RSAC 2025: The time for crypto-agility adoption is now
2025-05-01T15:32:00Z
An RSAC 2025 speaker explained why companies should begin their quantum-safe journey now and how crypto-agility adoption helps prepare for post-quantum cryptography.
It might be five, 10 or 15 years away, but the day of a cryptographically relevant quantum computer will be here before you know it. Organizations must prepare now for that day — and one way to do that is by adopting crypto-agility.
Crypto-agility enables organizations to adapt to changes in the evolving cryptographic landscape by dynamically swapping algorithms, keys and certificates without disrupting the underlying IT infrastructure.
Greg Wetmore, vice president of product development at identity security vendor Entrust, spoke about crypto-agility implementation and adoption during a session at RSAC Conference 2025.
Why companies should adopt crypto-agility now Cryptography has largely been static for the past several decades, Wetmore said, which is why many organizations aren’t ready for this change. “RSA has been widely used for more than 30 years. Elliptic [curve cryptography] for more than 20,” he said. “We’ve done small cryptographic changes, but we haven’t faced a discontinuity that the quantum threat represents.” This is where crypto-agility comes into play. Crypto-agility is more than just a response to quantum computing, according to Wetmore — though it is often the reason companies adopt it. Broadly, he said, crypto-agility is about an organization’s resilience in a changing threat landscape that requires adapting to new cryptographic algorithms and policies. Wetmore said crypto-agility helps companies counter the following challenges: Post-quantum cryptography (PQC) and “harvest now, decrypt later” attacks.
Shortened certificate lifecycles.
Device sprawl, which complicates crypto asset inventorying and data security.
Operational complexity that makes cryptography management difficult. For many, the timeline for PQC is drawing near. For example, organizations that work with national security systems must begin using quantum-safe algorithms for software, firmware and browsers by the end of 2025. NIST will deprecate classical asymmetric algorithms in 2030, and the deprecated algorithms will be disallowed starting in 2035.
Auto-posted from news source
About The Author
