Page 27 - GS220701
P. 27

CoverStory




        businesses than in-house systems. "Subscription service   known as Post-Quantum Cryptography (PQC) by the U.S.
        models are scalable and you don't need to know the      National Institute of Standards and Technology, will soon
        technology," he said. "You give it something sensitive and   be added to security technology product lines.
        get back a token that would be useless if intercepted by an
        attacker."                                              "The  eventual  standards  will  significantly  reshape
                                                                the cryptographic status quo, as the world transitions
        Cason agreed that HSM-as-a-service has made HSM         from classic crypto to quantum-safe algorithms," ABI
        technology accessible to more businesses. He believes   researchers wrote. "In turn, this is driving the consulting
        the challenges facing service providers have more to do   opportunity for advising on PQC migration strategies, and
        with provisioning hardware and achieving compliance     especially within financial, government, and enterprise
        than going to the cloud. Anyone can get a cage or two,   markets."
        he said, co-locate some HSMs and call it a service; what's
        harder is providing flexible, on-demand capabilities that   Perella called PQC an evolution of cryptography, similar
        fit individual clients and meet regulatory standards.   to AES algorithms replacing RC4. "Organizations can
                                                                leverage PQC for long-lasting data protections," he said.
        "You can't have an HSM environment without going        "But the maturity of PQC algorithms has not been tested
        through a PCI pen audit," Cason said. "And if you're doing   with enough rigor to rest on our laurels."
        point-to-point encryption (P2PE), which is becoming     Part 2 of this series will take a closer look at how experts
        standard in retail, you'll have to pass a PCI PPE audit and   are  leveraging and deploying  PQC, once again  editing
        other tests to ensure you're encrypting data from end to   Paytech's most fundamental DNA code.
        end."

        Next-gen cryptography                                   Dale S. Laszig, senior staff writer at The Green Sheet and managing
                                                                director at DSL Direct LLC, is a payments industry journalist and content
        ABI  researchers identified  quantum-safe  technologies   strategist. Connect via email  dale@dsldirectllc.com, LinkedIn  www.
        as another trend to watch, stating the imminent release   linkedin.com/in/dalelaszig/ and Twitter @DSLdirect.
        of draft quantum-resistant cryptographic algorithms,
   22   23   24   25   26   27   28   29   30   31   32