Month: November 2024

NIST Announces the End of RSA and ECDSA

/ bugejajoseph / Leave a comment

In a significant shift for cyber security, NIST has announced the deprecation of RSA, ECDSA, and EdDSA encryption algorithms by 2030, with a full disallowance by 2035. This transition, outlined in the NIST IR 8547 document (currently in draft), is driven by the growing quantum threat and sets a clear timeline for organizations to update their cryptographic systems.

While there may be no cryptographically relevant quantum computers yet that currently threaten levels of security, these long-standing public-key algorithms remain vulnerable to Shor’s Algorithm on such future quantum systems. On the other hand, NIST-approved symmetric primitives providing at least 128 bits of security are unaffected by this change.

NIST has posted a transition schedule for post-quantum cryptography (PQC), outlining key milestones to help organizations adopt quantum-resistant algorithms. Three PQC standards to strengthen modern public-key cryptography infrastructure for the quantum era include ML-KEM, ML-DSA, and SLH-DSA.

The proposed timeline is expected to significantly influence the industry, with global attention now also on the European Union’s position on PQC, as many await its stance before proceeding with full-scale implementations.

To learn more, read the full NIST IR 8547 draft here.

Security Framework for Modern Enterprises

/ bugejajoseph / Leave a comment

Companies need a security framework that can defend against threats on multiple fronts. The framework I lay out below offers a structured strategy for protecting critical assets through five core security domains.

  • Edge Security and Access Management: At the front line, securing access is key. This includes robust authentication methods like: Zero Trust, Mobile Device Management (MDM), and Endpoint Detection and Response (EDR).
  • Network and Infrastructure Security: Building on the Edge Security and Access Management layer, this layer strengthens the perimeter with advanced tools such as Next-Gen Firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), and Secure SD-WAN. These defenses keep both on-premises and cloud networks secure.
  • Data Security and Privacy: At the heart of the framework, data protection focuses on encryption, Data Rights Management (DRM), and strong backup protocols — essential for compliance and mitigating data breaches.
  • Cloud and Infrastructure Security: Modern infrastructure demands cloud-native security solutions like Cloud Security Posture Management (CSPM) and container security. Integrating DevSecOps practices ensures that security is embedded in the development pipeline.
  • Security Operations and Response: This layer unifies all defenses through advanced threat detection, incident response, and governance. SIEM/SOAR platforms and incident response playbooks empower organizations to act fast in the face of security incidents and maintain compliance.

This cohesive approach highlights the importance of each layer working together to provide a strong, adaptive security strategy for modern enterprises.