How do you implement cryptography for top secret information exchange foreseeing a post quantum scenario soon and what types of algorithms do you use? What about network security, are VPN keys are more secure?

Security & GRCNetwork
4.6k viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
ceo in Softwarea year ago

VPNs have many known vulnerabilities, and TunnelVision pretty much rendered most (if not all) VPNs vulnerable.  I'd use a Zero Trust architecture like a Software Defined Perimeter (SDP), especially one that is encrypted end-to-end at Layer 2. At NVIS AI, we do this, and we've also partnered recently with a company on the bleeding edge of cryptology, using a dynamic manifold projection system, ensuring that each cryptographic nonce public key is unique and non-reusable in replay attacks.  Connect with me if you wish to learn more.

Director of Network Transformation2 years ago

Agree with a few of the comments made below.  Move to a Zero Trust framework.  VPNs, because they place the user/device directly on the network, are security challenges.  Better to broker access with modern ZTNA solutions.  You gain multiple factors to determine access policies and most critically, visibility.  

Chief Information Security Officer in Healthcare and Biotech2 years ago

Zero trust architecture can be a good option  

Mission Diplomatic Technology Officer in Government2 years ago

A burning platform, money, and a strong partnership of industry, academia, and government. And to the second questions Zero Trust appears to be the rising model to replace the traditional huge pipe VPN. 

Lightbulb on2
CISO in Software2 years ago

I think we need to be patient and wait for approved NIST algorithms and not rush ahead.

Lightbulb on1

Content you might like

Does your org encourage employees to opt out of data sharing with their personal mobile provider?

Yes47%

Only for employees using personal devices for work37%

No12%

Don't know / show results2%

View Results

Do you know what "Service Identities" are?

Yes, I am very familiar with the term and I know what service identities are.49%

Not really, I am familiar with the term but I am confused about what it means.37%

Not at all, I never heard of it before.13%

View Results

We’re currently exploring options to implement an iPXE-based WinPE deployment solution in Microsoft Azure. Our goal is to streamline OS provisioning for virtual machines using cloud-hosted boot scripts and WinPE images, ideally over HTTP/S for performance and flexibility. Key requirements: Must support iPXE booting in Azure (via ISO, custom VM image, or chainloading). Ability to host and serve WinPE images securely (e.g., via Azure Blob Storage or web server). Cyber Essentials Plus compliance is essential, as we operate in a regulated environment. Preferably a UK-based provider with experience in secure cloud deployments and endpoint provisioning. We’ve looked into solutions like 2Pint Software’s iPXE Anywhere, but we’re open to other vendors or managed service providers who can assist with setup, integration, and ongoing support. Has anyone implemented a similar solution or worked with a provider who meets this criteria? Any recommendations or lessons learned would be greatly appreciated.

AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?