavy on memory and compute requirements, making it challenging to apply them universally. On the other hand, symmetric cryptography is more efficient and shows more resilience to quantum IT, yet needs an upgrade to accommodate larger key sizes. One such system I came across was a patent of the aforementioned Swiss company is eAES®, which enhances AES’s quantum resistance. It makes safely increasing the key size a reality (as per NIST’s IR 8105 guidance), a claim confirmed in a report by their competitor Kudelski Security on the former’s implementation for Intel® processors. The transition to PQC standards requires a staged approach. To successfully navigate the impending cryptographic change, companies and governments must embrace crypto-agility - the ability to rapidly adapt and switch between multiple cryptographic standards at varying levels. We must support algorithms from different standardization bodies such as NIST, ETSI, the ITU-T, ISO/IEC, and the IEEE in a connected world with fractured standards. Building a global quantum security alliance We are just laying the foundations of this new security ecosystem; however, more work is needed to drive broader adoption. While the academic, innovation labs, and specialist technical communities are making some progress, cha

Read More

Will low-code programming be the antidote to ‘brittle’ RPA?

Article | February 19, 2020

The use of Python is catching up to Java in banking and fintech applications, but what are the reasons behind the emergence of Python? While three million developers have joined the Java community in the past year, in the banking sector, Python is fast closing in on Java’s position in top spot. Python’s backstory in banking Across all sectors, Python has reached seven million active developers fuelled in part by a staggering 62% of machine learning developers and data scientists who now use the programming language.

Read More

Spotlight

Serenova

Serenova simplifies every aspect of the customer experience to make life easier for contact center executives, their customers and employees. The world’s most passionate, customer-focused brands achieve better interactions, deeper insights, and more meaningful outcomes with Serenova’s contact center solutions. Headquartered in Austin, Texas, Serenova has operations in California, Canada, the United Kingdom and Australia.

Events