Rearc.io logoContact us
Case Study

Scanning and Building an Inventory of Deployed Ciphers to ensure Post-Quantum Readiness

Challenge

Create CI/CD stages to ensure that all ciphers currently in use by deployed applications, comply with organizational goals for ensuring post-quantum readiness.

Solution

The project began with a detailed evaluation of current stages within the code pipelines as well as gaining an understanding of both security/compliance requirements and existing cipher implementation techniques by various development teams. Once a thorough understanding was in place, an analysis of appropriate tools and techniques for creating a cipher inventory was performed.

Analysis findings and approach:

  • Dynamic scanning would be required. Very often ciphers are not configured within code but instead are defined by the underlying third-party services and libraries being used. Therefore scanning would need to be performed against deployed applications to identify the ciphers being used various combinations of operating systems, languages and libraries rather than statically.
  • Scanning could be run in parallel with existing dynamic security scans within the code pipelines in order to maintain development velocity.
  • A Cryptographic Bill of Materials (CBOM) format would need to be standardized to allow for automated analysis of every application.
  • Storage of CBOM data would need to be created along with alerting measures and report generation tools allowing for easy digestion for security and compliance teams along with quick remediation (if necessary) by development teams.

Outcome

  • The project successfully and unobtrusively future proofed the organizations goals regarding post-quantum readiness across all deployment environments.
  • Security teams were able to quickly gain an understanding of existing ciphers being deployed and help to ensure that applications were complying with organization objectives.
  • Development teams gained immediate awareness if any non-compliant ciphers were in use by their applications without any additional friction.
  • Compliance teams were able to easily maintain a list of approved ciphers knowing that any changes would be immediately identified going forward.

Latest Articles

Read more about the latest and greatest work Rearc has been up to.

Container Signing with AWS Signer

This project for a Fortune 500 company strengthened the security of deployed applications by implementing notarization for container artifacts, that can be used to established a chain of trust.

Financial Services
Security
AWS

Post-Quantum Cipher Scanning

This project for a Fortune 500 company strengthened the security of deployed applications by implementing automated cryptographic cipher scanning, analysis, and reporting, ensuring security compliance while maintaining development velocity.

Financial Services
Security
AWS

AWS Tenancy Migration And Azure Integration

Rearc performed an application portfolio assessment and designed a migration strategy for Avesis as they moved to a new AWS Organization. Post planning, Rearc leveraged infrastructure as code to deliver a new cloud landing zone in AWS and created an account factory for future growth. Rearc integrated Avesis's new AWS environment with their new Azure environment.

Cloud
AWS
Azure

Securing CI/CD Pipelines for Databricks Platform

This project for a Fortune 500 company strengthened the security of Databricks-integrated data lake pipelines by implementing automated vulnerability detection, secure credential management, and third-party dependency scanning, resulting in a compliant and resilient infrastructure.

Financial Services
Data
AWS
Next steps

Ready to talk about your next project?

1

Tell us more about your custom needs.

2

We’ll get back to you, really fast

3

Kick-off meeting

Let's Talk