Global demand for commercial virtual private networks (VPN) is surging following work-from-home mandates in the battle against the coronavirus pandemic. GlobalWebTKIndex finds that more than 400 million businesses and consumers globally are currently using encrypted connections including VPNs and other technology and that number is set to grow.
With increased VPN demand comes increased security risk. The US Cybersecurity and Infrastructure Security Agency issued guidance in early March, noting the increased potential risk during a pandemic-spurred lockdown, and urged companies to take measures to reinforce their corporate VPNs to fend off expected attacks on vulnerabilities. In July, the U.S. National Security Agency (NSA) published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks. NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers.
As we continue to navigate these unprecedented times and adopt to a “new normal,” another major security threat is taking root – the day in which a quantum computer will break the encryption that secures passwords, user accounts, data, financial transactions, and every other aspect of digital life. History shows that past cryptographic transitions can take years, even decades to complete, think RSA 1024 to RSA 2048 or SHA-1 to SHA-256. In 2016, the National Institute of Standards and Technology (NIST) warned that all organizations should start preparing NOW for the coming quantum cryptographic break. That was five years ago! Security professionals must heed that advice today to prepare their organizations for the quantum-security threat.
Quantum Safe Today, Quantum-Ready for Tomorrow’s Threats
The pandemic and the looming quantum threat have created a perfect storm for IT and InfoSec professionals responsible for near and long-term data protection and security strategies. Most organizations are looking for a gradual approach to quantum safety, one that can easily and affordably evolve over time.
Quantum Xchange’s patent-pending, quantum-safe key distribution system, Phio Trusted Xchange (TX) provides the agility and ease-of-use needed to establish a secure encryption foundation that can easily scale to meet the evolving threat landscape – allowing customers to be quantum-safe today and quantum-ready for future attacks.
Phio TX integrates with Fortinet’s flagship next-generation firewall, FortiGate, to transmit encryption keys via an out-of-band network connection. By supplementing the encryption provided by the FortiGate appliance with an additional key-encrypting-key (KEK) transmitted independent of the data path, Phio TX makes the data transmitted within a Fortinet Virtual Private Network (VPN) impervious to quantum attacks and immediately more secure. This is because an attacker now must steal two keys and understand when and how they were paired. Unlike other quantum-safe key distribution solutions, Phio TX can deliver keys over any media that can carry TCP/IP v4 or v6 traffic and provides a point-to-multipoint architecture. There is no fiber required, and there is no distance limitation on key delivery with Phio TX.
Seamless Integration with Fortinet Security Fabric Using ETSI Protocol
Phio TX’s adherence to the open ETSI QKD standard makes it ideally suited for the Fortinet Security Fabric, an open architecture, and interface that enables technology partners to develop integrated solutions for comprehensive cybersecurity. Phio TX is unique in that no other key distribution system supports all forms of quantum-safe technologies including current post-quantum cryptographic (PQC) candidate algorithms, Quantum Random Number Generated (QRNG) keys, and even Quantum Key Distribution (QKD) for maximum security. Customers can select the level of quantum-safe security needed based on their data inventory requirements and risk tolerance levels delivered through the ETSI-compliant FortiGate firewall. Phio TX also provides a high degree of crypto agility. Customers can change PQC algorithms without downing their networks, and even start out with PQC and add QKD at a later date with no changes to the Fortinet Security Fabric.
Benefits to the Business
The comprehensive support and crypto agility of Phio TX arms organizations with a more practical and affordable route to making their Fortinet VPNs quantum safe. Government entities and commercial enterprises like financial services institutions and 5G service providers, can bypass brute-force attacks, protect critical data, and easily future-proof their network environment for the day when a quantum computer could easily break today’s encryption standards. Another added benefit is that Phio TX enables users to easily leverage QKD where Layer 1 security is critical.
The global workforce is relying on secure VPNs to do their jobs and sustain economic viability. This new normal and the looming quantum threat is forcing organizations to rethink their security strategies and deploy security-forward solutions that improve their existing crypto environment, protect critical data in transit, and prepare them for the quantum age. Don’t wait, get started today on your journey toward quantum safety.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.