While still in their infancy, quantum computers already pose a significant threat to data security. This is due to their ability to bypass traditional encryption protocols via tactics such as harvest-now, decrypt-later – allowing cybercriminals to access encrypted data previously considered secure.
It is critical organisations begin implementing quantum-safe encryption now, so any harvested data remains secure once quantum computers arrive. This starts with selecting quantum-safe solutions that secure data via encryption.
Yet, with quantum-safe technologies having the ability to affect system performance and infrastructure, organisations need to carefully consider the type of solution they adopt. This means evaluating performance impact, hybrid operation and adherence to formalised industry standards. This will allow organisations to safely implement quantum-safe solutions now while being quantum-ready in future.
Quantum is rapidly evolving
The current landscape for quantum computing is changing at speed, with the UK government previously establishing a 10-year National Quantum Strategy aiming to accelerate the adoption of quantum computing across the economy. This includes committing £670 million towards applications in clean energy, AI and healthcare and developing quantum computers capable of outperforming conventional supercomputers by 2035.
With adoption set to accelerate, the National Cybersecurity Centre (NCSC) has published guidance for organisations looking to transition from current cryptography to quantum-safe encryption. While primarily targeting high-risk sectors such as finance, energy and telecoms, this advises developing a plan for migration by 2028 and completing the transition across systems and services by 2035.
While the above guidance provides a clear timeline, organisations need to understand how this can be put into practice and what they can do now to prepare.
Becoming quantum-safe
One way organisations can protect themselves is by adopting quantum-safe solutions. These are advanced cryptographic techniques designed to protect against the advanced cybersecurity threats quantum computing poses.
This includes Post-Quantum Cryptography (PQC), which are algorithmic, software-based solutions that use complex mathematical problems to withstand quantum attacks. It also encompasses Quantum Key Distribution (QKD), physical, hardware-based technology that uses quantum mechanics to secure cryptographic keys. But what should organisations be looking for when it comes to selecting quantum-safe solutions?
Choosing the right solution
The first factor to consider is minimal performance impact. Quantum readiness cannot come at the expense of network performance, particularly in enterprise environments where modern architectures such as Software-Defined Wide Area Networks (SD-WAN) demand high throughput and ultra-low latency. An effective quantum-safe solution must integrate high-performance processing to ensure quantum-safe encryption does not degrade network performance.
Next, assess the solution’s ability to work in hybrid mode. It’s not hugely practical to have new PQC algorithms working flawlessly across platforms from the onset. Solutions should require the simultaneous use of both a classical algorithm, such as DH, and a PQC algorithm, such as ML-KEM, during a single key exchange. This ensures multi-layered protection should one system fail, while also supporting a smoother, controlled migration for organisations to safely test performance and reliability in a live environment.
Next, make sure the solution adheres to the algorithms formalised by the National Institute of Standards and Technology (NIST). This includes approved PQC algorithms, such as the Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) and Hamming Quasi-Cyclic (HQC). These have ultimately undergone years of public, global scrutiny by cryptographers, helping to guarantee interoperability and compliance.
Finally, an optimal solution should give security teams the flexibility to deploy the right tool for the right job without replacing existing infrastructure. While this means offering both PQC and QKD, their applications differ. PQC is ideal for large-scale, cost-effective deployments across diverse environments, including clouds and data centres. It can also be integrated into existing appliances, firewalls and VPN gateways to secure active traffic. QKD on the other hand is suitable for high-assurance, mission-critical connections, such as securing government or financial networks, where the highest level of assurance is compulsory.
Looking to the future
Protecting organisations against quantum-based threats requires a proactive, scalable strategy that accounts for live traffic, long-lived data and operational continuity. By safely adopting quantum-safe solutions, organisations can remain resilient, secure and protected in the years ahead.
