Skip to main content
Prioritized Inventory of Cryptographic SystemsQuantum Zero TrustQuantum-Safe Cybersecurity

Encryption: Zero Trust, but apparently, Zero Awareness

September 10, 2024

Zero Trust But Zero Knowledge: An Impressive Combo

Organizations love talking about Zero Trust because it sounds cool, it’s the buzzword of the decade, and hey, it looks great on their cybersecurity budget requests. But guess what’s missing in all their Zero Trust planning? You know it—Encryption.

You see, encryption is supposed to be the heart of a Zero Trust strategy. Data is encrypted at rest, in transit, and everywhere in between. Yet somehow, in the grand scheme of zero-trust planning, cryptography doesn’t even get a mention. You’ll hear all about MFA, segmentation, and privileged access, but when it comes to figuring out if your cryptographic keys are safe from quantum threats, the room goes silent.

It’s almost like Zero Trust is just window dressing when you have no idea what’s going on with the encryption securing your most sensitive assets.

Cybersecurity Organizations Have No Idea What Cryptography They Have (And They Don’t Care)

Encryption—yeah, you know, that little thing that’s the foundation of any security system—is basically being treated like an afterthought. And, oh, they love to talk about how they’re all-in on Zero Trust, but apparently, Zero Awareness about their cryptographic assets is a perfectly acceptable strategy, too.

Encryption: That Thing You’re Supposed to Care About

Let’s break this down. Encryption is supposed to be the backbone of security. Without it, all those fancy Zero Trust frameworks these organizations are rushing to adopt? Useless. Zero Trust is supposed to mean that nothing is trusted by default—everything must be verified, authenticated, and, you guessed it, encrypted.

Yet somehow, in all the meetings, all the PowerPoint slides, all the “We’re-so-Zero-Trust” planning, one key detail is blissfully ignored: what’s actually encrypting all your sensitive data. That’s right, while they’re patting themselves on the back for blocking a phishing attack, they seem to be forgetting that the cryptography keeping the rest of their information safe is, well, kind of important.

What Is Cryptography? Who Knows!?

You’d think cybersecurity professionals would at least know what cryptography they’re using. RSA? AES? ECC? Ah, who cares, right? After all, who needs to know the nitty-gritty details of the tech that protects literally everything in their organization?

“Wait, what algorithm are we using for securing our employee data? What’s encrypting our customer payment information?”
Response: ”Dunno. Does it matter? We’ll figure it out when something breaks.”

Right. Because understanding your cryptographic environment is definitely not a critical part of keeping your company’s crown jewels secure. Who needs a Cryptographic Inventory when you have faith in… nothing?

Post-Quantum Cryptography? NIST Says It’s Time to Care

And speaking of things you should have been paying attention to… Quantum Computing! Yep, that terrifying beast of the future is closer than ever, and it’s about to make today’s encryption look like paper mache. But hey, no rush, right? After all, you’ve been ignoring cryptography for years, so why start caring now?

Well, the fun’s over. NIST has officially approved Post-Quantum Cryptography (PQC) algorithms, meaning the excuse of “Oh, we’ll worry about it later” has officially expired. Later is now. The algorithms protecting your data from the eventual rise of quantum computers are here, ready for action. And guess what? You’ll actually have to do something about it. That means replacing the old, vulnerable stuff with new quantum-safe cryptography that won’t crumble the second a quantum computer starts crunching numbers.

Oh, but wait—how are you going to do that when you don’t even know what cryptography you’re using right now? You might as well just start flipping coins. Heads, you’re still using RSA from 2001. Tails, maybe it’s something more recent, but who’s to say?

 

Ignoring Cryptography is No Longer an Option

Here’s the deal: you can’t ignore cryptography anymore. Post-Quantum Cryptography is not science fiction. It’s real, and NIST has given its blessing. You know what that means? It’s time to get off your high horse and actually take a hard look at what cryptographic algorithms, keys, and libraries are running the show inside your network. Spoiler alert: Ignoring it won’t make it go away.

If you don’t have a Cryptographic Bill of Materials (CBOM) yet, well, maybe you should. You know, just to understand what kind of time bombs are ticking inside your infrastructure, so you’re not caught with your pants down when your “secure” data suddenly becomes wide open to anyone with a quantum computer (which, by the way, is coming soon – there’s even a trailer for it).

The Inevitable Reckoning

So, what’s it going to be? Keep playing cybersecurity bingo, hoping you’re covering all your bases, or actually take charge of your cryptographic future? Post-Quantum Cryptography isn’t optional; it’s necessary. And not knowing what cryptography you’re using? It’s not an innocent oversight anymore. It’s negligence.

Get a cryptographic inventory. Start tracking what’s out there, how it’s being used, and what needs upgrading before it’s too late. Because when that day comes and quantum computers start knocking on your digital door, you can’t afford to be the organization that forgot to lock it.

Tags:

Jeffrey Duran

Jeffrey Duran

Jeffrey Duran has over 30 years of leadership in marketing and entrepreneurship, including 14 years in cybersecurity. He has been featured in prominent publications like Dark Reading and Verizon’s Data Breach Investigation Report. Jeff’s marketing strategies have driven startups like Invotas and enSilo, and major entities like Army Cyber Command and Verizon. A 35-year U.S. Army veteran, he integrates veterans into cybersecurity roles. Currently a Fractional CMO, he also serves on advisory boards and has won numerous awards for his communication skills.

You May Also Like

Crypto AgilityNational Security Memorandum/NSM-10QryptoCyber Cryptographic Discovery and InventoryQuantum-Safe Cybersecurity The Immediate Importance of a Cryptography Bill of Materials (CBOM)

The Immediate Importance of a Cryptography Bill of Materials (CBOM)

The Immediate Importance of a Cryptography Bill of Materials (CBOM) In today's digital age, cryptography serves as the backbone of security for everything from personal communications to critical infrastructure. Yet,…
Jeffrey Duran
Jeffrey DuranSeptember 4, 2024
The Five Pillars of Cryptographic Discovery & Inventory Cryptographic DiscoveryCryptographic InventoryPrioritized Inventory of Cryptographic SystemsQryptoCyber Cryptographic Discovery and Inventory The Five Pillars of Cryptographic Discovery & Inventory

The Five Pillars of Cryptographic Discovery & Inventory

Starting your transition to PQC with a partial inventory could cause disruption later. We inventory all five pillars. Quantum computing is a double-edged sword, holding the promise of immense computational…
Jeffrey Duran
Jeffrey DuranAugust 14, 2024
The Post Quantum Journey CISA, NSA & NIST: Migration to Post Quantum Cryptography Cryptographic DiscoveryCryptographic InventoryPrioritized Inventory of Cryptographic SystemsQryptoCyber Cryptographic Discovery and Inventory Cryptographic Discovery & Inventory for Quantum Risk

Cryptographic Discovery & Inventory for Quantum Risk

Cryptographic Discovery & Inventory for Quantum Risk: Preparing for the Quantum Future As quantum computing progresses from theoretical research to practical applications, its impact on cybersecurity becomes increasingly significant. The…
Jeffrey Duran
Jeffrey DuranJuly 31, 2024

Leave a Reply

(415) 862-4235

[email protected]