June 2020

This month:

  • NIST Updates Recommendations for Post-Quantum Cryptography
  • Ensuring FIPS Compliance for Applications  
  • New Cloud Secret Manager Integrations
  • Yet Another Data Breach... Postbank Loses a Masterkey

NIST Updates Recommendations for Post-Quantum Cryptography

NIST updated their guide to preparing for post-quantum cryptography on May 26th. Amongst other things it suggests: "Identification of automated discovery tools to assist organizations in identifying where and how public-key cryptography is being used". They also advocate for the development of "an inventory of where and for what public-key cryptography is being used in key enterprises". To find out more about the work required to build an inventory, download our whitepaper or check out our best practice tips.

Ensuring FIPS Compliance for Applications  
Following a number of requests, we have now updated our software to include FIPS audit capabilities. This means that you can now easily test whether your applications are using FIPS compliant cryptography, from within Cryptosense Analyzer. There's also more on the latest version of FIPS (140-3) and what it means over on our blog.

New Cloud Secret Manager Integrations
As part of our commitment to reduce time to cloud for customers in regulated industries, we're currently building direct integrations with secret managers offered by the major CSPs. AWS and GCP integrations are hot off the press, Azure follows next month.

Yet Another Data Breach... Postbank loses a Masterkey
Serious breaches around cryptography continue to occur, and as before, relate to poor management of cryptography rather than mathematical breakthroughs. In June 2020, it emerged that the South African Postbank lost a master key and as a result had to replace 12 million bank cards at a cost of ~US$60M.

That's all for this month, if we missed anything noteworthy please let us know.

Best,
Graham and the Cryptosense Team