# Post Quantum Cryptography: Preparing for the Quantum Computing Threat
Somewhere in the world, someone is recording your encrypted network traffic right now. They cannot read it today. But they are storing it, waiting.
When quantum computers become powerful enough, that stored traffic becomes readable. This is not science fiction.
## Understanding the Quantum Threat
Current encryption relies on mathematical problems that classical computers cannot solve efficiently. RSA security depends on the difficulty of factoring large numbers.
Quantum computers work differently. Shor's algorithm, running on a sufficiently powerful quantum computer, solves these problems quickly.
## What Post Quantum Cryptography Provides
Post-quantum cryptography uses different mathematical foundations. Problems that quantum computers cannot solve efficiently.
**NIST standardised** the first post-quantum algorithms in 2024. CRYSTALS-Kyber provides key encapsulation. CRYSTALS-Dilithium provides digital signatures.
**Hybrid approaches** combine classical and post-quantum algorithms. Traffic protected by both remains secure even if one algorithm proves weaker.
## Assessing Your Exposure
**Data confidentiality over time** matters most. Information that loses sensitivity quickly needs less concern.
**Inventory cryptographic dependencies.** Where does your organisation use encryption?
**Long-lived assets** face greatest risk. Devices with fifteen-year lifespans require attention now.
## Practical Steps Now
**Inventory and prioritise.** Identify where cryptography is used and how long protection matters.
**Enable cryptographic agility.** Systems that hard-code specific algorithms are difficult to migrate.
**Test hybrid approaches.** Begin experimenting with hybrid TLS.
If your organisation needs help preparing for post-quantum cryptography, contact us through our contact page.
## What “Harvest Now, Decrypt Later” Means
Attackers can capture encrypted traffic today and store it. When sufficiently powerful quantum computing becomes available, some currently safe public-key algorithms may be broken, allowing historic traffic to be decrypted. This matters for data with a long confidentiality life: contracts, health records, intellectual property, and government data.
## Practical Preparation Steps
1. **Inventory cryptography**: where do you use RSA/ECDSA? TLS termination, VPNs, code signing, SSH, PKI, HSMs. 2. **Upgrade agility**: ensure you can change algorithms without re-architecting (crypto-agility). 3. **Track standards**: focus on NIST PQC standardised algorithms and vendor roadmaps. 4. **Plan for dual-stack**: many environments will run classical + PQC hybrids for a transition period.
## Where to Start in Enterprise IT
- **TLS endpoints** (reverse proxies, load balancers)
- **PKI and certificate lifecycle**
- **VPN and remote access**
- **Code signing pipelines**
Treat PQC as a multi-year migration programme, not a one-off upgrade.
## What “Harvest Now, Decrypt Later” Means
Attackers can capture encrypted traffic today and store it. When sufficiently powerful quantum computing becomes available, some currently safe public-key algorithms may be broken, allowing historic traffic to be decrypted. This matters for data with a long confidentiality life: contracts, health records, intellectual property, and government data.
## Practical Preparation Steps
1. **Inventory cryptography**: where do you use RSA/ECDSA? TLS termination, VPNs, code signing, SSH, PKI, HSMs. 2. **Upgrade agility**: ensure you can change algorithms without re-architecting (crypto-agility). 3. **Track standards**: focus on NIST PQC standardised algorithms and vendor roadmaps. 4. **Plan for dual-stack**: many environments will run classical + PQC hybrids for a transition period.
## Where to Start in Enterprise IT
- **TLS endpoints** (reverse proxies, load balancers)
- **PKI and certificate lifecycle**
- **VPN and remote access**
- **Code signing pipelines**
Treat PQC as a multi-year migration programme, not a one-off upgrade.