This is where post-quantum cryptography (PQC) comes in, and why Commvault has chosen to implement it to safeguard your data.

Why We Need PQC

Many of the asymmetric and symmetric cryptography algorithms we use to protect data from prying eyes rely on mathematical problems factoring in large numbers

• While these are difficult for classical computers to crack, quantum computers solve these mathematical problems significantly faster, making what was once thought impossible very much possible.
• This could leave any sensitive information that is normally encrypted, such as credentials, emails, financial data, and medical records, exposed.

You might think the threat of quantum computing is five to ten years away, but anyone who recently attended the keynote at Ignite/Reinvent/Next would know that quantum computing resources are already available and the technology is rapidly advancing. And now it’s available to anyone, including malicious actors. The question is, how do you shield your organization?

.

A Multi-Faceted Approach: Bigger Keys, Better Locks, and PQC

Although full-fledged PQC algorithms are still on the way to being standardized, there are steps we can take now to bolster our defenses. One approach is to increase cryptography key lengths on symmetric algorithms, so it takes a longer time to crack encryption with brute-force attacks. This is very similar in principle to increasing the number of pins in a tumbler lock. The more pins the lock utilizes, the more difficult and time consuming it is to crack. The larger and more complex the key is, the harder and longer it takes to replicate or guess.

Secure Post-Quantum Data Encryption

AES encryption has long been the industry standard algorithm for secure symmetric encryption, and in the near term it will continue to be relatively sufficient in securing against quantum brute-force attacks, as long as high key sizes are utilized. Commvault already has standardized data encryption on AES-256, which is the highest supported key length for AES.

To put things into perspective, we can look at Grover’s algorithm to demonstrate the potential threat of brute-force attacks. Grover’s algorithm is a commonly known algorithm used to solve complicated mathematical problems. It also can be used to speed up password brute-force attacks, especially when executed on quantum computers.

With Grover’s algorithm, the time to crack AES-256 encryption still would be impractical due to the key size (it effectively halves the key size) and because the current generation of quantum computers is not quite powerful enough. So, AES-256 is still a viable encryption algorithm in the foreseeable future.

Secure Post-Quantum Communication

When it comes to the asymmetric encryption algorithms (public-key cryptography) that are used for secure communication and digital signatures, things look bleak. This is one of the cryptographic areas at highest risk of impact by quantum computing since RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) algorithms are severely weakened by quantum computers.

Following public calls to action to develop PQC standards, the National Institute of Standards and Technology (NIST) coordinated the solicitation, evaluation, and selection of candidate algorithms for PQC starting in 2016. As of December 2023, the final post-quantum algorithms have been selected, and NIST has begun drafting the standard guidance and publications around them.

Commvault has taken the first steps in incorporating some of the upcoming PQC standards to improve secure communication. Two key components needed to be updated to provide quantum protection:

• Key exchange and encapsulation: Establishes a symmetric encryption key during TLS setup.
• Signature generation and verification: Creates a chain of certificates and authenticates parties involved in the TLS setup, preventing man-in-the-middle attacks.

The traditional key exchange algorithm, ECDH (Elliptic-curve Diffie-Hellman), is susceptible to attacks with the advent of quantum computers. CRYSTALS-Kyber, a NIST-approved post-quantum algorithm, serves as a replacement for ECDH.

However, a secure TLS connection requires more than just key exchange. Both ECDH and Kyber are vulnerable to man-in-the-middle attacks. This necessitates the use of a certificate chain and signed/verified messages during TLS setup. Conventional cryptography relies on RSA with large private/public key sizes (2048, 3072, etc.) for this purpose. NIST has recommended post-quantum alternatives for RSA, which includes:

• CRYSTALS-Dilithium3
• Falcon
• Sphincs+

Today’s Best Combo

Customers immediately can begin securing their environment against quantum-based attacks starting in the most recent software release, Commvault Cloud CPR 2024, which leverages CRYSTALS-Kyber for key encapsulation, and CRYSTALS-Dilithium3 or FALCON for digital signature schemes, to provide secure communication within the Commvault® Cloud platform.

Once enabled, data communication within Commvault will be resistant to quantum attacks, while your data is encrypted at its source with AES-256 algorithm, keeping your data safe from modern and future quantum threats. Given that the quantum space is under rapid development, along with additional scrutiny of these algorithms, Commvault Cloud has implemented a flexible framework that allows selection of other algorithms and key lengths, for both key exchange/encapsulation and signature generation/verification, providing a futureproof way to remain vigilant in this ever-changing space.

