Cryptographic Lifecycle Management: Discovery and Agility

Cryptography is the foundation of digital security. It is embedded across virtually every system and application. However, it can be of different forms: secure, insecure, vulnerable, compliant, non-compliant, current, outdated, and more. Today, there is a pervasive lack of visibility and control over cryptographic objects. Compliance requirements, quantum threat and the forthcoming post-quantum migration have further exposed these gaps. To mitigate these risks, organizations must first establish comprehensive visibility, beginning with the capability to discover and inventory cryptographic objects across the entire ecosystem. Next, they must evaluate and assess the risk of these objects considering cryptographic vulnerabilities, compliance mandates, and the organization’s risk tolerance. Finally, they must define mitigation strategies and initiate remediation efforts. Migrating cryptographic objects is a highly complex process, as they are almost always hardcoded into systems, making replacement both difficult and resource intensive. In this session, we will explore two main components of Cryptographic Lifecycle Management: Cryptographic Discovery and Cryptographic Agility. For Cryptographic Discovery, we will examine what is required to discover and inventory cryptographic objects. For Cryptographic Agility, we will outline the core solution principles and highlight the latest efforts from Standards Bodies driving PQC Algorithms adoption like NIST, ENISA, NCSC, and others.