May 2021

This Month:

  • PQC, the Latest from NIST
  • FIPS Cryptography (why we need it and how to comply)
  • When Certificates Attack...
  • CAP x Azure Integration
  • What Happened at Codecov?
  • We're Hiring, Join the Team!

PQC, the Latest from NIST
NIST have just released a new report on preparing for post-quantum cryptography. It highlights the importance of having a high-quality cryptography inventory as a starting point for your PQC preparation. You can hear Graham's thoughts on this news over on YouTube, and if you want to delve deeper, take a look at our newly published PQC Solution Brief.

FIPS Cryptography
FIPS 140 is a series of standards for cryptography that applications must meet for acceptance by the US Government, and is required as part of FedRAMP and other programs. In our next webinar, we'll show you how to prepare an application to meet FIPS requirements efficiently. In particular, we'll look at the requirements in the new version of the standard (FIPS 140-3), and the options for FIPS-approved software libraries, including the soon-to-be-available OpenSSL v3.

When Certificates Attack...
Recent high-profile certificate outages have thrown more light onto the problem of "shadow certificates", prompting Jarred to give us his usual witty take on the problem over on the blog. In a nutshell it comes down to visibility, how can you defend yourself against an unseen, unknown enemy? Scary stuff.

CAP x Azure Integration
Cryptosense Analyzer Platform (CAP) is now live on Microsoft Azure Marketplace. Organizations looking for more visibility and control on their cryptography can now access a free trial and consume our technology from Azure directly via a deployment on their cloud tenant. The advantage of this type of deployment is that all the crypto analysis data that CAP provides stays in your cloud area, not in our SaaS, giving you greater control.

What Happened at Codecov?
The recent attack on Codecov has left companies scrambling to figure out where their keys are, and spending weeks of valuable engineer time doing so. Since any of the keys in their deployment pipeline might have been compromised, a confirmed key exposure meant that they had to manually hunt down all the places in their applications it was used to make sure that all the keys got changed at the same time, otherwise everything would stop working. Fortunately Cryptosense customers were able to avoid this gruelling process since CAP figures out where all your keys, certificates, and cryptographic operations are at any given time, making rolling out new keys super easy.

We're hiring!
As many of our followers on Twitter and LinkedIn already know, we recently announced a new funding round. The team is growing and we would love to speak to anyone who is excited about solving the problem of cryptography management at scale. You can check out our current vacancies here.

To get the latest crypto news as it happens, subscribe to our Youtube channel.

Best,
Graham and the Cryptosense Team