Cyber Security

What is the timeline for Post-Quantum Cryptography (PQC) migration for enterprise security?

JA Asked by James Wilson · 10-08-2023
0 upvotes 16,058 views 0 comments
The question

With the progress in Shor’s algorithm and quantum hardware, I’m concerned about the "Store Now, Decrypt Later" threat. When should our IT department start migrating our RSA and ECC-based encryption to NIST-approved post-quantum algorithms? Is 2026 too early to begin testing these PQC integrations in a production-like hybrid cloud environment? 

3 answers

0
JE
Answered on 15-09-2023

2026 is actually the perfect time to start your crypto-agility roadmaps. The NIST has already finalized several PQC standards like ML-KEM and ML-DSA. You don't need a quantum computer to start implementing these; they run on classical hardware. The "Store Now, Decrypt Later" risk is real for data with long-term sensitivity, like medical or government records. I recommend a "Hybrid" approach where you wrap your existing RSA/ECC keys with a PQC layer. This ensures that even if the new PQC algorithm has a hidden flaw, you still have your traditional security as a fallback. 

0
B
Answered on 22-09-2023

We started our PQC transition last quarter. The biggest hurdle wasn't the code, but the governance. Updating all our security policies to include "quantum-ready" standards took months of internal legal reviews. 

JE 23-09-2024

Exactly, Barbara. The technical swap is often easier than the organizational shift. Getting stakeholders to understand that "quantum-safe" is a 2025 priority, not a 2035 one, is the real challenge.

0
D
Answered on 18-09-2024

Will the implementation of these new NIST-approved quantum-safe algorithms significantly increase our network latency or computational overhead on mobile devices compared to our current SSL/TLS setups? 

JA 20-09-2024

David, that’s a very valid concern. Most PQC algorithms involve larger key sizes and signature lengths. For example, Kyber (ML-KEM) has a larger memory footprint than ECC. While modern iPhones and laptops can handle this easily, your IoT devices or legacy hardware might struggle. You’ll need to perform a thorough audit of your edge devices to see which ones can support the new overhead without causing a bottleneck in your data throughput.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session