The quantum computing era is approaching faster than many anticipated, bringing a new era of cyber threats. Now is the time for enterprises to start preparing for a post-quantum future. Those who start early will save themselves the pain of having to refactor all their technologies to be quantum-safe under a looming deadline. New research from QuEra Computing found that 51% of quantum academics, scientists, and professionals believe the technology is progressing faster than they expected. Recognizing the urgency of post-quantum developments, the UK’s National Cyber Security Centre (NCSC) recently called on businesses to migrate their systems to post-quantum cryptography (PQC) by 2035.
The scale of this transformation, to meet this objective, should not be underestimated. Almost all technologies that make up our digital world—and rely on modern encryption—will become obsolete if malicious actors gain access to quantum decryption methods.
The impetus to act now
While organizations explore the possibilities of quantum computing, so too are malicious actors. One tactic gaining popularity is ‘harvest now, decrypt later’, where hackers steal encrypted data now to decrypt it once quantum capabilities are developed.
When this happens, all the secure information organizations hold, such as bank transactions, strategic documents, authentication credentials, executive emails, and cloud files, could be exposed.
Transitioning to quantum-safe methods is not optional; it is a matter of when to begin the process. Every piece of software using outdated cryptographic algorithms will need to be refactored. This is a massive undertaking. Enterprises will find the process particularly demanding due to legacy systems and complex IT environments. The earlier preparation begins, the better equipped these organizations will be when quantum threats materialize.
The year 2025 will mark a significant step forward, as more governments and enterprises begin adopting quantum-safe encryption to protect their data.
Driving strategy from a centre of excellence
Post Quantum Computing and the adoption of Post Quantum Encryption (PQE) standards and algorithms as published by NIST requires organizations to prepare ahead of time as the adoption of PQE impacts existing software and technologies currently used by organizations. Fixes and code changes are required. Updated new software frameworks, operating systems and runtime environments are required.
Establishing a Centre of Excellence (CoE) is an effective way to lead this effort.
A CoE creates a space for leaders across departments to collaborate on strategies for a post-quantum transition. By aligning teams around shared goals and priorities, organizations can begin identifying risks and planning upgrades in a coordinated way.
A good starting point is to audit current applications and infrastructure. Where are the dependencies? What major programing languages are affected (i.e. Java), What operating systems are impacted and what are the mitigations (RHEL 10 for example is the first Linux OS that fully supports PQC), What major programing and runtime frameworks are impacted (i.e. Spring) What should be prioritized for the transition? Answering these questions will provide clarity and direction.
Building a quantum-ready workforce
A CoE is equally important in addressing the existing skills gap. Across the UK, approximately 44% of businesses had basic cyber skills gaps. This gap becomes even more glaring when examining the specific capabilities required to transition to post-quantum computing.
Teams need to become familiar with post-quantum algorithms (PQE) and understand how these new quantum safe algorithm provided by NIST impact their software and infrastructure performance wise and at the code base level.
CoEs play a crucial role in leading upskilling initiatives, encouraging collaboration across departments, and supporting early pilot projects that allow teams to gain hands-on experience with new technologies.
A centralized CoE can coordinate these efforts and ensure the entire organization moves forward together.
Laying the groundwork for global standards
The effort required to build resilience in the face of quantum threats may seem daunting. The good news is that governments are beginning to recognize the quantum threat and are working towards standards for PQC. In August 2024, the US Department of Commerce’s NIST officially finalized the first set of encryption algorithms designed to withstand potential threats from quantum computers. These offer a valuable starting point for organizations looking to explore PQC options.
NIST proposed official final PQE algorithms, provides the new cryptographic standards that will be required to be adopted by all software providers and systems of all kinds. These are the new standards for encryption in PQC.
Planning for a quantum-safe future
Innovations in the quantum space are shortening the timeline for real-life use cases. Companies like IBM, Microsoft and​​ Google are at the forefront, having already launched quantum chips.
There is a risk that if the shift to PQC is accelerated, important steps could fall through the cracks. Technical, operational, and regulatory challenges are too complex to leave until the last minute. Kickstarting the shift will require cross-departmental cooperation and active leadership. This is where CoEs can help organizations drive successful strategies. Those who lead the charge towards quantum readiness will be better positioned to thrive in a new era of secure digital innovation.
The views expressed in this article belong solely to the author and do not represent The Fast Mode. While information provided in this post is obtained from sources believed by The Fast Mode to be reliable, The Fast Mode is not liable for any losses or damages arising from any information limitations, changes, inaccuracies, misrepresentations, omissions or errors contained therein. The heading is for ease of reference and shall not be deemed to influence the information presented.