Data Migration

The biggest threat to your data isn’t happening tomorrow. It happened yesterday. If you haven’t heard of HNDL (Harvest Now, Decrypt Later), your long-term data strategy has a massive blind spot. Here is the reality: State actors and cybercriminals are capturing your encrypted data today. They can’t read it yet, so they’re storing it in massive data vaults, waiting for the "Qday"—the moment quantum computers become powerful enough to break current encryption. If your data needs to stay private for 5, 10, or 20 years, it’s already at risk. What’s on the line? ↳ Intellectual Property (IP) and trade secrets. ↳ Government and identity data. ↳ Long-term financial records and contracts. ↳ Sensitive customer health data. How do we solve it? 🛠️ We cannot wait for quantum supremacy to react. The fix starts now: ↳ Inventory: Identify which data has a long shelf-life. ↳ Crypto-Agility: Move toward systems that can swap encryption methods without a total overhaul. ↳ Hybrid PQC: Implement Post-Quantum Cryptography alongside classical methods to ensure traffic captured today remains a mystery tomorrow. The transition to quantum-resistant security is a marathon, not a sprint. Are you tracking HNDL on your current risk register? Let’s discuss in the comments. 👇 P.S. If you want help mapping your exposure or building a PQC migration plan, drop me a message. ♻️ Share this post if it speaks to you, and follow me for more. #QuantumSecurity #PQC

🛡️ The Quantum Clock is Ticking quietly: Is Your Financial Infrastructure Ready? The financial industry is built on a foundation of digital trust, currently secured by #cryptographic standards like RSA and ECC. However, the rise of Cryptographically Relevant Quantum Computers (CRQC) poses an existential threat to this foundation. As we navigate this transition, here are 3 key pillars from the latest Mastercard R&D white paper that every financial leader must prioritize: 1. Addressing the 'Harvest Now, Decrypt Later' (HNDL) Threat 📥 Malicious actors are already intercepting and storing sensitive #encrypted data today, intending to decrypt it once powerful quantum computers are available. Financial Use Case: Protecting long-term assets such as credit histories, investment records, and loan documents. Unlike transient transaction data (which uses dynamic cryptograms), this "shelf-life" data requires immediate risk analysis and the adoption of quantum-safe encryption for back-end systems. 2. Quantum Resource Estimation & The 10-Year Horizon ⏳ While a CRQC capable of breaking RSA-2048 in hours might be 10 to 20 years away, the migration process itself will take years. Financial Use Case: Developing Agile Cryptography Plans. Financial institutions should set "action alarms" for instance, once a quantum computer reaches 10,000 qubits, a pre-prepared 10-year migration plan must be triggered to ensure infrastructure is updated before the "meteor strike" occurs. 3. Hybrid Implementations: The Bridge to Security 🌉 The transition won't happen overnight. The paper highlights the importance of Hybrid Key Encapsulation Mechanisms (KEM), which combine classical security with PQC. Financial Use Case: Enhancing TLS 1.3 and OpenSSL 3.5 protocols. By implementing hybrid models now, banks can protect against current quantum threats (like HNDL) while maintaining compatibility with existing classical systems, ensuring a smooth and safe transition. The Bottom Line: A reactive approach is no longer an option. Early adopters who evaluate their data's "time value" and begin the migration today will be the ones to maintain resilience and protect global financial assets tomorrow. #QuantumComputing #PostQuantumCryptography #FinTech #CyberSecurity #DigitalTrust #MastercardResearch

