Commvault Bolsters Data Security with New Post-Quantum Cryptography Capabilities

Commvault has enhanced its post-quantum cryptography (PQC) capabilities to protect customer data against future decryption via quantum computing. The company now supports the Hamming Quasi-Cyclic (HQC) algorithm, alongside previously supported NIST standards like CRYSTALS-Kyber, augmenting its cryptographic agility framework introduced in August 2024. This expansion addresses the emerging threat of ‘harvest now, decrypt later’ attacks, where encrypted data is intercepted and stored for future decryption when quantum computers become sufficiently powerful. Available immediately to Commvault Cloud customers running software version CPR 2024 (11.36) and later, these capabilities are designed for organisations, particularly in finance and healthcare, requiring long-term data security and compliance with evolving regulatory requirements.

Commvault has broadened its support for post-quantum cryptography (PQC) by incorporating the Hamming Quasi-Cyclic (HQC) algorithm, complementing existing support for CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON as recommended by the National Institute of Standards and Technology (NIST). This expansion directly addresses the ‘harvest now, decrypt later’ threat, where adversaries intercept and store encrypted data anticipating future decryption with sufficiently powerful quantum computers. Commvault’s cryptographic agility framework enables organisations to adopt these new algorithms without requiring extensive system redesigns.

Researchers at Commvault are proactively responding to accelerating investment in quantum computing by delivering tools that mitigate risks associated with long-term data storage. The company’s approach centres on providing enhanced cryptographic protection for sectors like finance and healthcare, where data sensitivity extends for decades. Commvault’s Risk Analysis capabilities empower customers to identify and classify data requiring this additional layer of security.

Commvault simplifies the implementation of its PQC features, often requiring only a configuration adjustment to integrate seamlessly into existing workflows. This ease of deployment encourages widespread adoption of quantum-resistant security measures, bolstering overall data protection strategies. The Nevada Department of Transportation partnered with Commvault, utilising its PQC capabilities and crypto-agility framework to satisfy stringent government security mandates and safeguard sensitive information from emerging quantum threats.

Commvault’s post-quantum cryptography capabilities, including HQC support, are immediately available to Commvault Cloud customers running software version CPR 2024 (11.36) and later. This provides a readily accessible solution for organisations seeking to future-proof their data security strategies and maintain data integrity in the evolving threat landscape.