Accenture and AWS accelerate customer’s post-quantum cryptography journey

By: Scott Francis, Principal Director – Accenture Security
By: Avni Rambhia, Principal Product Manager – AWS
By: Rajdeep Banerjee, Sr. Partner Solutions Architect – AWS

Accenture

Emerging large-scale quantum computing technologies pose significant challenges to current cybersecurity approaches. Specifically, these technologies can lead to unintended access to asymmetric cryptography used for authentication, data integrity, and confidential communications.

Organizations need to begin upgrading their data protection capabilities now, starting with long-lived data and long-lived devices. Regulators will enforce quantum-safe measures by 2030, with highly regulated industries facing compliance deadlines as early as 2027. Systemic upgrades can take years—organizations need to begin upgrading now.

Amazon Web Services (AWS) and Accenture are working together to help organizations transition to quantum-safe cryptography. This collaboration combines the quantum-safe services and developer tools of AWS with the enterprise transformation capabilities of Accenture to support workloads across AWS-native, hybrid, and on-premises environments.

The quantum threat and need for cryptographic agility

Quantum-safe cryptography is a multi-phase journey, not a one-and-done campaign. You must implement this transition in phases. Start with data-in-transit security, followed by quantum-safe certificates, session token updates, and key length increases as quantum computing advances. Your organization must build its quantum-safe cryptography transition on a foundation of cryptographic agility.

With cryptographic agility, you can efficiently upgrade cryptographic components in your everyday workloads and environments, similar to standard patch management processes. It is essential for maintaining enhanced long-term security in a post-quantum world. You can then adapt quickly to emerging threats and changing regulatory requirements.

AWS shared responsibility approach

The AWS approach to post-quantum cryptography (PQC) implementation focuses on practical, infrastructure-level security transformations. You can read AWS post-quantum cryptography migration plan, and learn about how you can apply principles like comprehensive cryptographic inventory, robust policy frameworks, and cryptographic agility to your own environments. We leverage the familiar shared responsibility model to guide you to become, and stay, quantum-safe on AWS. This division of responsibilities verifies that both AWS and you play active roles in maintaining quantum-safe environments.

The AWS shared responsibility model provides you with comprehensive quantum-safe cloud infrastructure. AWS manages the quantum security of cloud services, internal infrastructure, and external developer tools, while you maintain control of your specific environment and configurations. You can progressively take advantage of these PQC capabilities as opt-in and new default capabilities become available in AWS Software Development Kits (SDKs), clients, and service configurations. You are responsible for deploying these AWS updates. Where your workloads leverage components from other software or hardware vendors, lean on these vendors for similar updates.

For self-managed or custom code, you control and manage their cryptographic assets (such as keys or certificates), resources (like databases), or transport layer security (TLS) termination (such as self-managed mTLS or Nginx/HAProxy servers). AWS supports these scenarios by coordinating closely with AWS Partners, and with our open-source contribution of AWS-LC. AWS-LC is a performance-optimized, FIPS-validated, formally verified library that is built as a drop-in replacement for OpenSSL.

The implementation journey: A four-phase approach

1. Strategic assessment and cryptographic inventory: Accenture leads by establishing a Cryptographic Center of Excellence (CCOE), bringing together stakeholders from legal, security, IT, and product teams. The structured process of Accenture for mapping quantum threat impacts includes developing actionable roadmaps with clear timelines and budgets. This approach emphasizes defining quantum security objectives that align with business outcomes and establishing governance frameworks. Scope will generally include AWS-native workloads, hybrid workloads, multi-cloud workloads, and legacy on-premises workloads. For workloads already slated to be modernized to the cloud, this phase also evaluates opportunities to minimize your burden of PQC modernization by shifting responsibility to AWS.
2. Policy framework and operational infrastructure: The second phase involves establishing robust policies and processes, while implementing appropriate tooling for PQC transition. The Accenture Discovery Plus process provides comprehensive coverage through multiple layers of analysis. For AWS-based workloads, Accenture makes full use of the developer tools, service support, well-architected recommendations, and automated discovery and enforcement capabilities that AWS already provides and continues to improve. For systems without source code access, the Forensic Analytics of Accenture conducts in-depth manual analysis, working through architecture diagrams and network flows. Accenture identifies areas where data is (or should be) secured with cryptography. Where this protection is not yet quantum-safe, Accenture helps upgrade corresponding first-party and third-party code where possible and replace outdated components where necessary.
3. Building cryptographic agility: The implementation approach of Accenture centers on sustainable, future-proof cryptographic agility. Accenture deploys an orchestration engine on internal servers with restricted access, activating policy-driven encryption management through intuitive interfaces. This system automates client-side updates, endpoint policy updates, and certificate renewals, eliminating the need for frequent manual interventions. The Accenture solution integrates with existing certificate and identity programs, facilitating the evolution of the CCOE towards meeting quantum-safe requirements for 2030 (and beyond).
4. Iteration: After addressing the most critical workloads, the process iterates through Phases 2 and 3 across the remaining inventory established in Phase 1. Over time, this modernization process will be repeated to address additional aspects of quantum-safe modernization. This includes all public and private certificates, integrity mechanisms, and potentially all authentication systems.

Progress monitoring and ongoing management

Throughout these phases, you should regularly assess implementation progress and continuously monitor cryptographic health. The framework automates updates for new algorithms and standards, seamlessly integrating with existing security and compliance programs. Regular stakeholder reporting and governance reviews confirm ongoing alignment with organizational objectives and regulatory requirements.

Together, AWS provides the technical infrastructure, and Accenture delivers strategic consulting to help organizations achieve and maintain quantum readiness. The framework addresses both immediate security needs and long-term cryptographic agility, while maintaining alignment with business objectives and operational requirements.

Moving forward

Your post-quantum security journey starts now. Connect with the Accenture AWS Business Group to transform your cybersecurity approach. We’ll help you navigate the complex landscape of emerging technological challenges, helping your organization enhance security measures and stay innovative.

Accenture and AWS have worked together for more than a decade to help organizations realize value from their applications and data. The collaboration between the two companies, the Accenture AWS Business Group (AABG), enables enterprises to accelerate their pace of digital innovation and realize incremental business value from cloud adoption and transformation.

Resources and references

• Learn about the contributions of AWS over the past decade to post-quantum cryptographic research, high-performance open-source libraries, and standards bodies around the world: Post-Quantum Cryptography
• Learn how to use hybrid post-quantum TLS with AWS KMS
• Learn how customer compliance and security configuration responsibility will operate in the post-quantum migration of secure connections to the cloud: Customer compliance and security during the post-quantum cryptographic migration
• Learn how Accenture can help you to tackle the post-quantum cryptography: Prepare today for post quantum security

Accenture – AWS Partner Spotlight

Accenture is an AWS Premier Tier Services Partner and MSP that provides end-to-end solutions to migrate to and manage operations on AWS. By working with the Accenture AWS Business Group (AABG), a strategic collaboration by Accenture and AWS, organizations can accelerate the pace of innovation to deliver disruptive products and services.

Contact Accenture | Partner Overview | AWS Marketplace