惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

爱范儿
爱范儿
P
Palo Alto Networks Blog
月光博客
月光博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
I
InfoQ
aimingoo的专栏
aimingoo的专栏
腾讯CDC
T
Threatpost
D
DataBreaches.Net
Vercel News
Vercel News
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
C
Cybersecurity and Infrastructure Security Agency CISA
Forbes - Security
Forbes - Security
U
Unit 42
C
Check Point Blog
Blog — PlanetScale
Blog — PlanetScale
O
OpenAI News
量子位
TaoSecurity Blog
TaoSecurity Blog
Microsoft Azure Blog
Microsoft Azure Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Visual Studio Blog
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
Security Archives - TechRepublic
Security Archives - TechRepublic
The Last Watchdog
The Last Watchdog
S
Security Affairs
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
小众软件
小众软件
S
SegmentFault 最新的问题
www.infosecurity-magazine.com
www.infosecurity-magazine.com
W
WeLiveSecurity
AI
AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
I
Intezer
Know Your Adversary
Know Your Adversary
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Proofpoint News Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Cloudflare Blog
博客园_首页
NISL@THU
NISL@THU
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Palo Alto Networks Blog

Announcing the General Availability of Prisma AIRS AI Gateway Palo Alto Networks and AT&T - Delivering Quantum-Resilient SASE Fabric What It Takes to Secure Claude Cowork Across the AI Enterprise It Might Feel Like We’ve Been Here Before, But We Haven’t A Defining Moment in Identity Security New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset Built to Last: What Stonehenge Teaches us About IT Architecture & Cyber Resilience Expanding Our Footprint: Local Cloud Availability for Prisma AIRS in Japan The Invisible CEO of Crisis: Breaking the Cycle of CISO Burnout Securing the Agentic AI Frontier: Palo Alto Networks and Databricks Deliver a New Standard for AI Security Securing Canada’s Digital Future: Why PBMM Matters Beyond Government Beyond Human Oversight: Adapting to the Frontier AI Era Shifting from Data Hoarding to Active Defense: Navigating the New Era of OMB M-26-14 European Digital Sovereignty Starts With Trust How AI and Evasion Demand a Radical Shift in Network Threat Prevention Reinventing Security for the Agentic NVIDIA AI Factory A 4X Gartner Magic Quadrant for EPP Leader. Built for the Agentic Era. Securing and Governing AI Agents At Scale Through A Unified AI Gateway The “Why” Behind NextWave’s New Requirements Beyond the Frontier — Expanding the Ecosystem for Autonomous Defense Defender's Guide to the Frontier AI Impact on Cybersecurity: May 2026 Update From WarGames to Cyberwar Idira — Our Journey to Democratize Privilege Controls A New Era of Security: Frontier AI Defense Nutanix and Palo Alto Networks Integrate for Robust Model Trust 39 Seconds — That's How Long It Takes to Lose Your Data The Dangerous Momentum of Autodownload Phishing Enhancing AI-Driven Defense with Anthropic’s Claude Opus 4.7 Unit 42 Expands Frontier AI Defense with Armadin Partnership Palo Alto Networks and Google Cloud Scaling AI Agents with Confidence Palo Alto Networks Joins DNS-OARC as a Platinum Member The AI Ecosystem Edge — Introducing Our Frontier AI Alliance Defender's Guide to the Frontier AI Impact on Cybersecurity Introducing Unit 42 Frontier AI Defense Securing the UK’s Digital Future Announcing ADEM Universal Agent Palo Alto Networks at Nutanix .NEXT 2026 Closing the Gap by Enhancing Visibility and Mitigating Risks Five Browser and AI Security Questions Keeping CxOs up at Night Securing the Era of Agentic AI with Prisma SASE Prisma Browser for Business — A Secure Workspace for Small Business Securing the Enterprise AI Ecosystem with ServiceNow and Prisma AIRS How NextWave’s Evolution Drives Shared Success Announcing Prisma AIRS Availability in Singapore Region How the National Cyber Strategy Secures Our Digital Way of Life
The Cryptographic Reset Has Begun
Shivajee Samdarshi · 2026-03-24 · via Palo Alto Networks Blog

A Structural Shift in Cryptographic Trust and Integrity

For decades, the digital economy has operated on a model of static cryptographic trust.

Certificates were issued for long periods of time. The same encryption algorithms protected data for decades. Security teams could simply increase key lengths to stay ahead of advances in computing power. Trust infrastructure changed slowly and predictably.

That era is over.

Over the next several years, the foundations of cryptographic trust will change more dramatically than at any point since the modern internet was created. The cryptographic mechanisms that establish identity, secure communication and protect sensitive data are entering a period of continuous change.

Organizations are now confronting what can best be described as a cryptographic reset.

Security teams are fighting a battle on two fronts: Trust and Integrity.

At the same time, the scale of digital infrastructure continues to grow rapidly. Cloud services, distributed applications and autonomous agents are multiplying across enterprise environments. Each device, workload, service and agent ultimately depends on certificates and cryptographic keys to establish trust within the network.

As this ecosystem expands, automation and continuous visibility must replace human-led manual processes. For this to happen efficiently, the network must become the ultimate point of cryptographic control.

The First Front Is Trust

The first major shift is happening in how digital trust is maintained.

