What is Crypto-Agility?

Crypto-agility, or cryptographic agility, is the capacity for an information security system to adopt an alternative to the original encryption method or cryptographic primitive without significant change to system infrastructure. NIST guidelines state “maintaining crypto agility is imperative” to prepare for the quantum computing era. Crypto-agility may be achieved through the adoption of new frameworks for incident response and application development, as well as the acquisition of a service software layer to facilitate crypto-agility in legacy applications.

Read more

Turning Cryptography into a Service - Part 2

Part 2 – Accelerating Time-to-Market

 With the increase in e-commerce and electronic communications on the one hand, and the growing challenges of cybercrime and data protection regulation on the other hand, cryptography is becoming an increasingly important business enabler.

Read more

Turning Cryptography into a Service - Part 1

Part 1 – Increasing Efficiency & Resilience

This two-part article discusses how cryptography is employed within organizations today and examines some of the challenges it raises, both for large, established enterprises and for start-ups within emerging markets such as FinTech, Internet of Things (IoT) and blockchain.

Read more

How to Deploy and Manage Cryptography in a Project the Right Way

With the ever increasing number of online services and electronic transactions, business owners are becoming ever more dependent on the use cryptography to prevent sensitive information from cyber attackers.

Read more

Using a Centralized Key Management System to Enforce Information Security Policies

A Key Management System (KMS) must be designed in a manner that supports the goals of each organization using the KMS. The aim of a security policy is to provide a secure working environment for the organization by establishing required security measures, protocols and controls. 

Read more

How to implement efficient Key Management in a Legacy Infrastructure

In this article, we discuss the various issues and present Cryptomathic’s approach to central key and crypto management that has been adopted by major banks. 

Read more

How To Solve The Biggest Problems With Key Management

Cryptographic keys are used to secure data-at-rest and data-in-transit. Trying to keep them protected yet always available for use is one of the most difficult problems in practical cryptography. Improper key management can lead to key leakage, where an attacker obtains the key and recovers the sensitive messages from the encrypted data.


This article discusses the key management problems and Cryptomathic's approach to solving the challenges faced by large organizations that use cryptography for variety of applications.

Read more

Is Your Crypto Due a Service?

Recent revelations in the press have caused industry experts to question just how much trust can be placed in existing cryptographic standards or even in certain methods of generating key material. Companies must be prepared to respond quickly and effectively to such changes in the security landscape, else they risk reputational damage and significant costs in the event of a breach.

To understand why this preparation is challenging, we should consider how cryptography is commonly deployed within a business.

Read more

Enabling HSM Cryptography as an Integrated Service - Part 3 of 3

An updated version of this article is available under this link.

To date the deployment of encryption services and the techniques used to achieve interoperability and technical standards have always lagged behind what businesses have actually needed, or for that matter, what regulators or certain schemes are enforcing.

Read more