Building on its crypto-agility framework, Commvault has added support for Hamming Quasi-Cyclic (HQC), a post-quantum algorithm designed to counter “harvest now, decrypt later” threats by protecting encrypted data from future quantum decryption capabilities
In response to the accelerating threat landscape posed by quantum computing, Commvault, a leading cyber resilience and data protection provider for hybrid cloud environments, has announced key enhancements to its post-quantum cryptography (PQC) capabilities. These updates are aimed at helping organizations safeguard sensitive, long-term data against future quantum-enabled cyberattacks.
Quantum computing, which harnesses the principles of quantum mechanics to perform calculations far beyond the reach of classical computers, is rapidly evolving. While it promises breakthroughs across multiple industries, it also presents serious cybersecurity challenges. Experts warn that quantum technology could one day crack current encryption standards, enabling threat actors to decrypt secure communications and stored data. According to a recent ISACA Quantum Computing Pulse Poll, 63% of technology and cybersecurity professionals believe quantum computing will heighten or shift cyber risks, and 50% foresee significant regulatory and compliance implications.
Since August 2024, Commvault has supported quantum-resistant encryption standards such as CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON, as recommended by the U.S. National Institute of Standards and Technology (NIST). These efforts were part of the company’s crypto-agility framework, introduced through the Commvault Cloud platform, allowing customers to adapt to evolving threats without the need for major system overhauls.
Building on this foundation, Commvault has now added support for Hamming Quasi-Cyclic (HQC), an advanced error-correcting code-based algorithm designed to counteract long-term threats such as “harvest now, decrypt later.” This increasingly common tactic involves intercepting and storing encrypted data today in anticipation of decrypting it with future quantum computing capabilities.
“The quantum threat isn’t theoretical,” said Bill O’Connell, Chief Security Officer at Commvault. “We were among the first cyber resilience vendors to address post-quantum computing, and by integrating new algorithms like HQC and advancing our crypto-agility framework, we are providing our customers with the tools to navigate this complex landscape with confidence. Our goal is simple and clear: as quantum computing threats emerge, we intend to help our customers keep their data protected.”
For industries where long-term data storage is required, like finance and healthcare, Commvault's expanded post-quantum cryptography capabilities provide access to a variety of safeguards that can help fortify network tunnels against quantum-based attacks. With Commvault’s Risk Analysis capabilities, customers can discover and classify data to determine where these cryptographic capabilities may be helpful. In addition, Commvault’s capabilities are simple to implement, often using a checkbox configuration, making it easy for customers to utilize when needed.
The evolving quantum landscape – the need for speed
As investments pour into the quantum field, the time to address emerging threats is shrinking. This makes proactive adoption of post-quantum cryptography critical.
“Quantum readiness has become a business imperative, particularly for industries which handle data that remains sensitive for decades. The time when currently encrypted data can be decrypted using quantum technology is closer than many people think,” said Phil Goodwin, Research VP, IDC. “Commvault’s early adoption of quantum-resistant cryptography and commitment to crypto-agility positions it at the forefront among data protection software vendors in proactively addressing quantum threats. Organizations with sensitive, long-term data need to prepare now for a quantum world.”
“Commvault has been an invaluable partner in our journey to enhance cyber resilience. Their leadership in adopting post-quantum cryptography, combined with their crypto-agility framework, is exactly what we need to meet stringent government security mandates and protect highly sensitive information from emerging quantum threats,” said Jeff Day, Deputy Chief Information Security Officer, Nevada Department of Transportation.
“Safeguarding sensitive data is paramount, and the long-term threat of quantum decryption is a significant concern. Commvault's rapid integration of NIST's quantum-resistant standards, particularly HQC, gives us great confidence that our critical information is protected now and well into the future,” said Peter Hands, Chief Information Security Officer, British Medical Association. “Their commitment to crypto-agility is important for healthcare organizations like ours.”
Availability
Commvault’s post-quantum cryptography capabilities, including support for NIST’s HQC algorithm, are immediately available to all Commvault Cloud customers running software version CPR 2024 (11.36) and later, enabling seamless adoption of quantum-resistant protection.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
