Certes Extends PQC Protection to Everywhere

Certes has released Certes v7, an extension of its Data Protection and Risk Mitigation (DPRM) platform. It extends the company’s Post-Quantum Cryptography solution to every app on every platform. The announcement claims “v7 keeps data protected even when infrastructure and identities are compromised.”

Paul German, CEO of Certes, comments, “For too long, cybersecurity has focused on protecting infrastructure and identities, yet attackers continue to bypass those controls. The reality is that organizations must now assume breaches will occur and focus on protecting the data itself.

“v7 gives organizations the ability to safeguard their most sensitive information wherever it resides, using quantum-safe data protection and strict communication controls that prevent attackers from moving through the environment or exploiting stolen data. 

“Importantly, this can be achieved with zero application rewrites or refactoring, enabling organizations to apply quantum-safe protection to legacy applications that cannot easily be upgraded. It gives business leaders confidence that even in the event of a breach, their data remains secure and their operational and regulatory risk is significantly reduced.”

Protecting data without changing infrastructure

What will interest organisations is that this is about the data and not the environment. While protecting the data has always been a goal for security teams, the conversation is often about access. Systems, credentials, endpoints and networks are the primary security focus.

The idea of moving to just protecting the data will challenge security cultures inside organisations. However, given the success of attackers in penetrating traditional security solutions, Certes believes it is time for a change of focus.

According to Certes, organisations can deploy v7 without making any changes to their infrastructure. This is because Certes v7 applies quantum-safe cryptography and rapid key rotation at the data flow level. It ships with centralised, per-flow policies, which are automatically enforced across all environments. That, according to Certes, delivers “quantum–safe protection at scale without adding operational complexity.”

Customers own the post-quantum keys used to protect the data, not cloud providers, infrastructure providers and third parties. It allows the customers to decide who can decrypt sensitive data, and where.

That control enables new security approaches. Data is secured through the data flow and allows the use of rapid key rotation. Keys don’t get stale, which hardens the security of the data. Additionally, it doesn’t matter where the data travels because it is not accessible by any system through which it transits.

Protecting against future technology advances

This adds a further benefit. Data can be diverted while in transit. When at rest on a system, it is vulnerable to theft. Over the last decade, there have been massive data harvesting programmes taking place. The stolen data is stored until the technology catches up, allowing it to be decrypted. Certes says that it now protects against such “harvest-now, decrypt-later” programmes.

For organisations handling sensitive data with long shelf lives, including financial records, health data, intellectual property, and government communications, this is not a future problem. It is a present one. While the focus is on Q-day or Quantum-day, AI also brings challenges.

Data is being moved in and out of AI as organisations seek to take advantage of the technology. However, many organisations are struggling to protect sensitive data from its use by AI. Certes believes that its DPRM platform can protect that data as effectively as it protects against the risk of Q-day.

Enterprise Times: What does this mean

The threats to data continue to grow and outstrip the ability of defenders to protect it. One of the problems for defenders is that they are spread thin, trying to protect so many different touchpoints. By removing the traditional focus from hardware and the network to just the data, Certes believes security teams can improve their security posture.

Certes v7 is not the only solution in this space. IBM, Thales, Zscaler, Palo Alto Networks and others have either released PQC solutions or are incorporating them into existing solutions. Two things separate it from other vendors. The first is its focus on per-flow data protection. The second is the claim that it can be deployed without any application changes.

As with any security solution, the latter is arguably the most important to customers. Remove the friction of deployment, and you increase the likelihood of adoption. It will be interesting to see how quickly customers adopt this.

The post Certes Extends PQC Protection to Everywhere appeared first on Enterprise Times.