Commvault Beefs Up Its Post-Quantum Cryptography To Battle Next-Gen Threats

Companies requiring long-term storage of sensitive data, including health-care and financial organizations, may be particularly targeted by quantum-related attacks.

Commvault, a provider of cyber resilience and data protection offerings, this week unveiled enhancements to its security platform to aid organizations in protecting against emerging cyberthreats brought on by quantum computing.

Quantum computing uses quantum mechanics, creating super turbocharged computers. The technology can solve complex problems in a fraction of the time it would take traditional computers.

[RELATED: Algorithmiq, Nvidia Joint Venture Addresses Major Quantum Computing Challenge]

Yet that groundbreaking computational ability poses a troubling security threat. Hackers could use quantum computers to break traditional encryption methods that have been long considered the highest standard of security.

Commvault’s move surrounds advancements to its post-quantum cryptography (PQC) platform. The advancements were built to “help customers protect their highly sensitive, long-term data from a new generation” of cyberthreats, the company said in a statement.

Companies requiring long-term storage of sensitive data, including health-care and financial organizations, may be particularly targeted by quantum-related attacks.

Some of the quantum-resistant standards that Commvault’s offerings support include NIST-recommended CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ and FALCON.

The advancements also now include support for Hamming Quasi-Cyclic (HQC), an error-correcting code algorithm designed to defend against threats where hackers may use quantum computers to intercept encrypted network traffic.

PQC cybersecurity isn’t just a technology for the world’s largest financial or health-care systems; it is something for the midmarket to consider, said Michael Fasulo, senior director of portfolio marketing at Commvault, in a statement to MES Computing.

“Any organization with long-lived sensitive data is a candidate for post-quantum cryptography,” Fasulo said.

“For example, if midmarket organizations have data that needs to be secure 10 to 20 years from now and is being transmitted today, they should be looking at post-quantum cryptography. Organizations with large volumes of historical data are especially at risk due to ‘harvest now, decrypt later’ (HNDL) attack strategies, where adversaries intercept and steal encrypted data, even if they cannot decrypt it with current technology. The data is then stored until a sufficiently powerful quantum computer becomes available that can break the current encryption. Data with long-term sensitivity—such as government records, health-care information, financial data, intellectual property and trade secrets—is a prime target. If this data is exfiltrated now, it could be exposed years later when quantum computers mature,” he added.

The new PQC enhancements are now available to Commvault Cloud customers running software version CPR 2024 (11.36) and later, the company said in its news release.