{"id":98543,"date":"2025-10-24T12:00:22","date_gmt":"2025-10-24T12:00:22","guid":{"rendered":"https:\/\/www.newsbeep.com\/nz\/98543\/"},"modified":"2025-10-24T12:00:22","modified_gmt":"2025-10-24T12:00:22","slug":"why-quantum-computing-threat-will-impact-absolutely-everyone-in-security-experts","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/nz\/98543\/","title":{"rendered":"Why Quantum Computing Threat Will Impact \u2018Absolutely Everyone\u2019 In Security: Experts"},"content":{"rendered":"<p>The fact that the date of \u2018Q-Day\u2019 is unknown may ultimately be irrelevant, since post-quantum encryption is on track to become a business and compliance obligation in coming years, experts tell CRN.<\/p>\n<p>            <img decoding=\"async\" loading=\"lazy\" alt=\"\" src=\".\/media_1f1517e94936253d9f96327a704d8429913c4ffe3.png?width=750&amp;format=png&amp;optimize=medium\" width=\"611\" height=\"458\"\/><\/p>\n<p>For cybersecurity teams continually bombarded with new threats, turning their attention toward an uncertain, future risk like quantum computing can feel a bit ridiculous.<\/p>\n<p>The question \u2014 \u201c\u2018why are we even talking about this?\u2019\u201d \u2014 is not at all uncommon when it comes to the potential data security threat from ultra-powerful quantum computers, according to veteran cryptography specialist Jason Soroko.<\/p>\n<p>\u201cThere are so many problems in front of a CISO right now that something that\u2019s even six months away sounds like forever,\u201d said Soroko, senior fellow at Sectigo, a provider of digital certificate management. \u201cSomething that\u2019s five years away \u2014 that\u2019s an eternity.\u201d<\/p>\n<p>[Related: <a href=\"https:\/\/www.crn.com\/cybersecurity-week-2025\" rel=\"nofollow noopener\" target=\"_blank\">Cybersecurity Week 2025<\/a>]<\/p>\n<p>As has been known for years, the advancement of quantum computers \u2014 an entirely new form of computing power based on the principles of quantum mechanics \u2014 could render existing data encryption methods obsolete in the future.<\/p>\n<p>However, the date when this unprecedented threat to data could manifest, referred to as \u201cQ-Day,\u201d is impossible to predict. That has made preparing for the transition to post-quantum cryptography difficult to prioritize for many organizations.<\/p>\n<p>What many don\u2019t realize is that preparations need to begin well in advance if organizations want to have a chance of protecting their data from potentially quantum-empowered threat actors of the future, experts told CRN.<\/p>\n<p>Soroko, for instance, said he has spoken with numerous teams at risk-averse organizations that have already begun post-quantum preparations, and there\u2019s a common theme in their experiences.<\/p>\n<p>\u201cFor everybody who has put resources on it, they come to a stage where they\u2019re having a \u2018holy smokes\u2019 moment \u2014 \u2018Wow, this is going to be a lot bigger than I thought it was going to be,\u2019\u201d he said.<\/p>\n<p>It\u2019s also becoming increasingly clear that undertaking preparations for shifting to quantum-resilient cryptography may not be optional for much longer. In fact, post-quantum encryption appears on track to become a business and compliance requirement in coming years, regardless of uncertainties around the date of \u201cQ-Day,\u201d according to experts.<\/p>\n<p>        Countdown To 2030<\/p>\n<p>A number of government standards bodies, including in the U.S., have sought to expand the focus beyond the hypothetical Q-Day as an incentive to spur action on the post-quantum data security threat.<\/p>\n<p>Instead, many of the standards setters are targeting 2030 as the timeframe for the shift to post-quantum cryptography, at least for essential IT assets.<\/p>\n<p>\u201cThey\u2019re all making recommendations on, at a minimum, moving your most critical workloads to quantum resistance by 2030,\u201d said Ted Shorter, CTO of identity security vendor Keyfactor, which provides capabilities for assembling a cryptographic inventory.<\/p>\n<p>\u201cThat makes the actual Q-Day irrelevant,\u201d Shorter said. \u201cBecause these [guidelines] are going to find their way, as they always do, into compliance frameworks and things that have actual financial repercussions.