Why Post-Quantum Cryptography Is Urgent Now

The quantum computer hasn't arrived yet. The migration problem already has.

Most cloud architects and security teams I speak with have the same mental model of post-quantum cryptography (PQC): it's a future concern — something to plan for when quantum computers become a genuine threat, probably in the 2030s or beyond. There's a roadmap somewhere. Someone in the security team has a note about it. It'll be handled when the time comes.

This mental model is wrong, and dangerously so. The urgency of PQC migration has nothing to do with when a sufficiently powerful quantum computer arrives. It has everything to do with what is happening to your encrypted data right now.

The harvest-now-decrypt-later attack

Adversaries — nation-state actors in particular — do not need a quantum computer to begin their attack. They need only a packet capture and patience.

The strategy is straightforward: intercept and store encrypted network traffic today, at scale, and decrypt it retroactively once quantum capability becomes available. This is known as a harvest-now-decrypt-later (HNDL) attack, and it is not theoretical. Intelligence agencies and security researchers have documented evidence of systematic bulk collection of encrypted traffic for exactly this purpose.

The implication is critical. Any data that is encrypted today using RSA, ECDSA, or ECDH — and that will still be sensitive in 10 to 15 years — is already compromised in principle. Healthcare records. Financial transactions. State communications. Long-lived contractual data. Industrial IP. If it travels over a network today under classical cryptography, it is being collected by someone.

The question is not whether quantum computers will break your encryption. The question is whether your encryption will still matter when they do.

NIST has already acted

In August 2024, the National Institute of Standards and Technology (NIST) finalised its first post-quantum cryptographic standards. Three algorithms were standardised:

• ML-KEM (formerly CRYSTALS-Kyber) — for key encapsulation, replacing RSA and ECDH in key exchange.
• ML-DSA (formerly CRYSTALS-Dilithium) — for digital signatures.
• SLH-DSA (formerly SPHINCS+) — a hash-based signature scheme as a conservative fallback.

This is not a draft. These are published, final standards. The cryptographic community spent years evaluating them through a rigorous open competition. The standards exist. The question is whether your infrastructure is implementing them.

The migration problem is the actual problem

Here is why migration urgency matters more than quantum arrival timelines.

Replacing cryptographic primitives across an enterprise is not a software update. It is a multi-year infrastructure programme. Consider what a full PQC migration actually requires:

• Cryptographic inventory — identifying every system, service, API, and device that uses public-key cryptography. Most large organisations genuinely do not know the full extent of this.
• Certificate authority migration — enterprise PKI infrastructure running on RSA or ECC needs to be rebuilt or extended for PQC algorithms.
• TLS configuration updates — web servers, load balancers, API gateways, and service meshes all need to support PQC cipher suites.
• Hardware Security Module (HSM) compatibility — many HSMs do not yet support PQC algorithms in firmware. Some will require hardware replacement.
• Vendor and supply chain dependencies — third-party services, cloud providers, and software vendors may not yet offer PQC-capable endpoints. Waiting for them adds years.
• Testing and validation — PQC algorithms produce larger keys and signatures than their classical equivalents. Performance testing, protocol compliance validation, and regression testing take significant time.

Realistic estimates for a full enterprise PQC migration range from three to seven years depending on organisational complexity. If quantum capability arrives in 2030 — a conservative estimate from some researchers — organisations that begin today are cutting it close. Organisations that begin in 2027 are almost certainly too late for their most sensitive data.

Where to start: the wire level

The most common first step I recommend is deceptively simple: find out what is actually happening in your TLS handshakes right now.

Most organisations have no real-time visibility into which cipher suites are being negotiated across their infrastructure. They have security scanners that check for deprecated protocols, but not tools that parse live ServerHello messages to identify whether PQC key encapsulation mechanisms are present or absent at the wire level.

This is the problem that motivated me to build PQMA — the Post-Quantum Migration Analyser. PQMA performs wire-level detection of PQC readiness by parsing raw TLS ServerHello bytes in live traffic, identifying whether hybrid or pure PQC key exchange is being negotiated, and mapping the findings to formal cryptographic verification models. The goal is to give infrastructure teams an evidence-based starting point: a precise, verifiable picture of their current PQC posture before any migration work begins.

Research papers describing QTEST's detection methodology and formal verification pipeline are in preparation. I will share them here as they approach publication.

What cloud architects should do now

You do not need to wait for a full migration programme to begin. There are meaningful steps available today:

1. Conduct a cryptographic inventory. Enumerate every service, API, and internal system that uses public-key cryptography. Start with externally facing TLS endpoints — these are the easiest to assess and the most exposed.
2. Enable hybrid TLS where possible. If your web server, CDN, or API gateway supports it, enable hybrid PQC cipher suites today. This provides forward secrecy against future quantum attacks at minimal performance cost.
3. Identify long-lived sensitive data. Data that must remain confidential for ten years or more is your highest priority. This includes cryptographic keys themselves, authentication tokens with long validity periods, and any archived sensitive records transmitted over the network.
4. Audit your CA and PKI infrastructure. Understand what it would take to issue certificates using PQC algorithms. Begin conversations with your CA vendors about their PQC roadmap.
5. Track NIST guidance and ETSI standards. The standards landscape is still evolving. NIST is continuing work on additional algorithms, and regional standards bodies are producing their own guidance. Assign someone to track this actively.

The conversation we need to have

Post-quantum cryptography is still treated as a specialist topic in most cloud and security teams. It shouldn't be. The NIST standards are published. The harvest-now-decrypt-later threat is real and active. The migration timelines are long. The window for orderly, well-resourced migration is open now, but it won't stay open indefinitely.

The organisations that treat PQC migration as a 2028 problem will find themselves in 2028 facing a crisis. The ones that treat it as a 2026 problem will be in a very different position.

I write about PQC, cloud security, and infrastructure architecture here and on LinkedIn Medium. If you are working through PQC migration challenges in your organisation, I would be glad to connect.

Muhammad Ibrahim Post-Quantum Security Researcher · Cloud Architect · Head of Year at QA Higher Education · Research collaborations with Ulster, Swansea & Northumbria Universities · Microsoft Azure Solutions Architect Expert · MSc, Middlesex University London

LinkedIn Medium GitHub