Transcript
preparation and regulations and standards that are starting to come to light that people need to start going down this path right now. Hello, everyone. Welcome to Strive, where we explore what it means to be cyber ready, one conversation at a time. But cyber ready isn't a destination. It's a discipline. Hello, everyone. I'm Vidya Shankaran, the host for today's webinar with Michael Fasulo, a fellow PQC expert here at Commvault. Michael, welcome to Strive. Thanks. Thanks for having me today. Sure. So today, post-quantum cryptography is the core area of our discussion. And I want to open it up with two facts that is making every single CISO extremely uncomfortable. One is, of course, the harvest now, decrypt later, where adversaries aren't technically waiting for quantum computers to be ready today, but they are definitely exfiltrating out encrypted data right now, storing it and waiting for when commercially viable quantum computers would be available at their disposal. So you technically will not see a breach having an impact just yet, at least not for the foreseeable future. But at the same time, it's a ticking time bomb. And it's waiting to explode at a moment's notice, the moment that quantum safe computers are going to be commercially viable. And the second uncomfortable truth is, of course, that only 5% of enterprises have deployed quantum safe encryption. Now let's hang on to that particular stat for a minute. Let's pause on it. So when we spoke, Fasulo and I were on a similar session, I want to say eight, nine months ago, we covered the very same topic, post-quantum cryptography. It definitely felt very urgent at the moment, but definitely in today's realm of things, it is critical. So having Fasulo back, it's definitely that much more valuable because the questions that we have in store today targeted at PQC is more around what that means for enterprises that haven't really started on this journey to be quantum safe yet, especially with the accelerated timelines that we keep hearing about where it was probably 10 years, then shrinking down to seven, and now it is at three-year mark. What do you think it actually means for enterprises today? Yeah, totally crazy. So let me start with just validating some of the things that you said. Harvest Now, Decrypt Later, I think since the last time we talked, I would say almost moved from theory and maybe some isolated cases to it's happening and people are reporting on it, right? So the threat of Harvest Now, Decrypt Later is absolutely real. We're seeing reports of adversaries doing this now. The ticking time bomb analogy is probably quite accurate. One of the other things that I think is capturing a lot of the new cycle is recently Google had published that the initial theories about when ECC would get cracked is greatly accelerated from the initial time. So that's where I think that collapsing of the timeline, we're seeing that kind of also playing out. And what's interesting about that is, although that's directly related to like the qubits, and if you start to do some fuzzy math, it still feels like 10 years out, but it doesn't take into consideration any type of algorithmic improvements and things of that nature. So I think as all of those things kind of come together, it creates this perfect storm. Now, in the meantime, that's kind of on the quantum and the algorithm side. You still have regulations. You still got NIST kind of doing their thing. You got FIPS 140-2 being sunset. So you have all of these things kind of coming from all these different angles, causing that pressure. And when you think about the three-year timeline, we're going to start to see the certificate rotation thing come into play. You're going to see this requirement for FIPS 140-3 coming in. You're going to see NIST making greater recommendations on how you're going to have newer algorithms to be quantum resistant. So organizations are going to have to start putting the pedal to the metal and really figuring out how they're going to get this to be deployed across their entire estate. I always talk about the discovery aspect. They're going to have to get a move on on that because this is not an overnight flip-the-switch type of thing. A hundred percent, completely agree with you on that. And something that we talk about between us or with the groups at large, I definitely have seen this growing two distinct camps of customers or two different environments as well, to your point on how regulatory deadlines are definitely looming large. But at the same time, I see the two distinct camps split between the awake, so to speak, you know, the kind of customers who are really at the forefront of things, trying to adapt and adopt what's latest to make sure they are not caught unawares. And there's the paralyzed camp as well that feels a little too overwhelmed, not just by the deadlines that are fast approaching, but also because to your point on the discovery aspect of it, because if you don't do your homework around creating that much needed inventory of what truly benefits from the PQC kind of investments, they are at this point pretty much paralyzed. They are reading the headlines. They know that it's fast approaching, but they just don't know where to get started with, especially from the discovery elements of things. So in that realm of things, where do you see the supply chain actually getting impacted