Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Sports
Smart Cities
Cryptographic asset visibility: key to risk mitigation in digital ecosystems
Without cryptographic visibility, it's impossible to accurately assess or mitigate the risks that threaten operational continuity. After exploring cryptographic inventory and asset discovery in previous articles, we now examine the critical role that full visibility plays in identifying vulnerabilities, reducing blind spots, and preparing for threats such as SNDL/HNDL, STFT, and TNFL.
Without cryptographic visibility, risks remain hidden and unmanageable.
Organisations are increasingly compelled to maintain visibility over all cryptographic assets due to a number of converging factors. Chief among them is the reliance on an outdated cryptographic infrastructure, designed more than thirty years ago, which now struggles to remain fit for purpose in today’s vastly evolved digital landscape.
This infrastructure, strained by the weight of the digital systems built upon it, has led to major vulnerabilities in the management of the cryptographic landscape.
In this context, maintaining a cryptographic asset inventory serves as a foundational layer to enable a risk-based view of the organisation, providing the visibility required to complete and support risk management frameworks.
Full visibility: key to managing and mitigating cryptographic risks
Such visibility makes it possible to prioritise mitigation efforts, targeting cryptographic vulnerabilities that pose significant business risks with direct implications for operations and financial performance.
As discussed in our previous article on cryptographic asset discovery, unmanaged or unknown assets create critical blind spots that expose organisations to considerable risk because:
- Blind spots create attack opportunities via unmanaged cryptographic objects or leaked sensitive keys and identity materials.
—Without full visibility, organisations run the risk of harbouring unmanaged and potentially vulnerable cryptographic objects. - Heterogeneous sources may conceal cryptographic assets such as keys, certificates, and algorithms embedded within applications, file systems, network interfaces, hardware devices, cloud services, and legacy systems, making them difficult to locate.
—Building a complete inventory across such heterogeneous environments poses integration challenges and requires multiple approaches to effectively discover and catalogue cryptographic objects. - Third-party dependencies, such as suppliers or partners, introduce additional blind spots, as many systems lie outside the control of a single organisation.
—This can result in limited visibility over cryptographic assets, while vendor dependencies in the digital ecosystem stem from the need for interoperability and cryptographic exchanges across organisations and system boundaries. - Limitations of automation tools systematically create blind spots. While automation supports scalability, these tools often have limited coverage or compatibility and may overlook artefacts they do not understand, resulting in gaps in overall cryptographic visibility.
—Therefore, it must be noted that only a portion of cryptographic assets can be discovered using today’s automation tools, while discovering the rest requires manual intervention. - Exploitation of legacy systems is facilitated by the fact that cryptographic infrastructure, originally designed over thirty years ago, is struggling to remain suitable for today’s digital environment.
—This mismatch has led to significant vulnerabilities in cryptographic landscape management, threatening trust in digital business operations.
Cryptographic blind spots are not technical failures: they are business risks.
Potential risks are further amplified by SNDL (Store Now, Decrypt Later) attacks, also known as HNDL (Harvest Now, Decrypt Later), in which malicious actors collect encrypted data today and store it with the intention of decrypting it once cryptographically relevant quantum computers (CRQC) become available.
Cryptographic threats evolve: from data harvesting to future fraud
In line with this threat vector, it is important to also highlight emerging variants like Sign Today, Forge Tomorrow (STFT) and Trust Now, Forge Later (TNFL). These tactics introduce new risks to cryptographic security by enabling attackers to leverage cryptographic algorithms that are currently considered secure to perform actions such as signing or establishing trust in the present.
However, once the underlying cryptography is broken in the future, attackers may forge signatures (STFT) or manipulate previously established trust relationships (TNFL). This means that transactions and data that appear secure today may become vulnerable to tampering and fraud in the future.
These types of threats highlight the need to migrate to quantum-resistant cryptographic schemes and to consider the longevity and lifecycle of protected data, particularly for organisations operating in critical infrastructure and national security environments.
Post-quantum threats demand that we think about data security not only in the present, but also in the future.
