Log in
Log in
Or log in with
GoogleGoogle
Twitter Twitter
Facebook Facebook
Apple Apple     
Sign up
Or log in with
GoogleGoogle
Twitter Twitter
Facebook Facebook
Apple Apple     
  1. Homepage
  2. Equities
  3. France
  4. Euronext Paris
  5. Capgemini SE
  6. News
  7. Summary
    CAP   FR0000125338

CAPGEMINI SE

(CAP)
  Report
Real-time Euronext Paris  -  11:36 2022-12-07 am EST
169.60 EUR   -0.21%
12/06TRADING UPDATES: 7digital loan pact; Okyo Pharma files with SEC
AN
12/02Closing The Skilled-labor Gap Together : Volkswagen and CARIAD support the 42 Berlin coding school
AQ
11/28Capgemini : Romania's leading retailer, Carrefour, collaborates with Capgemini to become a “Digital Retail Company”
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisionsFunds 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Capgemini : How should organizations respond to NIST's announcement of the first batch of quantum-resistant cryptographic algorithms?

09/21/2022 | 05:10am EST
How should organizations respond to NIST's announcement of the first batch of quantum-resistant cryptographic algorithms?
Jérôme Desbonnet 21 Sep 2022
Crypto agility could hold the key to being equipped to adapt, mitigate, and handle any security challenges arising due to vulnerabilities of the cryptosystems in post-quantum.
The premise of quantum threat

Quantum computers promise the potential to solve complex problems considered intractable for classical computers. The power of quantum computers comes from the usage of quantum principles to solve computation problems. The anticipated applications are in the domains of optimization, simulation, machine learning, solving differential equations, and more. These computers are expected to have the potential to solve some major challenges in industry and society and to aid in the discovery of new drugs, development of new materials for batteries and solar systems, optimization of supply chains and production lines, and more.

However, this great power comes with a great threat, which is the potential ability of quantum computers to crack some of the major public key cryptographic systems in use today. Actors with malicious intent could potentially break the security of enterprise applications, disturb or even damage public services and utility infrastructure, disrupt financial transactions, and compromise personal data.

Increased global attention to post-quantum security and key announcements

Considering the seriousness of the threat, industries, governments, and standard bodies have started working towards defining systems that will be secure and resistant to the threats posed by the arrival of large, powerful quantum computers. These are the post-quantum cryptographic systems.

But today's quantum computers are still rudimentary in their capabilities. It's estimated by industry experts surveyed by the World Economic Forum that it will take ten years or more for the development of quantum computers powerful enough to break the current security algorithms. The first question that comes to our mind is - why the urgency and so much noise around the topic?

One of the key reasons is that actors with malicious intent could capture and store the encrypted data flowing over the Internet and could decrypt this stored data when large-scale quantum computers become available. This "store now and decrypt later" strategy has become a serious and imminent threat, especially to systems carrying data that has a valid life beyond the anticipated ten years. These systems need to be upgraded now with quantum-safe cryptographic components.

Considering the vast nature of this challenge, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has initiated the process of post-quantum cryptography (PQC) standardization to select public-key cryptographic algorithms to protect information even after the large-scale availability of quantum computers. According to the Capgemini Research Institute's report published in April 2022, a large number of organizations (58%) are waiting for standards to emerge before prioritizing quantum security as part of their investments.

But three important global developments in the recent past have increased the focus on quantum technologies and the need for mitigating the associated risks to vulnerable cryptographic systems. They are:

  1. Issue of National Security Memorandum, which highlighted the need to maintain a competitive advantage in quantum technologies and also mitigate the risks to a nation's cyber, economic, and national security;
  2. Commitment to intensify and elevate cooperation among G7 members and partner countries to deploy quantum-resistant cryptography to secure interoperability between ICT systems;
  3. NIST's announcement of the selection of the first four quantum-resistant cryptography algorithms.

The four selected algorithms are expected to become part of the highly anticipated NIST standards for post-quantum cryptography in a couple of years, likely in 2024. As the announcement makes clear, these algorithms are designed for two main encryption tasks - the first is general encryption to protect information exchanged over public networks, and the second is digital signatures to authenticate/verify identities. Our blog, "NIST announces four post-quantum crypto finalists. What happened?" provides more information.

So, what should an organization do now?

Should they immediately start implementing the algorithms and replace the vulnerable components in their IT and OT systems, continue to wait until the official publication of international standards in the next two years, or wait until the threat becomes a reality when these powerful quantum computers are operational?

Well, in our view, the answer lies somewhere in between these options. While continuing to wait may not be the best choice an organization could make, especially considering the store-now-and-decrypt-later risks, going ahead with a full-blown project implementing the migration of all the systems to quantum-safe is neither cost effective nor wise. So, what is the recommended call to action?

Crypto agility could hold the key

The answer, in our view, is crypto agility for post-quantum and beyond. It is the proactive design of information security protocols and standards in such a way that they can support multiple cryptographic primitives and algorithms at the same time, with the primary goal of enabling rapid adaptations of new cryptographic primitives and algorithms without making disruptive changes to the system's infrastructure.

If organizations are to achieve a position in which they are equipped to rapidly adapt, mitigate, and handle any security challenges arising due to vulnerabilities of the cryptosystems in post-quantum and beyond in the most optimized manner, they will need to put in place certain processes and systems.