\u201d<\/p>\n<p>        Initial Steps<\/p>\n<p>The first phase of preparations for most organizations should focus on assembling an inventory of all cryptographic assets \u2014 creating a map of all the places and ways that encryption is used across an organization, experts said.<\/p>\n<p>Even that initial step, however, is proving to be a struggle in many cases, according to Doug Saylors, partner at research and advisory firm ISG.<\/p>\n<p>\u201cThey don\u2019t know enough about their concurrent computing platforms to know what applications run on which computers,\u201d Saylors said.<\/p>\n<p>As part of its major push around the post-quantum encryption shift, DXC Technology, No. 14 on CRN\u2019s <a href=\"https:\/\/www.crn.com\/sp-500\/sp2025\" rel=\"nofollow noopener\" target=\"_blank\">Solution Provider 500<\/a> for 2025, is working with a number of customers on getting their cryptography assets organized. Without a doubt, it\u2019s a \u201cfairly steep hill to climb,\u201d said Douglas Skirving, lead consultant for key and certificate services EMEA at DXC.<\/p>\n<p>\u201cThere\u2019s no formal inventory, so they don\u2019t really know what they have,\u201d Skirving said. \u201cBecause if you don\u2019t know what you have, then you\u2019re unable to pivot away from classic encryption to quantum resilience.\u201d<\/p>\n<p>To stay on track for the targeted 2030 migration date to post-quantum encryption, many organizations should be aiming to complete their cryptography asset inventory by the end of 2026, according to Saylors.<\/p>\n<p>After that, the planning and performing of replacements for encryption systems can get underway \u2014 \u201cand then you should be good by 2028-2029,\u201d he said.<\/p>\n<p>The work is not done at that point, however, experts said.<\/p>\n<p>        Supply Chain Considerations<\/p>\n<p>Among other things, the post-quantum preparedness of vendors and supply chains will need to be assessed as well, said Naasief Edross, chief security strategist at World Wide Technology, No. 9 on CRN\u2019s Solution Provider 500 for 2025.<\/p>\n<p>\u201cNo amount of work that a customer does [on post-quantum encryption] will hold the security fabric together, if a supplier that they use is not going to do that,\u201d Edross said.<\/p>\n<p>For example, if an organization transfers their data to a supplier \u2014 but the supplier hasn\u2019t transition to quantum-resistant encryption \u2014 \u201cthen my data that\u2019s transferred out of my walls, that was secure, is now vulnerable,\u201d he said.<\/p>\n<p>Therefore, \u201cyou have to ask the question of your vendors, of your suppliers \u2014 \u2018How are you dealing with getting to quantum-safe levels of encryption?\u2019\u201d Edross said.<\/p>\n<p>        Coming To Contracts?<\/p>\n<p>Eventually, the shift to post-quantum encryption may be obligatory for organizations if only for the sake of winning or keeping business with clients, experts told CRN.<\/p>\n<p>While it\u2019s still a bit early for quantum-resilient cryptography to become part of due diligence and contractual processes, this is certainly a possibility for the future, according to Edross.<\/p>\n<p>\u201cI think that it could show up on security questionnaires,\u201d he said. \u201cA facet of the security questionnaires could be, \u2018Tell us what you\u2019re doing to get to quantum-resistance.\u2019\u201d<\/p>\n<p>        Crucial Role For MSPs<\/p>\n<p>Given the near-universal implications from the post-quantum shift \u2014 and the likelihood of regulations and contractual obligations coming down the road \u2014 SMBs will be affected and will need to prepare like everyone else, experts said.<\/p>\n<p>In many cases, however, they will be looking to their MSPs to lead the way, according to Keyfactor\u2019s Shorter.<\/p>\n<p>The typical SMB will be \u201cexpecting that it\u2019s not their problem. It\u2019s [the MSP\u2019s] problem to fix for them, and make sure that they\u2019re moved in time to be compliant,\u201d he said. \u201cThe MSPs are going to need to be planning for that. Because by the time their customers come to them asking about it, there will be a very short timeframe that they\u2019ll have to do all of this.\u201d<\/p>\n<p>Without question, the quantum computing threat to data security is not just about the risk-averse enterprise, according to Sectigo\u2019s Soroko.