Cloudflare One is the first SASE offering modern post-quantum encryption across the full platform

Summary

Cloudflare One has introduced the first SASE platform that incorporates modern post-quantum encryption, specifically through the integration of hybrid ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) across its Secure Web Gateway and Zero Trust solutions. This upgrade is crucial as organizations face the impending deadline set by NIST for transitioning away from classical cryptographic methods like RSA and ECC by 2030. The article outlines the challenges and strategies for migrating to post-quantum cryptography, emphasizing the importance of key agreement and digital signatures in securing network traffic against quantum threats. Furthermore, it discusses the enhancements made to Cloudflare IPsec to support these new encryption standards, ensuring high availability and compliance while addressing potential vulnerabilities such as 'harvest-now, decrypt-later' attacks.

Key Learnings

• 1Understanding the urgency of transitioning to post-quantum cryptography due to impending regulatory deadlines.
• 2Recognizing the significance of hybrid ML-KEM as a key agreement protocol that provides both quantum resistance and compatibility with existing systems.
• 3Identifying the challenges associated with upgrading digital signatures and the implications of larger signature sizes on adoption.
• 4Exploring the differences in the evolution of TLS and IPsec standards in relation to post-quantum cryptography.
• 5Gaining insights into the interoperability challenges and strategies for integrating new cryptographic protocols across diverse vendor systems.

Who Should Read This

Senior Security Engineers implementing post-quantum cryptography solutions in enterprise networks

Test Your Knowledge

Topics