The “Before & After” Data Transformation Story In the lead-up to our SAP migration, we weren’t just preparing systems — we were unearthing years of neglected, inconsistent, and chaotic data. If we are honest, most of the time, it felt less like digital transformation and more like an archaeological excavation. We were buried in layers of spreadsheets, conflicting legacy reports, and systems that hadn’t seen a clean-up in over a decade. Each click revealed more clutter: customer names spelled five different ways, address fields mixing “St.” and “Street” like it was a coin toss, duplicate records stacked on top of each other, and critical fields left blank or filled with guesswork. It was more than just messy — it was risky - A complete nightmare! Data was being pulled from everywhere and nowhere. No single source of truth. No consistency. Just a patchwork of outdated inputs fuelling vital business operations. The worst part? We had to tackle it manually. A Time Sink: Highly skilled people stuck doing low-value, repetitive tasks. An Error Magnet: Fatigue set in. Errors crept through. Fix one issue, uncover two more. A Business Risk: Dirty data meant dirty output. Reports couldn’t be trusted. Customers were misbilled. Orders were sent to the wrong place. And confidence in the system? Gone. We knew we couldn’t carry that baggage into SAP. Something had to change. At this point, we built a purpose-specific solution which was created to automate and streamline data cleansing and validation, giving us the ability to: Proactively identify and rectify errors with precision. Ensure data consistency across all records. Validate information against business rules before migration. This impacts business by: 🔹Reducing Pre-Migration Data cleansing and validation Effort by Up to 75% Freeing up SMEs for strategic tasks, cutting contractor costs, and accelerating migration timelines. 🔹Delivering >99% Accuracy in Key Master Data Minimising migration errors, de-risks go-live, building trust in the new SAP system from day one. 🔹Reducing Migration Delays and Rework by 20–40% Fewer surprises in load cycles and UAT, protecting timelines, budgets, and overall project momentum. 🔹Achieving 100% Data Auditability and Compliance Ensuring full traceability, streamlining audits, and providing a defensible position on data quality from day one. 🔹Reducing Post-Go-Live Errors by 15–30% Fewer issues like misbilling and mis-shipments, leading to smoother operations, faster user adoption, and trusted SAP insights. If any of this sounds familiar, you're not alone. The good news is that we have built a solution which has already helped others through their migration journey, and we’d be happy to share it if it’s useful. Just drop us a message. Created in collaboration with Pawel Lipko ↗️

I’ve audited 120+ ERP data migrations in the last 5 years. 80% of them failed. And most ERP failures are not because it’s SAP, Oracle, or Dynamics. Not even the custom build from 2012. They fail because the data going in was never cleaned. Here’s what I keep seeing (even in $10M+ projects): In 80% of failed ERP migrations, I found: ☠️ UOM mismatches that break inventory. ☠️ Customer and vendor duplicates. ☠️ Zombie SKUs and dead warehouses. ☠️ Orphaned transactions. ☠️ No audit trail of what got transformed. Here’s my Data Migration Checklist (to use before go-live): ✅ Units of Measure (UOM): → Are all UOMs mapped 1:1 between legacy and new ERP? → Have we tested conversion logic in live transactions? ✅ Master Data Uniqueness: → Do we have duplicate SKUs, vendors, or customers? → What’s the deduplication logic? Who owns it? ✅ Historical Data Mapping: → Are all past transactions (GR/IR, payments, returns) traceable? → Can we audit them after go-live? ✅ Open Transactions Review: → How many open POs, SOs, GRNs exist in legacy? → Who validated carry-forward rules? ✅ Dummy Runs with Real Data: → Did we run full-cycle transactions with migrated data in UAT? → Were accounting, tax, and inventory balances reconciled? ✅ Cleanup Ownership: → Who is responsible for final data sign-off—IT or Finance? → Is it documented? I think ERP is not an Excel import. It’s a financial and operational rebirth. And the data is either your foundation or your downfall. How confident are you in the quality of the data being loaded into your next ERP? ♻️ 𝐑𝐄𝐏𝐎𝐒𝐓 so others can learn.

