With the "Store Now, Decrypt Later" threat rising, should our firm start migrating to Post-Quantum Cryptography (PQC) today? I am looking for a roadmap on how to evaluate our current SSL/TLS infrastructure against NIST’s upcoming quantum-resistant standards for our cloud-based assets.
3 answers
You absolutely need to prioritize "Crypto-Agility" now. The first step in a PQC roadmap is performing a full inventory of where encryption is used across your enterprise. Focus on long-lived data first—things like financial records or health data that need to remain secure for 10+ years. Start testing hybrid key exchange mechanisms where you combine traditional algorithms like RSA with new lattice-based schemes. This ensures that even if the new PQC algorithm is found to have a flaw, your data is still protected by the legacy layer, fulfilling current compliance needs.
That inventory sounds like a massive undertaking for a global firm. How do you propose we handle the performance overhead? Early tests show that PQC signatures are much larger than classical ones. Won't this significantly slow down our API handshakes and increase latency for our end users?
Don't panic yet, but do stay informed. NIST is still finalizing the standards. For now, focus on increasing your current RSA key lengths to 3072-bit as a stop-gap measure.
Good point, Lisa. Upgrading key lengths is an easy win. It buys us time while the hardware vendors catch up and release specialized chips designed to handle the heavier PQC math efficiently.
Kenneth, you're right about the overhead. The trick is to only apply PQC to the initial handshake or the most sensitive data packets. You don't necessarily need to encrypt every single internal microservice call with PQC yet; focus on the perimeter and data-at-rest to balance security and speed.