The Road Ahead

As with all security measures, PQC is yet another layer to implement on top of other security controls to keep you cyber resilient. We recommend using Security IQ to gain insights into your own security posture and implement controls to keep your data safe from quantum and other attack vectors.

Similar to how trust is a continuous process, Commvault’s continual investment in cyber resilience and quantum protection will keep your data safe against ever-evolving threats. You can learn more about Security IQ here.

Lưu ý: Để duy trì hiệu quả của các biện pháp bảo mật, hãy xem xét và cập nhật thông tin định kỳ (ví dụ: 6 tháng/1 năm) để đảm bảo tính chính xác, đầy đủ và phù hợp theo thời gian, đặc biệt với các chủ đề thay đổi nhanh hoặc nội dung “evergreen”.

Câu Hỏi Thường Gặp (FAQs) về Mật Mã Hậu Lượng Tử

1. Mật mã hậu lượng tử (PQC) là gì?

Mật mã hậu lượng tử là một lĩnh vực nghiên cứu trong mật mã học tập trung vào việc phát triển các thuật toán có khả năng chống lại các cuộc tấn công từ máy tính lượng tử hiện tại và tương lai. Mục tiêu là đảm bảo mã hóa an toàn trong kỷ nguyên lượng tử.

2. Tại sao máy tính lượng tử lại là mối đe dọa đối với mật mã hiện tại?

Máy tính lượng tử có khả năng phá vỡ các thuật toán mật mã khóa công khai phổ biến như RSA và ECC, vốn là nền tảng của mã hóa an toàn trên Internet hiện nay. Chúng có thể giải quyết các bài toán toán học phức tạp mà mật mã hiện tại dựa vào một cách nhanh chóng hơn nhiều.

3. Các tiêu chuẩn PQC được phát triển như thế nào?

Các Tiêu chuẩn PQC được phát triển thông qua các quy trình toàn cầu, nổi bật là chương trình của NIST (Viện Tiêu chuẩn và Công nghệ Quốc gia Hoa Kỳ). NIST đã tổ chức các cuộc thi để lựa chọn các thuật toán hậu lượng tử mạnh mẽ nhất, sau đó sẽ ban hành các hướng dẫn tiêu chuẩn cho việc triển khai chúng nhằm đảm bảo bảo mật dữ liệu lượng tử.

4. Mã hóa AES-256 có đủ mạnh để chống lại các cuộc tấn công lượng tử không?

Mã hóa Mã hóa AES-256 được coi là tương đối an toàn trước các cuộc tấn công vét cạn lượng tử trong tương lai gần, chủ yếu nhờ vào kích thước khóa lớn. Tuy nhiên, nó vẫn cần được sử dụng trong một chiến lược bảo mật toàn diện bao gồm cả các giải pháp Mật mã hậu lượng tử cho các thành phần khác.

5. Làm thế nào để doanh nghiệp chuẩn bị cho kỷ nguyên hậu lượng tử?

Để bảo vệ dữ liệu tương lai, các doanh nghiệp nên bắt đầu đánh giá các hệ thống mật mã hiện có, theo dõi sự phát triển của Tiêu chuẩn PQC và xem xét các giải pháp kết hợp như việc Commvault đã triển khai CRYSTALS-Kyber và Dilithium3. Việc này là một phần quan trọng của khả năng phục hồi không gian mạng dài hạn.

Đừng để dữ liệu của bạn dễ bị tổn thương trước các mối đe dọa lượng tử trong tương lai. Tìm hiểu thêm về các giải pháp Mật mã hậu lượng tử của Commvault và cách chúng tôi giúp bạn xây dựng khả năng phục hồi không gian mạng vững chắc.
Liên hệ với chúng tôi ngay hôm nay để được tư vấn và bảo vệ tương lai dữ liệu của bạn
!

The post Future-Proofing Your Data: Post-Quantum Cryptography and Beyond Bảo Mật Dữ Liệu Lượng Tử: Mật Mã Hậu Lượng Tử & Tương Lai appeared first on Deliver Intelligence - Dibiz JSC.

The event served not only as a platform to share the latest technological trends but also as a forum for leaders and IT professionals to discuss and seek solutions to the complex challenges of data protection and recovery in the digital age.

