Quantum threats are real — is your security ready?
Imagine a world where our most sensitive data — like bank accounts, medical records, and even government secrets — could be unlocked by an incredibly powerful machine in mere seconds. It would be like a movie in which the villain obtains the master key to all the world’s digital locks. This isn't science fiction or a spy thriller; it's the looming reality of quantum computing.
Why quantum computing threatens today's encryption
Encryption is the cornerstone of digital security and is based on mathematical problems that classical computers find extremely difficult to solve. For decades, we've relied on public-key cryptography methods such as Rivest-Shamir-Adleman (RSA) and elliptic curve cryptography (ECC), trusting that mathematical complexity would keep our data safe. But quantum computers, with their ability to perform some calculations at unimaginable speeds are set to shatter that trust.
Quantum computers harness quantum mechanics to rapidly and simultaneously solve problems that are nearly impossible for classical machines. Algorithms like Shor’s algorithm will soon enable quantum computers to dismantle current encryption standards in seconds. For comparison, these same tasks would require many millions, or even billions of years for classical computers to complete.
Quantum computing is no longer theoretical. Right now, multiple companies are working on machines that will eventually have the ability to break the cryptographic mechanisms we’ve traditionally relied on to secure modern communications. Recent breakthroughs such as Google’s Willow quantum chip, Microsoft’s Majorana 1, and Amazon’s Ocelot chip underscore the speed at which this technology is developing.
Experts predict a 10-to-15–year time horizon for the arrival of practical quantum computers is likely. But unexpected advances in quantum error correction (QEC) could potentially accelerate this timeline.
The urgent threat: "Harvest now, decrypt later"
The most immediate danger posed by quantum computing isn't theoretical or distant—it's happening now. Attackers are actively employing "harvest now, decrypt later" strategies. Once quantum technology matures, they'll decrypt this archived information, turning every sensitive piece of data captured now into a ticking time bomb.
How post-quantum cryptography defends against quantum attacks
Post-quantum cryptography (PQC) represents the strongest countermeasure to quantum threats. This suite of encryption algorithms is specifically engineered to withstand attacks from both classical and quantum computers. Instead of integer factorization or discrete logarithm problems, PQC relies on mathematically complex problems that quantum computers can’t solve easily.
The push to adopt PQC is already underway. In 2024, the National Institute of Standards and Technology (NIST) locked in standards to guide this shift, covering everything from general data encryption to securing digital signatures. One standout is FIPS 203, based on the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which establishes session keys in TLS connections to safeguard data. Meanwhile, new signature schemes are stepping in for RSA and the elliptic curve digital signature algorithm (ECDSA) to block impersonation and tampering, though they come with trade-offs like bigger sizes and performance quirks that demand a gradual rollout.
It’s urgent to migrate to post-quantum algorithms as soon as possible. Everything critical, from power grids and healthcare systems to financial networks, depends on secure data. Starting now is crucial because shifting to quantum-safe encryption is a massive effort, and upgrading everything will take time.
Building a quantum-safe future
Quantum security isn't simply about replacing outdated algorithms; it's about a strategic shift toward cryptographic agility. Successfully navigating this transformation begins with understanding your current security landscape, strategically protecting sensitive data, and fostering a culture ready for continuous evolution. Here are four foundational steps to begin your journey:
Step 1: Inventory your encryption landscape
Assess how and where your organization currently uses public-key encryption and digital signatures across all servers, networks, software, and applications. This provides visibility into potential quantum vulnerabilities.
Step 2: Secure data in transit
Protect data transmitted across networks by implementing quantum-resistant session keys. Address threats such as "harvest now, decrypt later" attacks by following evolving standards from organizations like NIST and the IETF. Thoroughly test these implementations to identify potential performance impacts or compatibility issues.
Step 3: Secure data at rest
Create a proactive strategy to safeguard stored data. Prioritize sensitive information that retains long-term value — such as intellectual property, personally identifiable information (PII), healthcare records, passwords, and strategic business data—to ensure ongoing confidentiality in the quantum era.
Step 4: Prepare for cultural change
Embed cryptographic agility into your organizational culture. Ensure systems, vendors, and partners can rapidly adapt to emerging quantum-resistant standards. Regular training, clear communication, and dedicated cross-functional teams are crucial to managing this transition effectively.
Leading the transition to PQC
I’ve always admired how Cloudflare remains at the forefront of major technological shifts. Given that security and privacy are central to our mission of helping build a better Internet, this proactive stance makes perfect sense. From pioneering Universal SSL to championing widespread TLS 1.3 adoption, Cloudflare understands the significance and challenges of these technological transformations. We recognize that the transition to quantum-resistant cryptography might be among the most impactful yet.
We understand this shift will be challenging, complex, and extensive for most organizations. Our strategy, therefore, focuses on seamless integration and swift adoption of PQC across our global network, allowing our customers to benefit immediately from our advancements.
Sites protected by Cloudflare’s Web Application Firewall (WAF) already leverage quantum-resistant security, protecting traffic in conjunction with browsers such as Chrome, Edge, and Firefox. Today, around 35% of HTTPS traffic reaching our network benefits from these quantum-resistant protections. We’ve also extended these same PQC protections to Cloudflare Tunnel, ensuring secure connections to enterprise applications and origin web servers behind Cloudflare. By combining this post-quantum Cloudflare Tunnel with the use of quantum-safe browsers, organizations can maintain robust, quantum-resistant security throughout the entire data pathway — from user endpoint to application.
Recognizing the complexity and potential costs of integrating PQC into legacy systems, our approach minimizes the need for immediate, costly system-wide upgrades. Instead, organizations can leverage Cloudflare’s network to gain immediate quantum-safe protections while strategically planning and gradually migrating to comprehensive quantum-resistant security.
As quantum technology evolves, Cloudflare remains committed to ongoing innovation, collaboration, and global standardization efforts. Our aim is clear: ensuring your data remains secure against current and future quantum threats.
The time to act is now
Quantum computing isn’t a distant possibility; it's an imminent security risk. While the timeline for quantum computers remains uncertain, change is sure to come. With NIST's planned depreciation of RSA and ECDSA by 2030, organizations must start the transition today.
Adopting a proactive, agile quantum-resistant strategy isn't merely about compliance; it's about securing your future. With Cloudflare, customers can safeguard data and position their organizations ahead of the quantum curve.
When it comes to quantum security, the time to prepare is now. Organizations that recognize the urgency and act decisively today will secure their data tomorrow.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn how to address emerging cyber security risks efficiently, with a 238% return on investment in the Forrester Consulting report The Total Economic Impact™ of Cloudflare’s connectivity cloud.
Get the report!Author
John Engates — @jengates
Field CTO, Cloudflare
Key takeaways
After reading this article you will be able to understand:
Why quantum computing threatens current encryption methods
How to protect sensitive data from quantum-enabled attacks
how to implement cryptographic agility with post-quantum encryption