By 2021, organizations with crypto-agility will suffer 60% fewer cryptographically related security breaches and application failures than organizations without a plan.¹

Cryptographic compromises are often sudden and unpredictable. Yet most enterprises don’t know how many keys and certificates they have -- much less how to replace them -- leaving the organization vulnerable to inevitable risks.

The worst time to evaluate your risk is after a compromise has already occurred. IT, security, and product leaders must act now to identify vulnerabilities and build a strategy to effectively find and replace affected algorithms across their environment.

In This Gartner Report, We Believe You’ll Learn How To:

  • Build crypto-agility into application development and procurement workflows
  • Identify and evaluate your dependency on algorithms and find existing vulnerabilities (e.g. MD5, SHA-1)
  •  Develop an incident-response plan and algorithm swap-out procedures to prepare

Who Should Read This Report

  • Enterprise PKI / Security Teams
    Public key infrastructure (PKI) is used by most enterprises to secure business-critical data and devices, but finding and replacing certificates is difficult without the right tools and processes.
  • Hardware / IoT Manufacturers
    Many IoT device lifespans will extend well beyond the effectiveness of their cryptographic keys. Manufacturers must respond swiftly to high-level crypto risks and update devices at massive scale.
  • DevOps / App Development Teams
    Developers are focused on writing code, not understanding the details of cryptographic functions. But vulnerabilities in crypto-libraries or code signing keys can undermine application security.

¹ Gartner "Better Safe Than Sorry: Preparing for Crypto Agility," August 6, 2019, David Mahdi and Mark Horvath.

 

Keyfactor Gartner Crypto Agility

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

Get Insights from Gartner Analysts

Gartner Crypto Agility Keyfactor PKI

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Keyfactor.