Commvault announced significant enhancements to its post-quantum cryptography (PQC) capabilities, aimed at helping organisations protect sensitive data from emerging quantum computing threats.
As quantum technology advances, it presents new challenges for data security, particularly the risk of 'harvest now, decrypt later' attacks, where encrypted data is intercepted and stored for future decryption when quantum computers become powerful enough.
Quantum computing leverages the principles of quantum mechanics to process information in ways that classical computers cannot, posing risks to traditional encryption methods.
A poll by the Information Systems Audit and Control Association (ISACA), 63% of technology and cybersecurity professionals believe that quantum computing will increase cybersecurity risks, while 50% foresee regulatory challenges associated with it.
Since August 2024, Commvault has been supporting quantum-resistant encryption standards recommended by the National Institute of Standards and Technology (NIST), including CRYSTALS-Kyber and SPHINCS+.
The company introduced a cryptographic agility framework to help customers swiftly adapt to evolving threats without extensive system overhauls.
The latest update includes support for the Hamming Quasi-Cyclic (HQC) algorithm, designed to protect against future threats by ensuring that intercepted encrypted traffic remains secure even in a post-quantum world.
Bill O’Connell, Chief Security Officer at Commvault, stated, “The quantum threat isn’t theoretical. By integrating new algorithms like HQC, we are providing our customers with the tools to navigate this complex landscape with confidence.” This proactive approach is vital for industries such as finance and healthcare, where long-term data storage is critical.
Commvault's expanded PQC capabilities allow organisations to reinforce their security against quantum-based attacks. The company’s Risk Analysis tools enable customers to identify and classify sensitive data, highlighting where cryptographic protections are most beneficial. Implementing these capabilities is straightforward, often requiring just a checkbox configuration.
As investments in quantum technology accelerate, the urgency to adopt post-quantum cryptography grows. Phil Goodwin, Research VP at IDC, emphasised the importance of preparedness: “Quantum readiness has become a business imperative, particularly for industries handling sensitive data for decades.”
Commvault’s leadership in adopting PQC standards reflects its commitment to helping organisations secure their data against future threats. With the rapid integration of NIST's quantum-resistant standards, Commvault aims to provide confidence that critical information remains protected now and in the years to come.