Cryptographic Agility: Preparing Modern Apps for Quantum Safety and Beyond

Authors:   Natalie Fisher


The presentation discusses the importance of cryptography in cybersecurity and the need for a crypto agile framework to manage it efficiently. It also highlights the challenges in implementing new cryptography and the need for involvement from all stakeholders.
  • Cryptography is essential in securing online transactions and IoT devices
  • The implementation of cryptography needs to be managed efficiently through a crypto agile framework
  • All stakeholders, including developers, IT infrastructure teams, and infosec teams, need to be involved in the process
  • The future landscape of cryptography will be independent of the app lifecycle, making it easier to manage and transition to new algorithms and standards
  • Implementation flaws and the threat of quantum computing make it crucial to be cryptographically agile
The presentation mentions the Specter and Meltdown attacks, which are classified as side channel attacks. The logos for these attacks are described as cute, but the point is that these attacks and others like them can be prevented through proper cryptography management.


In 2012, the vulnerability, HeartBleed, was discovered then patched in 2014. But because organizations were slow to respond hackers managed to steal 4.5 million healthcare records. In 2019 over 200,000 systems were still unpatched. Why is it difficult to change or update these protocols? IT organizations are not aware of the encryption they are using, which applications are using it, or how it is used and customers have no unified way to transition between cryptography standards, libraries, and manage cryptographic configuration and compliance. Recent advances in quantum computing and global government initiatives have prompted a new sense of urgency in migrating public key cryptography to quantum-safe standards. Modern and legacy apps will benefit from crypto agility schemes leveraging proxies, policy-driven configuration, and orchestrated management. The session will help to prepare enterprises of every size for the cryptographic migration to come -- no matter where your apps are deployed.