In the opening remarks, representatives from Commvault emphasized the critical importance of shifting the mindset from passive defense to building a robust, self-recovering system architecture. The seminar’s objective was not merely to introduce products, but to collaboratively shape a comprehensive, effective, and practical cybersecurity strategy tailored to the specific context of Vietnam.

In-Depth Sessions: From Global Perspectives to Localized Solutions

1. Commvault: Building a Solid Architecture for Cyber Resilience

Kicking off the in-depth presentations, Mr. Chee Peng Mak, Senior Solutions Specialist from Commvault, introduced a progressive concept: “Uninterrupted Business Operations.” The core of this vision is to achieve “Minimum Viable Operations”—a critical milestone that defines the minimum set of systems, data, and processes that must be restored for a business to resume operations immediately after a disruption.

The session highlighted alarming statistics: 99% of ransomware attacks attempt to destroy backups, and the average time to recover from a cyber incident is 24 days. This underscores that “Cyber Recovery” is significantly more challenging than traditional “Disaster Recovery.” To address this, Commvault presented a comprehensive workflow, from threat remediation and infrastructure rebuilding to restoring access (Active Directory) and recovering data safely through advanced technologies like Cleanroom Recovery and Air Gap Protect. As a 14-time consecutive leader in the Gartner® Magic Quadrant, Commvault continues to affirm its outstanding capabilities in this field.

2. VNPT SI and VNPT Cyber: The Integrated Strength of Vietnam’s Technology Ecosystem

Following Commvault, Mr. Tran Manh Tuan, Product Director of Corporate Governance Services at VNPT SI, offered a practical perspective on Vietnam’s digital transformation landscape and how VNPT supports businesses on this journey. His presentation analyzed two major challenges commonly faced by enterprises:

• For Small and Medium-sized Enterprises (SMEs): They often start with standalone software, leading to fragmented applications, inconsistent data, and a lack of dedicated IT personnel.
• For Large Enterprises/Corporations: While having invested in large-scale systems (ERP, CRM), they face challenges with data scattered across different “silos,” being trapped in legacy systems, and difficulties in consolidating management reports.

VNPT demonstrated its leading position with a dominant market share in foundational services such as digital signatures (26.5%) and e-invoices (25%). Building on this strong foundation, VNPT provides comprehensive integrated solutions: an “All-in-one” platform for SMEs to unify all operations within a single workplace, and the implementation of data integration layers (Data Lake, AI/BI) for large enterprises to consolidate, standardize, and intelligently leverage their data.

3. Ransomware in Practice – Techniques and Lessons Learned from VNPT Cyber Immunity

To provide a hands-on, practical perspective, Mr. Nguyen Doanh Thinh, a Security Analyst from VNPT Cyber Immunity, delved into today’s most pressing topic: Ransomware.

A key highlight of the seminar was the discussion on how hackers infiltrate systems—from exploiting common web application vulnerabilities like Telerik, uploading a webshell, and privilege escalation, to deploying data-encrypting malware on a large scale. More importantly, the presentation summarized the core difficulties and limitations organizations often encounter during incident response. These include the lack of clear response procedures, authorization and legal issues, delays in detection and reaction, and especially, weaknesses in Backup and Disaster Recovery strategies. These are invaluable lessons for any organization.

Lively Interaction and Valuable Connections

The concluding Q&A session was exceptionally lively, with a series of insightful questions from attendees. This multi-faceted exchange between experts and participants not only clarified technical concerns but also painted a clear picture of the awareness and urgent need for cybersecurity in Vietnam. This vibrant atmosphere continued during the networking sessions, where conversations went beyond simple introductions and became the starting point for initial collaborative ideas.

Conclusion

The “Best Practices & Solution Architecture toward Cyber Resilience” seminar concluded successfully, leaving attendees with valuable knowledge and profound insights. The event once again affirmed that in the relentless fight against cybercrime, thorough preparation, a solid system architecture, and close collaboration among technology partners are the keys to success.

To receive materials from the seminar or for a more in-depth consultation on the solutions offered by Commvault and VNPT, please contact: Ms. Ha – Phone: 0326291803. Email: hatt@dibiz.vn

The post Seminar on Cyber Resilience: Building a Proactive and Sustainable Defense Strategy appeared first on Deliver Intelligence - Dibiz JSC.