because of all of this? Because there is the standalone entity of an organization that is either awake or paralyzed. But there's also the supply chain implication of an organization not doing anything about it. That means that your organization is going to incur that risk because your own timeline is going to also be whoever you're using for third party or SaaS or, you know, if you're in the hyperscalers, those timelines, you know, they have to be all aligned. And for me, when we talk to customers and prospects and even partners, like cryptography is not a single layer to audit, right? Like you just don't do a baseline discovery and you got all the bits and pieces, right? You got your cryptography, you got firmware, you got code signing, you got your SaaS APIs, like this is all over the place. So that's why I think the urgency for people that are taking the step back and going, yeah, we have to do something in it. I know we have a couple of years. It's almost like that's a breath of fresh air that you have a couple of years because it's going to take a couple of years to get there, especially if you have the inventory. So I know people like fixate on CMDBs and doing these types of discoveries, but it's way deeper than that. It's way wider than that, especially if you're in certain regulated industries or, you know, you got OT in the environment, like it's infinitely complicated. So, you know, that paralysis is very understandable, but you got to start somewhere, right? And for us, obviously providing data and data protection and network pipelines, you know, encrypting data is something that we've always done. And you know, it's a natural extension. So if you got to start somewhere, it's almost like you can start with us and kind of use that as your way to extrapolate it out across the rest of your enterprise. Right. And I wanted to quickly touch on something that you just brought up around, you know, our support for post-quantum cryptographic algorithms and kind of tracing it backwards into, hey, you may not necessarily have the complete view into your estate just today, but you got to start somewhere, which was also kind of interesting because I had a customer who actually said, it looks like the clock started without us. And that's pretty much the status that many organizations are in today. But from your point of view, what would be your best practice recommendation to organizations that want to start prioritizing or creating that inventory that calls out and maps it out to the criticality of that particular line of business to their overall business? What best practice recommendations would you share with the larger audience? Yeah. So a lot of times we always start with, well, being CompVault, it always focuses around the data part first. Inventory the environment and see if you do have extremely long-term sensitive data. Because if you have long-term sensitive data, then your harvest now decrypt later is a problem today versus 2023 or whenever commercially viable quantum is going to be available. So some good examples are biometrics, trade secrets, things of that nature, because those things have a very long shelf life to be sensitive. If you think about like clear, as an example, your face and ocular scans, those things are immutable, right? Like those don't change. So if that data is to leak, that's going to be a major, major problem. So I use those examples for organizations to think about their particular footprint. And if they're on the fence about, should I use something like PQC or not today, like as an immediate need, I kind of use that as the barometer to say, go find that data. If you do have that data, then surgically apply PQC to that particular set of data. Monitor the impact because again, certificates, packets are bigger, there's a whole bunch of other implications. It needs compute to calculate the packet sizes. There's a couple of other things that you need to consider, but obviously you're going to want to do that and treat ultra sensitive data that's got a long shelf life with the appropriate amount of encryption. And then, you know, for everything else, we still continue to have that conversation about using ciphers and things that are resistant to the threats that they have in their environment today or against attackers today. You know, things like S256 for data at risk, we know is going to be pretty quantum resistant of today's standards. So there's a lot of recommendations we can provide. There's a whole KMS angle, dating of certificates, lots of foundational things, MPA, MFA, stuff like that. So if we're starting to have that PQC conversation, we usually start with, let's explore the data and surgically apply it where necessary, and then make sure we're still doing all the other foundational things to protect the data and the estate from the usual stuff that we see. Got it. No, I think that's a fantastic rule of thumb. Anything that has longer term retention, to your point, anything that's going to be retained for seven years, 10 years, or especially in the healthcare business, where it's probably the lifetime of the patient under care, but kind of tying it back into where Commvault can be a value add, especially for customers or people who are not necessarily familiar with the completeness that we provide in terms of our PQC support. Where do you think the MLKEM algorithm in particular complements