We believe that true cryptographic agility comes not from switching algorithms in a library, but from having a continuously up-to-date and complete view of the entire call stack that is using cryptography across applications. This means that when a cryptographic algorithm needs to be changed, we already know what the consequences will be for the rest of the application and can plan and monitor the transition in CI as the application changes.
No. Without full visibility on the entire cryptography ecosystem, switching algorithms will cause time-outs, data field overflows, key-storage issues, etc. This applies particularly to the transition to post-quantum or hybrid post-quantum/classical cryptography, which will introduce new limitations in terms of large key sizes, performance constraints, additional operations in protocols and so on.
Yes. The Cryptosense approach to crypto-agility is to build a continuous cryptography inventory that stays up to date thanks to its integration into the DevOps toolchain for in-house applications and with business-as-usual scanning tools for other points in the infrastructure. This inventory is queryable via the GraphQL interface allowing immediate, actionable intelligence on where and how algorithms are being used facilitating a coherent crypto-agility programme.
CAP is a complete cryptography management platform. By combining analysis of cryptography throughout your infrastructure it gives you powerful insight into how you use cryptography with multiple business benefits.
download