As the reality of quantum computing advances, enterprises face an urgent question: Are their technology partners prepared for the post-quantum world? The notion that enterprises can simply “wait for a patch” from vendors can be detrimental, as post-quantum cryptography readiness calls for a much deeper transformation.
With NIST proffering 2035 as the cutoff for vulnerable ciphers, experts are warning that quantum breakthroughs may arrive much sooner. How can enterprises proactively prepare as these changes take hold?
“I envy companies that start at three years in the future, turnkey, they’re born and they’re fresh and they’re new,” said Konstantinos Karagiannis (pictured, right), director of quantum computing services at Protiviti Inc. “Everything they buy will be PQC essentially. They’ll start to put it all together and set up practices around this idea of using PQC, and they’ll be interacting with an environment, cloud, whatever, as PQC. That’s a great place to be, but that’s not how it goes for legacy companies.”
Karagiannis spoke with Blair Canavan (middle), director of alliances, PKI and PQC portfolio, at Thales SA, and Kevin Hilscher (left), director of product management at DigiCert Inc., for the DigiCert World Quantum Readiness Day event, during an encore broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how organizations should engage vendors on post-quantum cryptography, what red flags to watch for and why starting conversations today is critical. (* Disclosure below.)
How vendors are preparing for post-quantum cryptography
From a vendor perspective, it’s crucial to “walk the walk,” according to Canavan. Thales has embedded PQC support in its hardware security modules, CipherTrust Cloud Key Manager platform and other solutions. The company also co-authored the Falcon algorithm, underscoring its active role in shaping PQC standards. Thales prioritizes interoperability testing with partners such as DigiCert, recognizing that cryptographic readiness is not just about individual products, but also about ensuring systems work seamlessly together.
“Why does it matter to us? Well, because we’re not only purveyors or solution providers with hardware security modules and high-speed encryptors, and key management software, and all that stuff,” Canavan said. “We’re also the world’s largest smart card manufacturer. We’re a banking and payment system manufacturer. We put satellites in space. We have all sorts of different business lines that most people might not be familiar with, but you realize it’s the entire fabric of the underpinning of all the cyber that we use.”
Regulatory momentum is also accelerating this shift, Hilscher added. With U.S. Executive Orders alongside EU timelines and requirements, including 47-day certificate lifecycles, enterprises can’t afford to wait. Automation and cryptographic policy management will be essential.
“In cryptography, when something’s broken, it’s broken,” Karagiannis said. “It doesn’t matter if it’s difficult to access the machines or if only one country will have it or whatever. All of that’s just extra noise. I don’t think we have till 2035. I think 2030 is a more realistic date. It’s time to start considering what hardware and software changes you need to make and start looking at that deadline.”
Lastly, vendors should also be able to demonstrate flexibility for global cryptographic standards and support environments that may require multiple algorithms simultaneously, Canavan added.
Stay tuned for the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the DigiCert World Quantum Readiness Day event.
(* Disclosure: TheCUBE is a paid media partner for the DigiCert World Quantum Readiness Day event. Neither DigiCert Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Image: SiliconANGLE