Tools and techniques for gaining effective cryptographic visibility

The race to achieve quantum resiliency features several hurdles. Adopting the right strategies can put you leaps ahead of your peers and competitors.

The incentive for this race is that data secured with current cryptographic methods are at risk from future quantum threats. Post-quantum cryptography (PQC) advocates and cybersecurity experts advocate for a deeper understanding of your assets to protect them.

Cryptographic visibility is key for an organization’s preparedness for PQC along with digital twins, which provide additional ammunition for a better success rate in PQC transition. 

The quantum security threat is serious, but organizations with a detailed cryptographic inventory can prioritize their PQC migration efforts more effectively to achieve higher success rates. The inventory can provide the necessary understanding of how cryptographic assets are used within their business and the potential risks and vulnerabilities.

Taking an inventory of all cryptographic assets 

A complete cryptographic inventory should list all of your organization’s managed data, all cryptographic assets, both hardware and software, and all suppliers providing cryptographic assets. Keeping the asset information as granular as possible will help you determine if the asset might be vulnerable to quantum attacks and help identify the appropriate quantum-resistant solution.

For an effective quantum threat assessment, document these details of your cryptographic assets: 

• Asset type (hardware, software, network, infrastructure, etc.) 
• Cryptographic algorithms and protocols in use (AES-128, SHAv2, TLSv1.2, etc.) 
• Key length usage (RSA-2048, etc.) 
• Ownership details of the asset (department, supplier, etc.) 
• Certificate details (type, validity, etc.) 
• Attack surface (vulnerabilities, threats and impact score, etc.) 

And document these details for data assets: 

• Type of data (data in transit, data at rest or data in use) 
• Location of the data 
• Value of the data (confidentiality, availability and lifespan) 

The method and tools you choose to discover the organization’s cryptographic assets will depend on the scope of your inventory. However, for a comprehensive cryptographic asset inventory, take time to discover the cryptography usage at all open systems interconnection levels, including the application, session and network levels. Installing agent software on target systems, such as servers, endpoints and containers, supports the detection and classification of cryptographic assets. This software works best for active scanning, while agentless and telemetry-based tools are most effective for passive scanning. When installing agents is impractical, use passive scanning. It also lets you gather insights for a wide range of assets.

To achieve complete cryptographic landscape visibility, consider collecting additional telemetry and logs from other security infrastructure, such as key stores, PKI systems for certificates, and credential vaults. This view allows organizations to evaluate compliance with cryptographic policies and eventual gaps or even discover unknown cryptography methods and assets. 

After gaining visibility into your cryptographic assets through the ongoing discovery process, the next step is to assess each asset’s risk from quantum threats. As business evolves, so does the cryptographic landscape, and you need to update your inventory and safeguard it from unauthorized access. 

Preparing for PQC with the digital twin platform 

After understanding and prioritizing the risk from quantum threats, you must select the appropriate risk mitigation strategy. This reduces the impact on business operations during the transition. One strategy is to adopt a digital twin platform as a PQC readiness evaluation technique. It builds a virtual representation of systems mirroring your organization’s real-world infrastructure. This lets you safely conduct what-if analysis and test quantum-resistant solution strategies for their PQC transition. 

Use this platform to simulate different attack scenarios and gauge their impact. Digital twins can also be used to test and validate new cryptographic algorithms for interoperability and performance issues before deployment.

The digital twin approach increases your PQC preparedness by providing the following: 

• Comprehensive risk assessment to detect cryptographic “hotspots” where quantum threats pose the biggest risk 
• Evaluation of cryptographic dependence and interoperability with existing infrastructure 
• Risk-free simulation environment to study the impact of moving toward PQC algorithms and define the best migration path 
• Performance validation to simulate the impact on performance when increasing key sizes or latency in key exchanges and identify bottlenecks 
• Live data from real-world environments to inform your migration planning 
• Support of your ability to build failure playbooks for increased operational readiness 
• Detailed compliance reporting of the current model and the future model 

Take steps toward a more quantum-resilient future 

Effective and efficient cryptographic posture discovery tools can boost your readiness for emerging quantum threats. While current PQC algorithms offer promising resistance to quantum attacks, their practical limitations — such as large key sizes, performance overhead and emerging implementation — highlight the need for careful planning during adoption.

Unisys’ cryptographic posture assessment uses a comprehensive assessment methodology that includes the digital twin platform. It allows you to simulate, test and validate the different aspects of your PQC transition before finalizing the strategy. This prepares you for quantum and reduces the failure risks, putting you on the path toward quantum resiliency.