Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of MSP Channel Insights is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The MSP Channel Insights Video magazine contains the latest Zoom interviews with experts in the industry.
As quantum computing continues its inevitable advance from the theoretical to the practical, one of the greatest long-term threats facing enterprise security is no longer a distant prospect. While standard encryption techniques have protected users and enterprises well up to now, there’s now an urgent need to develop cryptography algorithms and implementations that can withstand a quantum attack.
At the heart of today’s encryption systems lie mathematical problems that classical computers struggle to solve in practical timeframes. Encryption systems fall into two categories, symmetric encryption algorithms like Advanced Encryption Standard (AES) 256, and asymmetric algorithms like Rivest–Shamir–Adleman (RSA), Diffie-Hellman, and Elliptic-curve cryptography (ECC). While symmetric algorithms look likely to retain efficacy post-quantum, a sufficiently powerful quantum computer could solve asymmetric algorithms in hours, not decades, rendering many current encryption schemes obsolete.
While mainstream use of quantum computers may still be several years away, the threat to our data is very real today. Every time adversaries exfiltrate encrypted data, you must assume they are harvesting your assets with the intent to decrypt it once quantum capabilities mature, a tactic known as “harvest now, decrypt later” (HNDL).
This means that security leaders must urgently look to replace vulnerable traditional encryption within their digital infrastructure today and start a transition to post-quantum cryptography (PQC), which can resist quantum attacks. The instruction from cybersecurity regulators and agencies is clear - the move to quantum-resilient encryption must begin now.
Identifying critical encryption layers
Every CTO, CIO and CISO will collectively need to evaluate their digital infrastructure to understand the places and processes in which vulnerable encryption is used. When considering the shift to PQC, the focus should be on data that resides or traverses outside of your organizational boundary. For data residing and moving within a trusted network, other more traditional layers of defense (like access control) will be key to address the HNDL threat.
At Netskope, we evaluated our Netskope One platform and identified five critical encryption layers that warranted action. These are not unique to our platform, and processes like secure boot, authentication handshakes and Transport Layer Security (TLS) encryption are common across a multitude of web and cloud applications.
Therefore, consider the examples I highlight and reflect on where within your organisation’s tech stack there are similar use cases that will need to be addressed.
1. Service-to-Service Data-in-Transit Encryption
Within the typical cloud architecture, numerous microservices communicate constantly. These interactions are encrypted today using traditional methods, but will need to be upgraded to PQC algorithms to ensure these channels remain secure in a post-quantum world.
2. TLS Encryption for Web and App Traffic Inspection
As a core function of any cloud security stack, inspecting encrypted web and app traffic to enforce policies and prevent threats is critical. This TLS decryption and re-encryption process will need to be enhanced with post-quantum key exchange mechanisms to prevent interception risks.
3. Client-to-Cloud Authentication and Key Exchange
When a user connects to a cloud platform, encryption and authentication handshakes protect their data and identity. This connection layer will need to be retooled with PQC to ensure the integrity of secure key generation and authentication.
4. Internal Metadata Protection
Even when data is encrypted, metadata such as routing information or access logs can reveal critical insights. We need to apply post-quantum protections to internal metadata encryption to prevent this information from becoming a security liability.
5. Customer Configuration and Policy Data Encryption
Finally, customer-specific configuration files, security policies, and stored data will need to be protected with quantum-safe encryption to guard against long-term data exposure.
Standards Compliance and Timelines
Central to the PQC rollout is adherence to NIST’s new cryptographic standards, issued in August 2024, which have been developed collaboratively by leading academics, government agencies, and technology companies. Of the four new algorithms, three are for digital signatures, and one is for key encapsulations (CRYSTALS-Kyber, renamed ML-KEM). ML-KEM 768 specifically is going to prove vital for the key exchange element of the TLS connection establishment protocol based on its performance, security profile, and interoperability.
Security leaders should work to ensure they have a solid understanding of the emerging regulatory deadlines, as well as the details of where responsibilities lie. In our case, as a vendor we have a huge responsibility to ensure that our product - used to protect the data of millions of users around the world - maintains robust cryptography. Organisations should lean on their vendors and make sure they are communicating their plans, with timelines, as well as gaining useful insights into where else within the wider security stack there may be a requirement for change led by either other vendors or the organisation themselves.
Implementation and Testing
It should be noted that the new PQC algorithms are not a like-for-like swap. They have different performance requirements - impacting power and memory resources differently. As such, enterprises will need to conduct thorough testing within a sandbox environment to prevent disruption to business operations. For example, incorporating PQC-enabled hardware in a data centre stack will introduce new power and performance demands. This will require an adjustment in resourcing when you scale this new appetite to meet the level required to support new AI tools. Application and service vendors should work in the same way, offering a controlled rollout that provides full functionality using PQC-backed encryption, allowing CISOs and security teams to validate compatibility, performance, and effectiveness in real-world scenarios.
A Strategic Advantage
In a landscape where cybersecurity threats evolve rapidly and technological disruptions loom, quantum preparedness will be a competitive advantage in the short term, and a strategic imperative in the long term. This is particularly apparent as companies invest heavily in building the data infrastructure to support the adoption of AI technologies. Any move to integrate PQC today signals not only technical sophistication but a deep understanding of the shifting security paradigm and the threat to a critical global commodity - data.
For enterprises aiming to lead in an AI-first, zero trust world, taking quantum risk seriously and partnering with vendors that do the same will be crucial.
