To guarantee that the data is protected in all the types of data security and for all the components of data security, several controls have being developed in the industry. Firstly, auditing all the policies, systems and processes that are related to the protection and audit of the data itself. Monitoring the reliability, status and quality of these processes and alerting on any incident or breach whilst assessing all related risks.
All these types and components of data security are key, there is however, one that is extremely relevant. Namely, when data is obtained by unwarranted actors, we need to be sure that they will not be able to access the content to read or modify it. This applies to the data that is stored “at rest” or that is transmitted usually making use of electronic means via public or private networks for “in transit” data. The subject matter here is cryptography.
The basis of all cryptosystem is the generation of quality random numbers for the creation of keys, nonces, digital signatures, etc. High quality unpredictable random numbers generation are the basic source of entropy for all this cryptographic material, it creates the keys and certificates. It is useful for encryption purposes so that they cannot be uncovered by a third party and therefore protect the data both when stored at rest or while it is in transit. On the contrary, bad quality predictable random number sequences are easy for a malicious actor to obtain the keys used to encrypt our data and therefore be able to decrypt it and obtain access to the data that must be protected. An example is by listening the to Internet public channels.
Moreover, random number generation has to produce the randomness at a sufficient high rate to be able to protect the amount of data produced. Also, to cope with the requirements of the cryptographic protocols that are being adapted to be resistant against the new threats that arise from the use of new computing paradigms that can be used by the attackers to try to obtain access to the data (personal sensitive information or government or company secrets, for example).
From the previous paragraphs it is clear that it is an important task not only to be able to create high-quality high-speed randomness but to monitor and be aware of the quality and rate of the entropy produced. In order to generate the cryptographic material and expose this information to the teams responsible for its security.
At Quside our mission is to deliver the highest performance quantum random number generators (QRNGs) to empower the transition to a more powerful data security vectors. This protects from the known and unknown threats including the added value of providing full visibility on the quality and status of this fundamental element to the audit and monitoring into the Network Operation Centers and Security Operating Centers.