Commvault acts to protect against new quantum threats

Cyber resilience and data protection company Commvault has introduced new post-quantum cryptography capabilities aimed at helping its customers protect their sensitive data.

The new capabilities include support for the Hamming Quasi-Cyclic code-based encryption scheme, a new error-correcting algorithm designed to defend against evolving quantum-based threats. These threats include ‘harvest now, decrypt later’, an attack pattern involving threat actors intercepting and storing network traffic to decrypt at a time when quantum computers are powerful enough to decrypt it.

The new features build on Commvault’s introduction of four quantum-resistant encryption standards including CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ and FALCON in August 2024. All the new standards have been recommended by the US National Institute of Standards and Technology (NIST).

At the same time, Commvault introduced a cryptographic agility framework enabling Commvault Cloud customers to address evolving threats without overhauling their systems. The new capabilities build on its framework.

Advances in quantum computing are bringing unprecedented security challenges such as the threat that conventional encryption methods will no longer be sufficient to safeguard data against sophisticated threats. The recent Information Systems Audit and Control Association’s (ISACA) Quantum Computing Pulse Poll found that 63% of technology and cybersecurity professionals say quantum computing will increase or shift cybersecurity risks and 50% believe it will present regulatory and compliance challenges.

Commvault CSO Bill O’Connell said the quantum threat is not just theoretical.

“We were among the first cyber resilience vendors to address post-quantum computing, and by integrating new algorithms like HQC and advancing our crypto-agility framework, we are providing our customers with the tools to navigate this complex landscape with confidence,” he said. “Our goal is simple and clear: as quantum computing threats emerge, we intend to help our customers keep their data protected.”

According to IDC, quantum readiness is now a business imperative. The consultancy’s VP of research said this is particularly true for industries that handle data which remains sensitive for decades.

“The time when currently encrypted data can be decrypted using quantum technology is closer than many people think,” he said. “Commvault’s early adoption of quantum-resistant cryptography and commitment to crypto-agility positions it at the forefront among data protection software vendors in proactively addressing quantum threats. Organisations with sensitive, long-term data need to prepare now for a quantum world.”

Image credit: iStock.com/blackdovfx