How do you implement cryptography for top secret information exchange foreseeing a post quantum scenario soon and what types of algorithms do you use? What about network security, are VPN keys are more secure?

Security & GRCData Privacy & Protection
4.6k viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
ceo in Softwarea year ago

VPNs have many known vulnerabilities, and TunnelVision pretty much rendered most (if not all) VPNs vulnerable.  I'd use a Zero Trust architecture like a Software Defined Perimeter (SDP), especially one that is encrypted end-to-end at Layer 2. At NVIS AI, we do this, and we've also partnered recently with a company on the bleeding edge of cryptology, using a dynamic manifold projection system, ensuring that each cryptographic nonce public key is unique and non-reusable in replay attacks.  Connect with me if you wish to learn more.

Director of Network Transformation2 years ago

Agree with a few of the comments made below.  Move to a Zero Trust framework.  VPNs, because they place the user/device directly on the network, are security challenges.  Better to broker access with modern ZTNA solutions.  You gain multiple factors to determine access policies and most critically, visibility.  

Chief Information Security Officer in Healthcare and Biotech2 years ago

Zero trust architecture can be a good option  

Mission Diplomatic Technology Officer in Government2 years ago

A burning platform, money, and a strong partnership of industry, academia, and government. And to the second questions Zero Trust appears to be the rising model to replace the traditional huge pipe VPN. 

Lightbulb on2
CISO in Software2 years ago

I think we need to be patient and wait for approved NIST algorithms and not rush ahead.

Lightbulb on1

Content you might like

How often does your organization conduct vulnerability and risk assessments?

Quarterly30%

Twice per year45%

Annually15%

Vulnerability and risk assessments are ongoing activities.8%

View Results

Have you hired any staff specifically for cloud security?

Yes - one20%

Yes - multiple63%

No, but we might in the future12%

No3%

Not sure

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.

Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.

My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.

With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

Read More Comments