Why Organizations Need to Become Crypto-Agile and What that Means | blog,pci,cryptography | Control Gap
Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and other 64-bit blocked ciphers are on the way out. RSA will likely follow, and our current pre-quantum public key cryptosystems will eventually become deprecated. These changes have impact and require widespread coordination. Old software and hardware will need to be upgraded or replaced. It will require time, effort, money, and pro-active management. Simply reacting will be risky, painful, and expensive. Industry needs to learn from past changes so that organizations can be ready. Most importantly, we need to do better than we have done in the past. But how?