what customers are trying to do in terms of crypto agility or overall completeness from a PQC support? What does it mean? And if you could break it down for me, please. Sure. And I'm glad you said crypto agility, because I think that's really where we differentiate ourselves, right? Unlike traditional algorithms where it's like, okay, you increase the cipher sizes, change the cipher. Crypto agility allows us to switch. And the reason why that's super important, and you mentioned MLKEM, when NIST was going through and validating and making recommendations for FIPS 203, 204, and 205, there was an algorithm called Psyche. And it's really easy to remember, because if anyone was growing up in the 90s, we were all like, Psyche, when you used to fake someone out. So it's really easy to remember. Psyche made it through three rounds, and then they were able to actually crack it with like a single core CPU. So you just never know. And if we trace that philosophy back to Psyche, what we're even seeing today with HQC, which is another algorithm that uses a different mathematic computation. So KEM uses lattice, whereas HQC uses error correcting codes. NIST understands that if these mathematical calculations somehow get cracked, there needs to be a failsafe. So that's why crypto agility is super important. When we were implementing PQC, we kind of saw the writing on the wall, even though HQC was one of those things that was still kind of not completely approved, and it's still not. I think it's probably going to end up being approved this year, or maybe early next year. They understood that when Psyche got cracked, they probably need a failsafe. And it needs different mathematical proofs. NIST is kind of doing the work to do that. And then if you've been watching the news, there's even another nine algorithms that they're kind of going through and putting them through its paces. So NIST is going to continually do that. So fast forward to what we implemented. We implemented MLKEM, we implemented MLDSA, and then we have a couple other algorithms that are not super optimized, but they're possibilities for us to switch to. And then we even have the ability to switch to HQC, just in case. So again, as these algorithms are being used to protect our pipelines and making sure that if data was exfiltrated, they are completely quantum resistant to today's standards. If those were to get cracked at some future point, for us, it's a flip of the switch. We can switch algorithms. And because of crypto agility and the way our encryption framework works, you would be able to re-encrypt the data with the new ciphers right out the gate, where we're looking at that as fully protecting our customers based not only for today, but also for tomorrow. And keep a close eye on what NIST is doing so that as these changes in the landscape happen, whether they be more secure, or maybe there's optimizations that are made, because again, you're going to need some compute, you're going to need some networking packet changes like MTUs. Those things are going to happen. We continue to keep a finger on the pulse just so that we can provide not only that optionality, but the best balance of security and performance for our customers to meet all their different needs. You did touch upon the adjusting of MTUs as such. So would it be fair to say that PQC does not necessarily require a massive infrastructure overhaul? If yes, what would be the key considerations if someone is evaluating options with Commvault for the PQC enablement on their traffic, especially from a data protection standpoint? Yeah, with KEM and DSA, we're pretty good, no network changes or whatnot. But as NIST has been looking at these other new ciphers, depending on how complex these things need to be, there's going to need to be changes to both the compute and the network layer to compensate for it. And if you think about like the biometric stuff we were talking about today, just the thought that a single cipher could be cracked is problematic. So we're even seeing organizations taking a three cipher approach, which means that if someone was to steal those chunks, they would have to solve three different mathematical puzzles to actually crack that data open. We're even starting to see like the nuclear option being talked about and explored just to protect stuff not only for the distant future, but the distant, distant future, which is crazy, but it's pretty cool. Now, what you talked about just now, especially on the three cipher approach, that is extremely fascinating because when the rubber hits the road, that's where it would be worthwhile to see how arduous the entire operation, operational process would be. Yeah, it's going to be crazy. But I think at some point, there's going to be some data that they can't simply take the risk. So those are going to be approaches that, you know, certain organizations probably say like government, you know, nuclear launch code type of thing will probably take approaches like that just because there's so much unknown. And if that's going to be the most secure way to do things today, they'll probably, you know, opt to do those things. But, you know, at least from a Commvault standpoint, I don't see that in front of us, at least for the foreseeable future, but it's out there. I'm fairly certain that's going to be a real world challenge coming up real soon. But at the same