Most teams I talk to still treat encryption as a safety guarantee. The attacker must not be able to read the data today, so it must be protected. That assumption is becoming dangerous and it has nothing to do with whether a useful quantum computer exists yet.
The uncomfortable truth
A new class of threat doesn’t need to break encryption today. The attacker can simply record encrypted traffic, store it and wait for quantum hardware to make today’s public-key cryptography breakable. The ciphertext doesn’t change. The cost of breaking it does.
Why this is a business problem
This is not only a cryptography problem. It is a business risk. Look at the data your organization encrypts today and ask how long it must stay confidential.
Customer data
Health records, financial data, identity information, location history, contracts and confidential communications often stay sensitive for years after they’re captured.
Intellectual property
Product designs, source code, pricing models, strategy documents, research data and acquisition plans may have long-term value to a competitor or a state actor.
Regulated information
Government, telecom, banking, insurance, healthcare and critical infrastructure sectors often store data whose confidentiality lifetime is much longer than the system that originally protected it.
Machine identities and digital trust
Certificates, software updates, firmware signatures, VPNs, APIs, SSH access, service-to-service authentication and internal PKI all depend on cryptographic assumptions that may not survive the quantum era.
Which data encrypted today will still hurt us if it is decrypted 5, 10 or 15 years from now?
Why waiting is risky
Cryptographic migration is slow. It touches applications, APIs, TLS, VPNs, certificates, HSMs, cloud services, embedded devices, mobile apps, supplier systems, identity platforms and compliance processes. For a large organization this is not a patch. It is a multi-year transformation.
The real risk is not only quantum computing. The real risk is being late.
Where PQC will hit enterprise architecture
Most of the conversation about PQC focuses on algorithms. The harder problem is figuring out where in your stack those algorithms actually live — because the answer is “almost everywhere.” Here is how the migration lands across enterprise architecture.
| Architecture layer | Quantum-vulnerable area | Migration concern |
|---|---|---|
| API gateway | TLS termination, mTLS, certificates | Hybrid key exchange, certificate lifecycle, compatibility |
| Service mesh | Service-to-service identity | Certificate size, handshake behavior, sidecar support |
| VPN / SSH | Remote and admin access | Algorithm negotiation, client compatibility |
| PKI / certificates | Internal and external trust chains | CA readiness, certificate profiles, automation |
| CI/CD and supply chain | Artifact, container and firmware signing | Signature algorithm migration and verification tooling |
| Databases and backups | Key wrapping, encrypted backups, long-life archives | Confidentiality lifetime and key-management changes |
| Telecom / IoT platforms | Long-life devices and connectivity systems | Upgradeability, embedded constraints, vendor dependency |
| Vendor ecosystem | HSM, cloud KMS, PKI, CDN, network appliances | Roadmap dependency and supply-chain readiness |
No single team owns this list. That is the architecture problem. Identity, networking, supply chain and vendor management normally run as separate programs. PQC migration forces them onto the same plan.
Post-quantum cryptography is the mitigation path
Post-Quantum Cryptography(PQC) is a new generation of cryptographic algorithms designed to resist attacks from both classical and quantum computers.
The remaining work breaks into three views: which standards are real today, what crypto-agility actually demands of your architecture and how to start the migration without bringing everything to a halt.
The standards are no longer theoretical
PQC is no longer only an academic discussion. In August 2024 NIST finalized the first three post-quantum standards — concrete, named building blocks that vendors, cloud providers, PKI platforms, HSMs, browsers and infrastructure teams can plan against.
| Standard | Algorithm | Primary use |
|---|---|---|
| FIPS 203 | ML-KEM | Key establishment and encapsulation |
| FIPS 204 | ML-DSA | General-purpose digital signatures |
| FIPS 205 | SLH-DSA | Hash-based signatures (conservative backup family) |
Crypto-agility is the real architecture problem
The hardest part of PQC migration isn’t picking ML-KEM or ML-DSA — those decisions land in days. The hardest part is whether your architecture can absorb a cryptographic change at all without rewriting the product. That is what crypto-agility actually means in practice.
