Image Credit: Getty Images
Were you struggling to attend Transform 2022? Have a look at all the summit sessions inside our on-demand library now! Watch here.
Organizations spend large numbers of money and time on reducing single points of failure and diversifying risk, whether that be in your own portfolios or across supply chains. Without diversity of thought and process, we create single points of failure, from the relatively benign to the catastrophic.
Types of single points of failure is seen inside our everyday lives. The U.S. baby formula market is indeed concentrated that the closure of an individual factory threw the complete nation into crisis. The Germans used an Enigma encoding machine throughout WWII that were previously broken by the allies in 1939, many thanks, Alan Turing. This left all the supposedly encrypted messages readable. Unarguably, however, this single point of failure had some very positive externalities.
In cybersecurity, its inside our blood to lessen single points of failure, apart from encryption. Poor implementations of cryptographic suites which are designed to protect our networks will be the primary opportinity for breaking encryption of captured traffic. So can be certificates captured through brute-forced passwords and cryptography because of insufficient entropy used to create random numbers.
We have been connected with techniques thought unimaginable at the turn of the century, aside from back the 1970s when public key encryption was initially introduced by Diffie-Hellman. And today, we have been undergoing the biggest cryptographic migration in the annals of computing.
MetaBeat provides together thought leaders to provide help with how metaverse technology will transform just how all industries communicate and conduct business on October 4 in SAN FRANCISCO BAY AREA, CA.
Countering future threats to encryption
This season, the National Institute of Standards and Technology (NIST) is likely to finalize its shortlist of quantum-safe encryption algorithms and standards made to resist the risk of quantum computers. The ultimate NIST selection process is the start of this decade-long cryptographic transition, one which is for certain to be fraught with challenges and unforeseen risks.
Once we begin this massive undertaking, we have to turn to lessons learned from diversification to lessen risk. In investing, we look at an increased risk in two ways: systematic risk, linked to the market in its entirety, and idiosyncratic risk, specific to 1 firm, for instance.
We use diversification to erase, or eliminate, idiosyncratic risk by minimizing risks to increase returns. By mixing assets that dont move around in lockstep, we are able to reduce risk without sacrificing returns. We have been always seeking that elusive efficient frontier, the outrebound of just how much return you may get for just about any degree of risk. By mixing encryption technologies and approaches, we are able to do exactly the same.
The security industry often thinks when it comes to crypto-agility, but agility requires us to learn when weve been hacked or an algorithm has been defeated.Id venture to reckon that a nation-state actor isnt likely to raise its hand when thats been done. So, were often left guessing.
Agility means diversification
Lets consider agility another way. I purchased Peloton stock right when Mr. Big, a Sex in the town character, had a coronary attack after his workout. Since that time, the stock lost 75% of its value. Great.
I could be agile, so Ill swap out my tanked Peloton stock for Splunk, however the damage was already done.Instead, I will have looked to diversify my investments across asset classes, companies, industries and geographies. Had I done that rather than buying Peloton stock, Id only be down 30% rather than 75%.
Exactly the same applies to encryption. Rainbow, a NIST post-quantum algorithm finalist, and something of the very most peer-reviewed, fell to an IBM researcher who broke it over a weekend with a laptop. Subsequently, and obviously, it lost almost all its value. Its insufficient to just swap out a Rainbow post-quantum algorithm for Dilithium. Rather, I’d be better served by diversifying my encryption using out-of-band key delivery which allows multiple paths for the main element and data to flow, and a variety of algorithms and keys to be utilized. I thus minimize the impact of an individual strategy or algorithm failing.
Our journey with encryption is comparable to the start of the mercantile periods physical commodities trade. Initially, we mined gold and put everything using one boat to ship over the sea. Once the boat sank, all the gold was lost. Next time, we split the gold up and wear it multiple boats, but used exactly the same shipping route, so all of the boats still sank during one bad storm. So we split the gold up, wear it multiple boats that left at differing times and used multiple shipping routes.
Similarly, I could take my encryption key, generated with multiple blended resources of entropy, break it up, send it down multiple paths independent from the info path, protect it with different post-quantum algorithms and use different mediums to obtain it there, from fiber, to subsea cable, to satellite, when you send the info over 5G.
Many believe the chance of encryption failing because of advances in computing is systemic. In case a nation-state builds a quantum computer strong enough to break encryption, then your entire system fails, and hey, thats not on me! But CISOs have the never-ending and unenviable task of managing their organizations risk.
While we shall never achieve perfect security, we are able to carefully choose what security measures diversify away risk in probably the most efficient and cost-effective way possible. Understand that encryption risk is idiosyncratic, not systemic, and idiosyncratic risk could be diversified away.
If Id put $100,000 of my savings into Bitcoin last November, Id only have $26,000 today.EASILY took my standard approach, $10,000 in bonds, $10,000 in a Cheez-It box, $10,000 in a bank-account that I cant remember the password to and the others spread over the S&P 500, Id probably still have $85,000, even yet in this downturn.
More diverse teams result in more lucrative outcomes. Diversification in investing produces better risk-adjusted returns. Diversifying encryption strategies results in better security, in order that most of us dont awaken one day to get our encryption has been Mr. Bigd.
Holly Neiweem is Chief Financial & Operating Officer at Quantum Xchange
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, like the technical people doing data work, can share data-related insights and innovation.
If you need to find out about cutting-edge ideas and up-to-date information, guidelines, and the continuing future of data and data tech, join us at DataDecisionMakers.
You may even considercontributing articlesof your!