On March 15, 2026, the CA/Browser Forum reduced the maximum validity period for public TLS certificates from 398 days to 200 days. This change begins a phased transition that will reduce certificate lifetimes further to 100 days in 2027 and ultimately to 47 days by 2029.

At first glance, this may appear to be a simple policy change. In reality, it represents a fundamental shift in operational requirements.

When certificate lifetimes shrink, renewal velocity increases dramatically.

A certificate that previously required renewal once per year will soon require renewal multiple times per year. At 47 days, the renewal workload increases roughly twelvefold.

Many organizations today still manage certificates through manual processes. Expiration dates are tracked in spreadsheets. Calendar reminders are used to trigger renewals. Scripts and ticket workflows coordinate deployment.

These approaches do not scale to the new reality. For an enterprise managing 1,000 public TLS certificates, manual renewal already consumes roughly 4,000 hours per year, which is about two engineers' worth of work. As lifecycles shrink toward 47 days and renewal velocity increases 12×, that workload jumps to nearly 48,000 hours annually, which is the equivalent of 24 engineers.

Shorter lifecycles transform certificate management from an occasional administrative task into a continuous operational process. If manual workflows remain in place, the likelihood of business-impacting outages rises sharply.

Consider a common scenario.

A VPN gateway relies on a public TLS certificate. The expiration date is tracked in a spreadsheet maintained by an operations team. A renewal reminder is scheduled on a shared calendar.

If the reminder is missed and the certificate expires, the gateway stops accepting secure connections. Remote employees lose access to corporate resources. The help desk begins receiving calls. Security and infrastructure teams are forced into emergency remediation.

What appears to be a minor configuration detail becomes a service outage affecting the entire workforce.

In a world of 47-day certificates, the traditional “set it and forget it” approach is no longer viable. The operational risk is simply too high.

This challenge can no longer be addressed through manual processes or additional staffing.

Maintaining digital trust at this velocity requires complete visibility into certificates and fully automated lifecycle management.

Discovery, renewal, deployment and governance must operate continuously across environments without manual intervention.

The Second Front: Integrity

While trust lifecycles are accelerating, another change is unfolding simultaneously.

The mathematics protecting modern encryptions are approaching a breaking point.

Advances in quantum computing threaten to undermine the public key cryptography that secures most digital communications today. Within the coming decade, sufficiently powerful quantum systems are expected to break widely used algorithms such as RSA and ECC.

But the risk is not limited to a future breakthrough.

Adversaries are already exploiting this transition through a strategy known as “harvest now, decrypt later.”

In this model, attackers collect encrypted data today and store it for later decryption once quantum capabilities become available. Sensitive information captured now may remain vulnerable for years into the future.

This means the integrity of encrypted data is already at risk.

Organizations must prepare for the operational challenges of shorter certificate lifecycles, as well as the cryptographic transition required to protect data against quantum threats.

Turning the Network into the Trust Control Plane

Surviving the cryptographic reset does not require deploying another collection of isolated point products or rebuilding security infrastructure from scratch.

Instead, organizations can leverage the infrastructure they already operate.

Network security platforms already sit in the path of critical traffic, observing encrypted communications across the enterprise. These systems can serve as powerful sensors and enforcement points for managing cryptographic trust.

By elevating the network into a control plane for cryptography, organizations gain the visibility and automation required to navigate both the trust and integrity challenges ahead.

Earlier this year, Palo Alto Networks introduced an end-to-end quantum security architecture designed to help organizations inventory cryptographic assets, assess risk exposure, and accelerate the transition to post-quantum cryptography. One of its key innovations is cipher translation, which allows organizations to upgrade cryptographic protections for devices and applications without modifying application code.

These capabilities address the integrity side of the cryptographic reset.

But organizations must also solve the operational challenge of managing trust at scale.

Introducing Next-Generation Trust Security

Today we are introducing a new capability designed to address the growing operational risk associated with certificate lifecycles.

We call it Next-Generation Trust Security.

Next-Generation Trust Security brings certificate lifecycle management directly into the network security platform. It combines network-native discovery, continuous certificate visibility, and fully automated lifecycle management.

Because the network already observes encrypted traffic and certificate usage, discovery happens automatically across environments through existing NGFW and SASE infrastructure.

Once certificates are discovered, automated lifecycle workflows ensure they are renewed, deployed and governed according to policy.

Tasks that previously required hours of manual work can now be executed automatically.

In many environments, remediation that once required hours of investigation and coordination can occur automatically with no manual intervention.

The result is a system that continuously maintains digital trust without placing an additional operational burden on security teams.

From Cryptographic Reset to Operational Resilience

The forces reshaping digital trust are not temporary disruptions.

Shorter certificate lifecycles will continue. Cryptographic algorithms will evolve. Quantum-resistant protections will become necessary. Organizations must adapt their operational models accordingly.

By transforming the network into the control plane for cryptographic trust and security, enterprises can address both fronts of the cryptographic reset.

They can maintain trust as certificate lifecycles accelerate. They can protect data integrity as encryption standards evolve. Most importantly, they can reduce the operational risk that threatens service availability, security enforcement and business continuity.

The cryptographic reset is underway.

The organizations that prepare now will be positioned to secure both what’s running today and what comes next.

Next-Generation Trust Security is designed to help organizations operate in this new reality, where certificates renew continuously and cryptographic standards are evolving.

To learn more about how organizations can prepare for shorter certificate lifecycles, visit the Next-Generation Trust Security page.