🚨 NEW PEER-REVIEWED RESEARCH: PQC Migration Timelines Excited to share my latest paper published in MDPI Computers: "Enterprise Migration to Post-Quantum Cryptography: Timeline Analysis and Strategic Frameworks." The transition to Post-Quantum Cryptography (PQC) represents a watershed moment in the history of our digital civilization. Organizations planning for a 3-5 year "upgrade" will fail. The reality is a 10-15-year systemic transformation. Key Contributions: 📊 Realistic Timeline Estimates by Enterprise Size: Small (≤500 employees): 5-7 years Medium (500-5K): 8-12 years Large (>5K): 12-15+ years ⚠️ Critical Finding: With FTQC expected 2028-2033, large enterprises face a 3-5 year vulnerability window—migration may not complete before quantum computers break RSA/ECC. 🔬 Novel Framework Analysis: Causal dependency mapping (HSM certification, partner coordination as critical paths) "Zombie algorithm" maintenance overhead quantified (20-40%) Zero Trust Architecture implications for PQC 💡 Practical Guidance: Crypto-agility frameworks and phased migration strategies for immediate action. Strategic Recommendations for Leadership: 1. Prioritize by Data Value, Not System Criticality: Invert the traditional triage model. Systems protecting long-lived data (IP, PII, Secrets) must migrate first, regardless of their operational uptime criticality, to mitigate SNDL. 2. Fund the "Invisible" Infrastructure: Budget immediately for the expansion of PKI repositories, bandwidth upgrades, and HSM replacements. These are long-lead items that cannot be rushed. 3. Establish a Crypto-Competency Center: Do not rely solely on generalist security staff. Invest in specialized training or retain dedicated PQC counsel to navigate the mathematical and implementation nuances. The talent shortage will only worsen. 4. Demand Vendor Roadmaps: Contractual language must shift. Procurement should require vendors to provide binding roadmaps for PQC support. "We are working on it" is no longer an acceptable answer for critical supply chain partners. 5. Embrace Hybridity: Accept that the future is hybrid. Design architectures that can support dual-stack cryptography indefinitely, viewing it not as a temporary bridge but as a long-term operational state. 6. Implement Automated Discovery: You cannot migrate what you cannot see. Deploy automated cryptographic discovery tools to continuously map the cryptographic posture of the estate, identifying shadow IT and legacy instances that manual surveys miss. The quantum clock is ticking. Start planning NOW. https://lnkd.in/eHZBD-5Y 📄 DOI: https://lnkd.in/ejA9YpsG #PostQuantumCryptography #Cybersecurity #QuantumComputing #PQC #InfoSec #NIST #CryptoAgility

🔐Word o’ the Day | Year | Decade: Crypto-agility, Baby! Yesterday morning, I did a fun fireside chat with Bethany Gadfield - Netzel at the FIA, Inc. Expo in Chicago. We talked about cyber resilience, artificial intelligence, Rubik’s cubes, and that thing called quantum! A question came up at the end, “What can firms actually do today to begin transitioning to post-quantum cryptography?” So thought I would take the opportunity to share my thoughts more broadly on this important, but not super well understood, topic: 1. Don’t wait. The clock for quantum-safe cryptography is already ticking. NIST released its first set of post-quantum standards last year (https://lnkd.in/esTm8uPw) and CISA put out a “Strategy for Migrating to Automated Post-Quantum Discovery and Inventory Tools” last year as part of its broader Post Quantum Cryptography (PQC) Initiative (https://lnkd.in/evpF4umv). h/t Garfield Jones, D.Eng.! 2. Inventory & prioritize. Map all cryptographic usage: what keys, certificates, protocols, and data streams exist today? Which assets hold long-lived value and are at risk of “harvest-now, decrypt-later”? Build a migration roadmap that prioritizes highest-risk systems (e.g., financial settlement platforms, inter-bank links, legacy encryption). 3. Establish crypto-agility. Ensure your architecture supports swapping algorithms, updating certificates, & layering classical + post-quantum primitives without a full system rebuild. This kind of flexibility is key for resilience. 4. Pilot and migrate. Use the new NIST-approved algorithms; experiment first on less time-sensitive systems, validate performance and interoperability, then scale to mission-critical applications. NIST’s IR 8547 report provides a framework for this transition. 5. Vendor & supply-chain alignment. Ask your vendors & service providers: “What’s your PQC transition plan? When will you support NIST-approved post-quantum algorithms? Are your update paths crypto-agile?” If the answer isn’t clear or (as a former boss of mine used to say) they look at you like a “pig at a wristwatch,” you’ve got a potentially serious third-party risk. 6. Board and Exec engagement. Position this not as an IT problem but a fiduciary risk and resilience imperative. The transition to quantum-safe cryptography is multi-year and multi-layered—waiting until it’s urgent means it will be too late.