time, especially with the growing geopolitical tensions all around us, which industries do you think are the furthest along? And what do you think, because, you know, given the practice that we've encouraged within Commvault as a culture, which is keep the constant feedback loop between customers and our engineering and products team going, what do you think we are learning from them to inform our roadmap and how we continue to innovate in this space? Which industries do you think are the furthest along? I would say financial services, government, and anything that's like federal adjacent, healthcare and critical infrastructure like oil and gas. And you know, if you squint at all of these, all of them have very long-term sensitive data and there's a lot to lose if that data is to leak. So I think each one of them does have unique approaches and conversations that at least I've had with them. And when you think about since we last talked, each one of them bring a lot of different validity and good talking points to why this is a today problem for them and how they're looking at the surrounding cryptographic posture of their environment is top of mind for them. So I'm sure there's going to be plenty of listeners that are like, look, this doesn't apply to me. But even when you discuss just generalized cryptography or maybe the lack thereof and the lack of preparation, I would say nine months from when we last talked, there's a lot more information and preparation and regulations and standards that are starting to come to light that people need to start going down this path right now. And as I go to reInvents and the Ignites and the Builds and the Gartner SRMs, I always go to the quantum sessions and every single one of them has a organization from one of the four verticals that I had just mentioned talking about their journey and why they had to do it and then talking about how they're securing our data, meaning like as customers of these organizations, especially when you talk about banks and stuff, how they're securing our data to make sure that we can sleep at night and our money and plans and government stuff is all secured. It's kind of refreshing to see that. And then as you extrapolate what they're doing to the common enterprise, we can easily see that it's directly in front of us and we're going to have to start peeling back that onion and start to deploy these things so that when the Q day does come, we'll be prepared whether we like it or not, it's going to come. So it's something to prepare for. But I think a lot of the answers are a lot more clear than they were nine months ago. Makes a lot of sense. Thank you so much for sharing that, Mike. Before I let you go, I have one final question for you. Where does Commvault stand competitively? I would love to hear your thoughts around this. I know we are at the forefront and we will continue to be. I hope that our competitors do catch up because for all their customers that are certainly in those industries, they're going to need this type of protection, especially if they're making secondary copies of our data. And one of the things that I think is worth mentioning is, you know, when we talk about harvest now, decrypt later, I think people think they're going to just, you know, break into an environment and, you know, hit a data repository and just steal a bunch of data. These sophisticated threat actors are not doing that, right? They work for service providers and they're stealing stuff off the wire. And what's interesting is when there was all those news articles about the fiber optic cables in the ocean getting cut, the first thing I thought was this is threat actors like directly stealing stuff. I think what you're going to start to see is very nontraditional approaches to exfiltration of the whole thing with these frontier AI models, with, you know, exploiting vulnerabilities and CVEs. Like, I think we're going to see this, this crazy wave of data being exploited and, and obviously exfiltrated. And that's much easier than, you know, tapping fiber optic cables in the ocean. You know, there's going to be all these multitude of ways that data is going to be exfiltrated. We want to make sure that our customers are prepared, not only for, you know, what I would say are like those star Wars use cases, but also the traditional ones that we're starting to see be re-imagined with AI. So, you know, I've always got your back. There's people like Vivia and myself and, you know, the, the engineering team and some of the other experts in the organizations that are making sure that for the customers that need this kind of protection, we're delivering it for them. And we do it with, you know, relatively low friction and we try to stay, you know, with our fingers on the pulse against NIST and FedRAMP and all the other things. So really delivering a resilient platform is, is our ultimate goal. You know, for those who don't know me, I love to win. So we're going to continue to be number one when it comes to PQC. Perfect. That was a lovely roundup of our discussion there, Mike. Thank you so much for being here. This is exactly the kind of conversation our listeners need to be having. And thank you to everyone tuning in to Strive. Until next time, stay cyber safe and cyber ready. Thanks for having me. If anyone wants to connect, feel free to reach out to me on LinkedIn or hit me up at Commvault.