It is not a question of if, but when quantum computing will arrive and be used for malicious purposes, as the expectation is that this new technology will be capable of cracking most, if not all, of the asymmetric cryptographic algorithms currently used to protect data. While quantum computing is not expected to arrive until 2030, the time is now for companies to get prepared for these threats that are related to this new technology. The question is, however, when and how they should prepare.
Hardware security modules (HSMs) are physical devices that provide cryptographic functions such as encryption/decryption and digital signing. They are used in many industries where strong security is necessary, including finance, banking, government, military and healthcare. In banking in particular, HSMs are used to validate all payment card transactions.
HSMs are typically installed in a secure rack in private bank datacenters around the globe. For evident security reasons, accessing these datacenters is strictly controlled and in nature, accessing these HSMs inside the datacenter is inconvenient even for the security teams responsible for this infrastructure.
There is a need to remotely administer these HSMs once provisioned and to manage and to load the cryptographic keys required for payment processing. This is what we call “remote key loading”.
Each year, various events within the cybersecurity industry have a significant impact on the industry, leading experts to predict an increase in the frequency and severity of such occurrences in the years ahead. As preparation is preferred over mitigation, awareness of what to anticipate this year and beyond is essential.
With post-quantum technology having the potential to trigger a new wave of cyber threats, we identify 10 steps that organizations should take to prepare.
The UK's relationship with the EU has been tumultuous in recent years, especially in the wake of Brexit. With regards to digital identities, former Prime Minister Tony Blair's, statement that "everyone in the UK should be issued with a digital ID" has sparked heated national debate and left many wondering if the UK will follow suit with the EU on this issue.
Cloud computing brings many benefits to enterprise businesses; easily scalable, cost-effective and resilient, cloud computing enables rapid development of products and services while minimizing downtime and reducing cost. However, the aggregation of sensitive data, critical business processes and other corporate IP on a publicly accessible platform creates security and data privacy challenges for many enterprises.
EMV Personalization of a payment card is the process of writing data to the card in order to make it ready for use. This includes loading the card with information such as account numbers, expiration dates, and other customer-specific data. It also refers to the process of loading cryptographic algorithms and keys onto credit cards using hardware or software tools. This ensures all personal data can be safeguarded against theft or misuse.
The European Commission promotes the European Digital Identity wallet (EUDI wallet) as part of its effort to digitize the economy and help foster trust services. In practice, this means that from the end of 2023 each EU Member State will gradually offer a mobile-based wallet to their citizens, residents and businesses to identify and authenticate online. Here we look at the scope of the EUDI and some of the security challenges for the app.
Companies who use Amazon Web Services (AWS) often choose to do so because of its scalability, ease of use and lower costs than other services or hosting their own data centers. However, it could bring a challenge for those in the EU who need to remain compliant with Schrems II to protect their data. Here we discuss the compliance challenges facing EU companies using AWS to host data and how Cryptomathic’s Bring Your Own Key (BYOK) Service can provide Schrems II compliance for AWS-hosted data.
