Data is today’s premier strategic asset. With quantum computing opening the floodgates for a new age of cyber threats, post-quantum cryptography (PQC) must become a cornerstone of security.
Preparing for a post-quantum future will require a significant time investment, one that business leaders cannot afford to put off.
They must give themselves time to refactor all their applications to ensure no measures slip through the cracks.
Division President and GM at Amdocs Technology.
The future commoditization of quantum computing
Transitioning to PQC is an imperative. Almost all our technologies rely on cryptography to protect critical data in software. Once quantum cryptography falls into the hands of malicious actors, all this data will essentially be exposed.
It is only a matter of time before this happens. Like any other new technology, it will initially be expensive and difficult to acquire. As more players enter the market, this technology, too, will become commoditized.
AI followed a similar path. Before the launch of widely available LLMs like ChatGPT, AI was bound to niche technological applications or available only to researchers. However, with GenAI models rising in popularity, AI capabilities became widespread, becoming accessible to malicious actors.
We can imagine a similar fate for quantum computing, where the ramifications are a matter of survival for businesses. It will be that much easier for malicious actors to acquire these capabilities.
Regulatory standards
Authorities all over the world are taking note of the quantum risk, and the competition to become the leader in standard-setting is heating up.
While the regulatory landscape is still in its infancy, the UK, US, and EU have made significant developments recently in laying the groundwork for an approach.
The UK’s National Cyber Security Centre (NCSC) recently asked organizations to transition to quantum-resistant encryption methods by 2035.
The EU launched its Quantum Europe Strategy, taking a top-down approach to regulation, aiming to coordinate member states.
The US Department of Commerce’s NIST officially finalized the first set of encryption algorithms designed to withstand potential threats from quantum computers.
This means organizations need to stay vigilant to anticipate where regulation and standard-setting are headed. With competing approaches and interests, it will be important to find common ground and build compliance into preparations for PQC.
Most notable from existing standards is NIST’s proposed set of PQE algorithms. This is a good starting point toward global PQC standards and offers a valuable starting point for organizations looking to explore PQC options.
These are the new standards for encryption in PQC. Experimenting with these algorithms and developing processes and capabilities to transition to PQC will put businesses in a strong position for navigating standards and regulations.
The scale of the transformation required to be quantum-safe cannot be understated. Adopting quantum-resistant algorithms is technically complex and time-consuming. Organizations will need to refactor all their applications.
The time to act is now.
First port of call: excellence from within
It is essential to understand the necessary skills, processes, and evaluation frameworks for PQC are still being developed.
Yet the adoption of Post-Quantum Encryption (PQE), as published by NIST, requires organizations to experiment and test—often many times—and iterate a procedure throughout the company.
An intelligent way to align company resources and stakeholders is by establishing a Center of Excellence (CoE) to lead implementation.
What would a CoE look like? Centers of Excellence are forums where leaders from across the organization can meet to collaborate and strategize for the post-quantum transition.
They can also audit current applications and infrastructure for clarity and direction, gauging where the weak points lie, where dependencies are heaviest, and which processes will ease the adoption of PQE.
To start, leaders must assess the scale of the upgrade across their systems. This involves auditing current services and applications to see which rely on cryptography and identifying the programming languages (e.g., Java), operating systems, and frameworks (e.g., Spring) that will be affected.
It also includes considering available mitigations—for instance, RHEL 10 is the first Linux OS to fully support PQC. From there, they can set priorities for adopting PQC.
Importantly, Kubernetes, a core tool for managing containerized applications, has already taken a proactive step to support PQC in a hybrid approach ahead of time – showing that the industry is taking the threat of quantum computing and the need for PQC very seriously.
This update sets a strong precedent for other technologies to follow suit in ensuring their readiness for the post-quantum era. This proactive move is a prime example of how organizations should think ahead in adopting quantum-safe solutions before the full advent of quantum capabilities.
Updating entire IT infrastructures is a mammoth task for the industry. It requires updates not only to legacy systems but also to modern software that is not quantum-safe.
To increase the complexity, it isn’t solely an IT problem. PQC cuts across legal, compliance, product, procurement, and customer boundaries. A quantum Center of Excellence demands cross-functional leadership roles, not simply technologists.
The quantum class of tomorrow
Across much of the technology industry, the necessary IT skills are scarce. An estimated 44% of businesses have skills gaps in basic technical areas; quantum is no exception. But CoEs have the added benefit of upskilling workers, paving the way for future talent.
They set guardrails from structured training across the company, sifting out gaps in knowledge and creating a focused environment for learning emerging technologies and methods, while offering hands-on experience, mentoring, and certification opportunities.
The path to a quantum-safe future
Advancements in quantum technology are rapidly closing the gap between research and real-world applications. Industry leaders like Microsoft, Google, and IBM have already unveiled quantum chips, signaling that practical adoption is closer than many anticipated.
Rushing the transition to PQC without careful planning risks overlooking critical technical, operational, and regulatory considerations. A successful shift demands early action, strong leadership, and collaboration across departments.
Centers of Excellence (CoEs) can play a pivotal role in guiding organizations through this complexity, ensuring strategies are executed effectively. Those who take the lead in achieving quantum readiness today will be best equipped to thrive in a future defined by secure digital innovation.
We’ve featured the best encryption software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
