CipherShift365

Overview

CipherShift365 is a single platform that manages the whole quantum-readiness journey in three stages -- Discover -- Migrate -- Monitor -- built specifically for the .NET and Azure world.

CipherShift365 helps regulated .NET organisations find the encryption that quantum computers will break, replace it with the new government-standard quantum-safe encryption, and keep it from coming back -- turning a looming compliance problem into a clear, evidenced plan.

The Three Modules

Compass -- Discover

Compass reads through an organisation's software, dependencies, certificates, and configuration to find every place cryptography is used. It then classifies each finding (what it is, how strong it is, how exposed it is to the quantum threat), produces a standards-compliant cryptographic inventory (the CBOM), scores the overall risk, and hands back a prioritised, costed migration plan.

Vault -- Migrate

Vault is a developer toolkit that makes swapping in the new quantum-safe algorithms straightforward, and lets an organisation change algorithms later through configuration rather than rewriting code. It supports hybrid modes that run a classical and a post-quantum algorithm together during the transition -- a widely recommended safety net while the new standards mature.

Guardian -- Monitor

Replacing cryptography once is not enough; weak cryptography tends to creep back in as code changes. Guardian sets a baseline from Compass and then keeps watch -- failing a build if a developer reintroduces vulnerable cryptography, observing what is actually running, and sending alerts into existing SIEM tools such as Microsoft Sentinel, Splunk, or Elastic.

Together, these turn a one-off scramble into a repeatable, auditable lifecycle.

Why This Is Urgent Now

Three forces have turned post-quantum readiness from a speculative concern into an active, dated obligation:

1. Legal and contractual requirements -- U.S. federal agencies must inventory cryptography and plan migration toward a 2035 target under OMB M-23-02 and National Security Memorandum 10.
2. Buyers are asking for proof -- A cryptographic inventory is becoming standard in security questionnaires. The Cryptography Bill of Materials (CBOM), an open OWASP/CycloneDX standard, provides the machine-readable format.
3. The replacement technology is shipping -- .NET 10 ships native support for NIST post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) via System.Security.Cryptography.

Target Audience

CipherShift365 is aimed at .NET / Windows / Azure-heavy organisations in regulated sectors -- financial services, healthcare, government, and defence-adjacent suppliers -- facing mandates to produce a cryptographic inventory and migration plan.

Deployment Model

• On-premise / deploy-anywhere as the default v1 delivery
• Air-gapped variant with manual signed-knowledge-base sideloading
• No architectural choice forecloses a future hosted tier

Product Positioning

CipherShift365 sits in the gap between broad cross-platform scanners (shallow on .NET specifics) and existing .NET code scanners (which flag classically broken cryptography but generally do not flag strong-but-quantum-vulnerable algorithms like RSA-2048).

Its advantage is depth and remediation specificity for .NET -- not just "you use risky cryptography," but precisely what, where, why it matters, and what to replace it with.

Topics

• Product Description -- Executive overview and problem statement
• Use Cases -- Actors, scenarios, and traceability
• Architecture Overview -- Composition, viewpoints, and component decomposition
• Architecture Decisions -- ADR-001 through ADR-008
• Quality Attributes -- Scenario-by-scenario architecture verification