We almost brought a 20-year-old mistake into S/4HANA. During a recent S/4 migration for a pharma client, "Clean Core" was the mandate from the steering committee. But when we ran the readiness check, the system flagged over 12,000 custom Z-programs. The project timeline was tight. The business sponsor panicked. "Just lift and shift them all," he said. "We can’t risk breaking operations. We will clean up the custom code in Phase 2." If you’ve been in the SAP world long enough, you know the ugly truth: Phase 2 never happens. Instead of arguing, I asked our Basis team to run a simple background job: a 12-month usage report on those 12,000 custom programs. The results were staggering. The Reality Check: Custom objects in the system: 12,000 Objects executed in the last year: 2,400 Objects executed in the last 30 days: 850 They were about to spend hundreds of thousands of dollars and risk the stability of their new S/4 system, just to migrate digital ghosts. Code that belonged to employees who had retired a decade ago. Workarounds for business processes that no longer existed. We didn't just delete the code. We printed the report and put it on the sponsor's desk. The conversation shifted instantly from "How do we migrate this?" to "Why are we hoarding this?" An S/4HANA migration is not an IT infrastructure project. It is a corporate garage sale. If you don't have the courage to throw things away before you move, you aren't transforming. You're just relocating your mess. What is the craziest piece of legacy Z-code you’ve seen someone try to drag into an S/4HANA system?

🔐Europol PRIORITISING POST-QUANTUM CRYPTOGRAPHY MIGRATION ACTIVITIES IN FINANCIAL SERVICES ⚛️As post-quantum cryptography (PQC) becomes integrated into mainstream information technology (IT) products and services, financial services institutions must begin to execute their transition strategies. This document provides actionable guidelines to incorporate quantum safety into existing risk management frameworks by assessing the ‘Migration Priority’ based on the ‘Quantum Risk’ and ‘Migration Time’ of business use cases and highlighting opportunities for immediate execution. ⚛️A critical first step is to inventory all business use cases that rely on public key cryptography. This inventory enables the creation of a prioritised transition roadmap by assessing the Quantum Risk of each use case based on three parameters: 🟣 Shelf Life of Protected Data: How long the data remains sensitive. 🟣 Exposure: The extent to which data is accessible to potential attackers. 🟣 Severity: The business impact of a potential compromise. ⚛️When the Quantum Risk is assessed, organisations can prioritise actions based on each use case’s Migration Time, i.e., the complexity and timeline required to achieve Quantum Safety for a use case. As part of this activity, organisations will identify, for instance, actions that can be launched immediately and the use cases that require coordination with long-term asset lifecycles. 🟣 Solution Availability: Maturity of PQC standards, and their general availability in products and services. 🟣Execution Cost: The effort, cost, and complexity of implementing the quantum-safe solutions within the organisation. 🟣 External Dependencies: Execution complexity due to coordination required with third parties and their transition roadmaps (standardisation bodies, vendors, peers, regulators, and customers). ⚛️Examples of use cases that financial organisations can begin implementing today include: 🟣 Integration of post-quantum requirements into the long-term roadmap for hardware-intensive use cases aligned with financial asset lifecycles. 🟣 Enhancement of confidentiality protection for transactional websites. 🟣Identification and elimination of cryptographic antipatterns to reduce future technical debt. ⚛️These are examples of how financial institutions can take timely, structured steps toward an efficient and forward-looking transition to post-quantum cryptography. https://lnkd.in/d4qiS6X9