| Design question | Why it matters |
|---|---|
| Are cryptographic algorithms configurable? | Avoids code rewrites during migration. |
| Are keys, certificates and signatures versioned? | Supports multiple crypto generations running side by side. |
| Can clients and servers negotiate algorithms? | Enables hybrid and phased transition without a flag day. |
| Is crypto usage easily discoverable across the existing stack? | Supports inventory, risk review and compliance. |
| Can old and new algorithms run in parallel? | Reduces migration blast radius. |
| Do tests cover classical and PQC-ready modes? | Prevents migration regressions. |
| Are vendors exposing a PQC roadmap? | Reduces supply-chain blind spots. |
Most of these are not unusual. They are the same architecture principles that show up in any large migration — but applied to cryptography. Teams that already practice them will find PQC migration noisy but tractable.
The problem isn’t quantum computers. The problem is that crypto was hard-coded everywhere.
A practical migration approach
Post-quantum readiness is now a board-level and CTO-level topic. Not because everything will break tomorrow, but because the data being stolen today may become readable tomorrow. A practical starting point is simple.
1. Build a cryptographic inventory
Find all the places where RSA, Diffie-Hellman, elliptic-curve cryptography, TLS, SSH, VPN, certificates, code signing and key exchange are used. You cannot migrate what you cannot see.
2. Identify long-life data
Prioritize systems where data must remain confidential for many years. Those are the systems which are targets of harvest-now-decrypt-later.
3. Demand crypto-agility
New systems should not hard-code cryptographic algorithms. They should be designed such a way that algorithms can be replaced without rewriting the product. Treat this as a design rule, not a future improvement.
4. Start hybrid migration
Use hybrid approaches where classical and post-quantum algorithms work together during the transition. Hybrid keeps the system safe against classical attackers today and quantum-capable attackers tomorrow.
5. Treat PQC readiness as a vendor criterion
Ask every cloud, HSM, PKI, VPN, database, identity and network vendor for: supported PQC algorithms, hybrid modes, certificate-size impact, interoperability limitations and roadmap dates. The migration only finishes when the supply chain finishes it — and the supply chain only moves when buyers ask the same questions consistently.
Telecom and IoT in practice
In the telecom and IoT platforms I work with, long-life systems dominate the architecture. Connectivity-management systems, SIM lifecycle platforms, roaming, provisioning, OTA update mechanisms, VPN links and internal service identities all stay in production for many years — sometimes a decade or more. That is exactly the duration over which today’s encrypted traffic becomes tomorrow’s exposed traffic.
PQC migration in that environment isn’t really a “choose an algorithm” problem. It is an upgradeability problem. The question is whether the ecosystem can absorb new algorithms without breaking interoperability between devices that ship now and devices that shipped five years ago. Architecture choices made today — about certificate handling, OTA pipelines, key rotation and algorithm negotiation — decide whether the migration is a controlled program or a multi-year scramble.
Final thought
The quantum threat is not only about future computers. It is about today’s encrypted data, today’s architecture decisions and today’s migration delay.
Organizations that act early will treat PQC as a controlled modernization program. Organizations that wait may face a different reality — one in which yesterday’s encrypted secrets are no longer secret.
Which encrypted data in your organization must remain confidential beyond 2030? If the answer includes customer records, telecom data, health information, financial records, government communication, intellectual property, source code or strategic business data, then post-quantum readiness should already be on the roadmap.
References
- NIST — What Is Post-Quantum Cryptography?
- NIST CSRC — Post-Quantum Cryptography Project
- NIST — FIPS 203, 204 and 205 (ML-KEM, ML-DSA, SLH-DSA)
- NCSC — Timelines for migration to post-quantum cryptography
- NCCoE — Migration to post-quantum cryptography
- Cloudflare — Post-quantum roadmap
- Ericsson — Quantum-safe networks