Commvault has announced enhancements to its post-quantum cryptography (PQC) capabilities. These advancements are designed to help customers protect their highly sensitive, long-term data from a new generation of imminent but unknown cyber threats, creating an additional layer of support, when needed.
Quantum computing uses quantum mechanics to process data and solve complex problems that could take decades with classical computers. However, these advancements bring unprecedented security challenges, along with the potential for threat actors to use quantum computing to decipher and unlock traditional encryption methods. According to the Information Systems Audit and Control Association’s (ISACA) Quantum Computing Pulse Poll, 63% of technology and cybersecurity professionals say quantum will increase or shift cybersecurity risks and 50% believe it will present regulatory and compliance challenges. Now is the time to prepare and take action.
Commvault has provided support for quantum-resistant encryption standards, like CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON, as recommended by the National Institute of Standards and Technology (NIST) since August 2024. It was then that Commvault introduced a cryptographic agility (crypto-agility) framework, enabling its customers, via the Commvault Cloud platform, to address rapidly evolving threats without overhauling their systems. With today’s announcement, Commvault has built on that framework by adding support for Hamming Quasi-Cyclic (HQC), a new error correcting code-based algorithm designed to defend against threats like ‘harvest now, decrypt later’ where adversaries are intercepting encrypted network traffic and storing it for a later time when quantum computers are powerful enough to decrypt it.
“The quantum threat isn’t theoretical,” said Bill O’Connell, Chief Security Officer at Commvault. “We were among the first cyber resilience vendors to address post-quantum computing, and by integrating new algorithms like HQC and advancing our crypto-agility framework, we are providing our customers with the tools to navigate this complex landscape with confidence. Our goal is simple and clear: as quantum computing threats emerge, we intend to help our customers keep their data protected.”
For industries where long-term data storage is required, like finance and healthcare, Commvault’s expanded post-quantum cryptography capabilities provide access to a variety of safeguards that can help fortify network tunnels against quantum-based attacks. With Commvault’s Risk Analysis capabilities, customers can discover and classify data to determine where these cryptographic capabilities may be helpful. In addition, Commvault’s capabilities are simple to implement, often using a checkbox configuration, making it easy for customers to utilize when needed.
The evolving quantum landscape – the need for speed
As investments pour into the quantum field, the time to address emerging threats is shrinking. This makes proactive adoption of post-quantum cryptography critical.
“Quantum readiness has become a business imperative, particularly for industries which handle data that remains sensitive for decades. The time when currently encrypted data can be decrypted using quantum technology is closer than many people think,” said Phil Goodwin, Research VP, IDC. “Commvault’s early adoption of quantum-resistant cryptography and commitment to crypto-agility positions it at the forefront among data protection software vendors in proactively addressing quantum threats. Organizations with sensitive, long-term data need to prepare now for a quantum world.”
“Commvault has been an invaluable partner in our journey to enhance cyber resilience. Their leadership in adopting post-quantum cryptography, combined with their crypto-agility framework, is exactly what we need to meet stringent government security mandates and protect highly sensitive information from emerging quantum threats,” said Jeff Day, Deputy Chief Information Security Officer, Nevada Department of Transportation.
“Safeguarding sensitive data is paramount, and the long-term threat of quantum decryption is a significant concern. Commvault’s rapid integration of NIST’s quantum-resistant standards, particularly HQC, gives us great confidence that our critical information is protected now and well into the future,” said Peter Hands, Chief Information Security Officer, British Medical Association. “Their commitment to crypto-agility is important for healthcare organizations like ours.”
Availability
Commvault’s post-quantum cryptography capabilities, including support for NIST’s HQC algorithm, are immediately available to all Commvault Cloud customers running software version CPR 2024 (11.36) and later, enabling seamless adoption of quantum-resistant protection.
