2020 was a “transformative” year, a year of adaptability and tackling new challenges. As we worked with organizations to deploy mission-critical data security, cryptography was comparatively stable. What cryptographic trends will gain traction in 2021?
The cloud will play a bigger role, especially in financial services
The movement toward broad acceptance of cloud-based encryption and key management will accelerate as more of the pieces come together. Organizations have become more aggressive with the cloud, especially financial services organizations that are moving toward payment processing in the cloud.
Cloud providers are offering more robust and flexible security to meet the demands of organizations who want to retain control of the keys and avoid being vendor locked. Cloud providers have been listening to enterprises about their concerns around data security practices and are making forward strides with data access, key management, and data retention policies.
Homomorphic encryption will be part of your vocabulary
Homomorphic encryption allows for data to remain encrypted while it is being processed and manipulated. Homomorphic encryption could be used to secure data stored in the cloud or in transit. This gives organizations the ability to use data — such as doing analytics on your customer base — without compromising the integrity of the data as a whole.
BYOE adoption will increase
Bring Your Own Encryption (BYOE) will increase. BYOE is the next evolution of organizations being able to determine the level of control they want when it comes to managing their data security policies.
For example, what happens if an organization gets subpoenaed and its cloud provider turns its files to the authorities? If the organization controlled its keys and could do client-side encryption on-premises, the data would be useless. There will likely be a big catalyst event whereby a company goes, “Whoa — what do you mean, a third party can release my information over to a legal authority?”
Encryption + key management, critical with shorter certificate lifecycles
Organizations need both encryption and key management to be tighter than ever. As the industry moves to one-year certificates, organizations are managing shorter digital certificate schedules. It’s ever important to keep track of expiration dates and automation will play a big role.
To improve their security postures, organizations will emphasize bringing key management up to the same level as their encryption programs. What happens if you have deployed good policies, you deployed good encryption, but you deployed poor key management?
Cryptography will be significant in DevSecOps, especially for code signing
Getting tools that DevOps needs to secure its infrastructure — without slowing it down — will be critical. Looking at key management, hardware security modules (HSMs), crypto, and third-party monitoring tools, organizations will emphasize giving DevOps teams what they need to integrate security and quickly identify and troubleshoot trouble areas.
The goal will be to take away the pain points while expanding the use of encryption within the organization. When it comes to code signing, HSMs play a critical role. Code signing certificates, secure key generation, and certificate storage should be centralized and automated, natively integrating with CI/CD systems.
Manufacturers of long-term devices to embrace crypto agility
There has been a lot of talk in 2020 about quantum computers breaking current cryptography. In 2021, manufacturers of devices — satellites, cars, weapons, medical devices — that will be used for 10 to 20 years, will be smart to embrace quantum-safe cryptography. A crypto-agile solution could entail implementing hybrid certificates: signing them with conventional asymmetric encryption now but incorporating enough flexibility so they will transition smoothly to counteract the quantum computing threat when the time comes.
Whether it’s the cloud and organizations retaining control of the keys, BYOE and homomorphic encryption, DevSecOps embracing cryptography, or hybrid certificates for crypto agility, two themes stand out:
- Encryption and key management: you can’t have one without the other
- Shorter certificate lifecycles require more attention to key management than ever
We’re in for an exciting year ahead!