The NIST Special Publication 800-131Ar3 (Initial Public Draft) is an important document for organizations managing sensitive information through cryptographic methods. It provides detailed guidance on how to transition from older, less secure cryptographic algorithms and key lengths to newer, more robust ones, especially in anticipation of the potential threats posed by quantum computing. This draft outlines several key changes and recommendations: • Phasing Out Weak Algorithms: The document proposes the retirement of certain cryptographic algorithms, such as the Data Encryption Standard (#DES) and older hash functions like #SHA-1, which are increasingly vulnerable to attacks. It sets a deadline of December 31, 2030, for the retirement of the 224-bit hash functions and states that these algorithms should no longer be used after this date. • #Quantum-Resistant Algorithms: Recognizing the future risk posed by quantum computers, which could break many classical encryption methods, the document emphasizes a shift towards quantum-resistant #algorithms. NIST has already begun standardizing these algorithms, and the publication provides a roadmap for their gradual implementation. The goal is to move from the traditional 112-bit security strength (which may become vulnerable to quantum attacks) to a 128-bit security strength and eventually to quantum-resistant cryptographic methods. • New Standards: This version introduces updates for digital signatures, key encapsulation mechanisms (#KEMs), and key derivation methods. Algorithms like DSA (Digital Signature Algorithm) are being retired, while lattice-based and hash-based digital signatures, which are resistant to quantum attacks, are being recommended. • Security Strength Transition: #NIST plans for a transition to 128-bit security strength for block ciphers and other encryption mechanisms by January 1, 2031. For digital signatures and key establishment, a direct transition to quantum-resistant methods is recommended as soon as those standards are available. This guidance is aimed at government agencies and organizations handling sensitive but unclassified data. It stresses the importance of proactive planning and “cryptographic agility”—the ability to switch to new, stronger algorithms as needed to stay ahead of evolving security threats.

NIST – Migration to Post-Quantum Cryptography Quantum Readiness outlines a comprehensive framework for transitioning cryptographic systems to post-quantum cryptography (PQC) in response to the emerging threat of quantum computers. Quantum technology is advancing rapidly and poses a significant risk to current public-key cryptographic methods like RSA, ECC, and DSA. This guide aims to assist organizations in preparing for and implementing PQC to safeguard sensitive data and critical systems. Key Points  The Quantum Threat Quantum computers are expected to disrupt cryptography by efficiently solving mathematical problems that underpin widely used encryption and key exchange methods. This would render current public-key systems ineffective in protecting sensitive data, emphasizing the need for cryptographic agility.  NIST PQC Standards NIST is spearheading efforts to standardize quantum-resistant algorithms through an open competition and evaluation process. These algorithms, designed to withstand quantum attacks, focus on two primary areas: 1. Key Establishment: Protecting methods like Diffie-Hellman and RSA key exchange. 2. Digital Signatures: Securing authentication processes.  Migration Framework The document provides a phased approach to migrating cryptographic systems to PQC: 1. Assessment Phase:    - Inventory cryptographic dependencies in current systems.    - Evaluate systems at risk from quantum threats based on sensitivity and lifespan. 2. Preparation Phase:    - Conduct pilot testing of candidate PQC algorithms in existing infrastructure.    - Develop a hybrid approach that combines classical and post-quantum algorithms to ensure interoperability during transition. 3. Implementation Phase:    - Replace vulnerable cryptographic methods with PQC in a phased manner.    - Ensure scalability, performance, and compatibility with existing systems. 4. Monitoring and Updates:    - Continuously monitor the effectiveness of implemented solutions.  Challenges in PQC Migration - Performance Impact: PQC algorithms often have larger key sizes, increased latency, and greater computational demands compared to classical algorithms. - Interoperability: Ensuring smooth integration with legacy systems poses significant technical challenges.  Best Practices - Use hybrid encryption to maintain compatibility while testing PQC algorithms. - Engage in collaboration with vendors, industry groups, and government initiatives to align with best practices and standards. Conclusion The transition to post-quantum cryptography is a proactive measure to secure data and communications against future threats. NIST emphasizes the importance of starting preparations immediately to mitigate risks and ensure a smooth, efficient migration process. Organizations should focus on inventorying dependencies, piloting PQC solutions, and developing cryptographic agility to adapt to this transformative technological shift.