We would recommend the following:

  • The first step is for the leadership to initiate a program with clearly defined objectives of achieving post-quantum crypto agility and to establish the collaboration teams within the organization and with the external ecosystem for required solutions, skills, and capabilities. It is also important to start educating key personnel of the organization on PQC and its implications.
  • Initiate a process to gather information across the organization with details of all the systems and applications that are using public-key cryptography and details of the most sensitive and critical datasets (both data-at-rest and data-in-motion) to be protected for long time periods. The factors affecting the whole process are multi-dimensional (which needs separate discussion).
  • Start experimenting with the new algorithms announced by NIST to get an understanding of the impact and challenges involved in the quantum-safe migration path. Start building an initial framework for the target state architecture of the overall system.
  • Prepare a roadmap for post-quantum safe migration based on the multi-dimensional analysis and prioritization of datasets requiring protection and systems and applications using vulnerable cryptographic systems.
  • Perform further analysis on the interdependencies of systems to decide the sequence of migration and initiate the process of identifying and evaluating sources for components, solutions, and services to implement the migration plan, not forgetting to develop a plan for testing and validation of the successful implementation of the migration.

Organizations following these steps will be better positioned to handle the PQC challenge more effectively. Not adopting such an approach could lead to issues such as:

  • Execution of migration projects in silos leading to integration challenges
  • Breaking the functionality of systems due to partial migration of components
  • Higher costs than optimally required and
  • Increased complexity and unpredictable refactoring every time we discover something new to be addressed.

These issues can lead to reduced confidence in the migration, and so the whole process can be quite challenging, expensive, time consuming, and risky, depending on the complexity and size of the systems in the organization. So, we recommend to our clients to start the process sooner rather than later, at least to understand where they stand in their journey and to estimate the potential size of the migration journey in terms of both time and costs. In summary, we believe organizations should not wait and start now, taking steps to achieve critical crypto agility across their business.

Authors: Jérôme Desbonnet and Gireesh Kumar Neelakantaiah

Jérôme Desbonnet
Expert in Cybersecurity architectures
I create security architecture designs. I plan and execute major security programs to ensure that our clients are well protected.
Gireesh Kumar Neelakantaiah
Global Strategy, Capgemini's Quantum Lab
Leading go-to-market initiatives for the Quantum Lab, including solution development, strategic planning, business and commercial model innovation, and ecosystem partner and IP licensing management; Skilled in Quantum computing (IBM Qiskit), Data science, AI/ML/Deep learning, Digital manufacturing & Industrial IoT, Cloud computing.

Disclaimer

Capgemini SE published this content on 21 September 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 21 September 2022 09:09:06 UTC.


ę Publicnow 2022
All news about CAPGEMINI SE
12/06TRADING UPDATES: 7digital loan pact; Okyo Pharma files with SEC
AN
12/02Closing The Skilled-labor Gap Togeth : Volkswagen and CARIAD support the 42 Berlin coding ..
AQ
11/28Capgemini : Romania's leading retailer, Carrefour, collaborates with Capgemini to become a..
PU
11/25Success of Capgemini's 9th Employee Share Ownership Plan
GL
11/25Success of Capgemini's 9th Employee Share Ownership Plan
AQ
11/25Capgemini : WEMO plots a course for affordable energy and climate action
PU
11/24Capgemini SE Appoints Hossam Seifeldin as CEO of Capgemini in Egypt
CI
11/24Capgemini acquires 23red to boost its sustainability and purpose-driven creative brand ..
AQ
11/24Capgemini strengthens its innovation and design capabilities in Denmark with the launch..
AQ
11/24Hossam Seifeldin is appointed CEO of Capgemini in Egypt
AQ
More news
Analyst Recommendations on CAPGEMINI SE
More recommendations
Financials
Sales 2022 21 905 M 22 983 M 22 983 M
Net income 2022 1 531 M 1 607 M 1 607 M
Net Debt 2022 2 875 M 3 016 M 3 016 M
P/E ratio 2022 19,2x
Yield 2022 1,62%
Capitalization 29 171 M 30 607 M 30 607 M
EV / Sales 2022 1,46x
EV / Sales 2023 1,32x
Nbr of Employees 352 148
Free-Float 90,0%
Chart CAPGEMINI SE
Duration : Period :
Capgemini SE Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends CAPGEMINI SE
Short TermMid-TermLong Term
TrendsNeutralNeutralBearish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 18
Last Close Price 169,60 €
Average target price 214,85 €
Spread / Average Target 26,7%
EPS Revisions
Managers and Directors
Aiman Ezzat Deputy Director-Strategy
Carole Gabriella Ferrand Chief Financial Officer
Paul Benjamin Hermelin Chairman
William RozÚ Director-Engineering, Research & Development
Olivier Sevillia Group Chief Operating Officer
Sector and Competitors
1st jan.Capi. (M$)
CAPGEMINI SE-21.30%30 751
ACCENTURE PLC-30.84%179 831
TATA CONSULTANCY SERVICES LTD.-9.44%150 244
INTERNATIONAL BUSINESS MACHINES CORPORATION10.18%133 359
AUTOMATIC DATA PROCESSING, INC.5.13%107 245
INFOSYS LIMITED-14.56%82 069