Crypto-Agility for IoT

Nearly all the hardware and software we use, in both traditional enterprise IT environments and burgeoning Internet of Things (IoT) ecosystems, depend heavily on secure digital cryptography. Static systems are inherently insecure, and this principle applies to cryptography as well. It is a foregone conclusion that the cryptographic algorithms in play will eventually be deemed unsafe. Delaying that result, by making it difficult to achieve through available resources, is, in fact, the only way of avoiding it. Moore’s Law and the predictable evolution of computing power will always prevail. It is inevitable that many IoT devices will operate for durations that extend well beyond the effectiveness of their cryptographic keys. With this predestined outcome, readiness becomes a necessity. Not the readiness to respond to broken algorithms and their impact on data and communications, although that is also important, but the readiness to respond to crypto risk. The ability to act before threats become real, and to take action that results in a state where cryptography and its usage, whether for data in motion or data at rest, has its integrity upheld.