With the rapid advancement of quantum computing, I'm concerned about the "harvest now, decrypt later" threat. How should a mid-sized firm begin evaluating its current encryption standards against future quantum threats? Are the NIST-selected algorithms ready for production use, or should we wait for more established hardware support? I'd love to hear from anyone currently performing a cryptographic inventory.
3 answers
The "Harvest Now, Decrypt Later" threat is very real for data with a long shelf life, like medical records or national secrets. NIST has finalized several algorithms like CRYSTALS-Kyber. You should start with a "Quantum Readiness Assessment." This involves identifying everywhere you use RSA or ECC and determining which data needs protection for 10+ years. You don't necessarily need new hardware yet; most PQC algorithms are software-based and can be integrated into your existing TLS stacks. Start by demanding a Software Bill of Materials (SBOM) from your vendors to see their roadmap.
Does your current infrastructure even support the larger key sizes required by most post-quantum algorithms without significant latency issues?
Focus on "Crypto-Agility." This means designing your systems so you can swap out encryption algorithms easily without a full system overhaul when standards change.
Susan's point about crypto-agility is the most practical advice here. Since the standards are still evolving, being able to update your ciphers via configuration rather than hard-coding is essential for future-proofing any security architecture against the quantum era.
Michael, that's the primary technical challenge. PQC keys and signatures are often orders of magnitude larger than RSA keys. In our testing, we found that certain legacy load balancers and older network appliances actually dropped packets because the certificates were too large for their buffers. You definitely need to perform thorough lab testing on your network MTU settings before rolling this out to production.