<\/p>\n<p>\u201cIt is absolutely everyone. So the MSPs have a gigantic role to play here,\u201d he said. \u201cAnd what I would tell any MSP organization right now is, you are in a perfect position as a service provider to start taking overall inventory of cryptographic assets.\u201d<\/p>\n<p>        Not Just \u2018Another Y2K\u2019<\/p>\n<p>While the post-quantum cryptography shift ahead of Q-Day has drawn frequent comparisons to circa-1990s preparations for Y2K, the similarities only go so far, experts told CRN.<\/p>\n<p>Where the analogy does work is around the need for preparedness and coordination well in advance of the event itself.<\/p>\n<p>But the most obvious contrast \u2014 Y2K had a fixed date, while the timing of Q-Day may never be known in advance \u2014 is just one of many major distinctions, according to experts.<\/p>\n<p>Other differences include the fact that the post-quantum shift is likely to be far more complex and multi-faceted than the comparatively basic fixes to computer systems that were necessary to address the Y2K issue.<\/p>\n<p>\u201cThe challenge with IT and legacy software systems is that it\u2019s very hard to find where the problems might be. And there\u2019s always going to be things that aren\u2019t patched,\u201d said Kurt Rohloff, co-founder and CTO of Duality Technologies, a secure data collaboration platform provider. \u201cIf you even just look at day-to-day software patching \u2014 things are never patched fast enough.\u201d<\/p>\n<p>Additionally, while the world was able to move on from Y2K almost immediately, Q-Day could be just the beginning of the need to stay ahead of threat actors, such as hostile nation states that might develop or acquire quantum computing technology down the road.<\/p>\n<p>At IBM, which is a major developer of quantum computers (pictured above), the expectation is that encryption posture will need to be continually kept up to date as a result of ongoing advancements in the technology, according to Suja Viswesan, vice president for security and runtimes products at IBM.<\/p>\n<p>\u201cWith Y2K, once you crossed it, you were done,\u201d Viswesan said. \u201cThis time [with Q-Day], that is not the case.\u201d<\/p>\n<p>At the same time, it\u2019s certainly crucial for the preparations for Q-Day to be a top-down exercise in most organizations, as they were for the ultimately successful push to prevent a Y2K catastrophe, experts said.<\/p>\n<p>\u201cY2K wasn\u2019t solved because a bunch of people in the trenches decided to solve a big problem,\u201d Soroko said. \u201cThey were directed to do so. And the resources to do it right were put together by the people who own the risk.\u201d<\/p>\n<p>Whether that happens again, in the run-up to Q-Day, \u201cwill determine whether we\u2019re successful as a society in getting through this.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"The fact that the date of \u2018Q-Day\u2019 is unknown may ultimately be irrelevant, since post-quantum encryption is on&hellip;\n","protected":false},"author":2,"featured_media":98544,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[68071,62073,15742,62074,20207,371,72506,1510,68075,29019,68073,68076,72505,24156,111,139,69,8204,72507,37848,145],"class_list":{"0":"post-98543","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-computing","8":"tag-application-and-platform-security","9":"tag-cloud-platforms","10":"tag-cloud-security","11":"tag-cloud-software","12":"tag-cloud-storage","13":"tag-computing","14":"tag-cyberattacks","15":"tag-cybersecurity","16":"tag-cybersecurity-framework","17":"tag-data-protection","18":"tag-managed-security","19":"tag-managed-security-services","20":"tag-managed-service-providers","21":"tag-network-security","22":"tag-new-zealand","23":"tag-newzealand","24":"tag-nz","25":"tag-saas","26":"tag-security-operations","27":"tag-servers","28":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/98543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/comments?post=98543"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/98543\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media\/98544"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media?parent=98543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/categories?post=98543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/tags?post=98543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}