Post-Quantum Cryptography: The Clock Is Ticking for Your Organization

In August 2024, NIST published the final versions of its post-quantum cryptographic standards — the result of an eight-year standardization process involving cryptographers from around the world. It was one of the most significant developments in the history of applied cryptography.

Most organizations have done nothing about it.

This week, two developments made that inaction harder to justify. *Nature* published analyses suggesting quantum computers could crack ubiquitous RSA encryption and cryptocurrency security keys before the decade is over — a timeline that is significantly more aggressive than most enterprise security teams have been planning around. And Meta published a detailed post-quantum migration framework documenting what it actually takes to execute this transition at enterprise scale. The message from both: the theoretical threat is becoming an operational one, and the organizations that wait for certainty will be the ones caught unprepared.

I understand why most organizations have not acted. Quantum computers capable of breaking current encryption do not yet exist. The threat feels abstract and distant. There are more immediate security priorities competing for budget and attention. And the technical complexity of cryptographic migration is genuinely daunting.

But here is the thing: the time to act on post-quantum cryptography is not when quantum computers can break your encryption. It is now, while you still have time to do it deliberately rather than in crisis mode.

The Harvest Now, Decrypt Later Problem

The most immediate quantum cryptography risk is not a future quantum computer breaking your encryption in real time. It is an adversary collecting your encrypted data today, storing it, and decrypting it years from now when quantum computers become capable.

This attack strategy — known as "harvest now, decrypt later" or HNDL — is not theoretical. USA Today reported this week that threat actors may already be collecting encrypted data from organizations across multiple sectors. Intelligence agencies and sophisticated nation-state actors are almost certainly executing this strategy against high-value targets right now. Any organization that handles data with long-term sensitivity — healthcare records, financial data, intellectual property, government information, legal communications — should assume that encrypted data being transmitted today may be decrypted in the future.

The window between now and when quantum computers can execute this decryption is uncertain, but the *Nature* research published this week puts credible estimates at the aggressive end of the range. That is not a comfortable margin when you consider the complexity of cryptographic migration at enterprise scale.

What NIST Actually Published

The NIST post-quantum cryptography standards include three primary algorithms, each serving different purposes. ML-KEM (formerly CRYSTALS-Kyber) is designed for key encapsulation — the process of establishing shared encryption keys. ML-DSA (formerly CRYSTALS-Dilithium) and SLH-DSA (formerly SPHINCS+) are designed for digital signatures — the process of authenticating the source and integrity of data.

These algorithms are designed to be resistant to attacks from both classical and quantum computers. They have been extensively analyzed by the global cryptographic research community and represent the current best practice for quantum-resistant security. NIST also released a draft update to SP 800-133 this month, extending key generation guidance to post-quantum implementations — a signal that the standards body is actively pushing the transition forward.

The practical implication: any system that uses RSA, ECC, or Diffie-Hellman key exchange — which is to say, virtually every system that uses public-key cryptography — will eventually need to migrate to these or equivalent post-quantum algorithms.

What Meta's Migration Framework Tells Us

Meta's engineering blog post this week is worth reading carefully, not because most organizations operate at Meta's scale, but because it documents the failure modes and lessons learned from one of the most sophisticated engineering organizations in the world attempting this migration.

The key takeaways are instructive. First, cryptographic migration is not a single project — it is a multi-year program that requires sustained organizational commitment and executive sponsorship. Second, the hardest part is not the cryptography itself; it is the inventory and discovery work of finding every system that uses public-key cryptography. Third, crypto-agility — designing systems to support algorithm transitions without full re-architecture — is not a nice-to-have. It is a prerequisite for managing this transition without catastrophic disruption.

If Meta, with its engineering resources, found the migration complex and multi-year, organizations with smaller teams should be starting their planning now, not later.

The Migration Challenge

Cryptographic migration is not a simple software update. It is a complex, organization-wide effort that touches every system, application, and protocol that uses public-key cryptography.

For most organizations, this includes TLS/HTTPS connections, VPN infrastructure, email encryption, code signing, certificate authorities, authentication systems, and potentially dozens of custom applications with embedded cryptographic operations. Each of these requires assessment, planning, testing, and migration — and many of them have dependencies on vendors, partners, and standards bodies that are themselves in various stages of post-quantum readiness.

The organizations that will navigate this transition most smoothly are those that start with cryptographic inventory: a comprehensive audit of every system and application that uses public-key cryptography, documenting the algorithms in use, the data sensitivity, and the migration complexity. This inventory does not require immediate action on every item — but it provides the foundation for a prioritized, risk-based migration plan.

What MSPs Need to Know

For managed service providers, post-quantum cryptography represents both a risk and an opportunity.

The risk is that the infrastructure you manage for clients — VPNs, remote access systems, email security, certificate management — will need to be migrated to post-quantum standards over the coming years. Clients will look to you for guidance on this transition, and being unprepared will damage your credibility as a trusted advisor.

The opportunity is that post-quantum readiness is a differentiating service that most MSPs are not yet offering. Clients with sensitive data — healthcare, legal, financial, government contractors — have genuine compliance and risk management reasons to begin post-quantum planning now. An MSP that can offer credible post-quantum assessment and migration planning is providing value that few competitors can match today.

Starting Points

You do not need to migrate everything immediately. What you need to do now is understand your exposure and begin building the capability to respond.

Start by identifying your highest-sensitivity data and the cryptographic systems protecting it. Assess your vendor ecosystem for post-quantum roadmaps — Microsoft, Google, and Cisco have all published timelines for post-quantum support. Build internal knowledge about the NIST standards and what migration will require. And treat crypto-agility as a design requirement for any new system you build or procure.

The *Nature* research this week is a reminder that the timeline is not fixed and the direction is clear. The organizations that begin this work now will have a significant advantage over those that wait until the threat is imminent. Cryptographic migration at scale takes years. The clock is already running.