Encryption , Security Strategy, Plan, Budget Now’s the time to get working on post-quantum cryptography April 23, 2026 Share By Bassam Al-Khalidi (Adobe Stock) COMMENTARY: When it comes to post-quantum cryptography (PQC), everyone has been arguing about algorithms and timelines, but most enterprises still can’t produce an accurate list of the cryptography they’re already running. Google’s announcement in late March landed as a scheduling story. Full migration to PQC by 2029, years ahead of the NSA’s 2031 benchmark and further ahead of the federal 2035 target. [ SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here . ] Microsoft now aims for 2033. Cloudflare matched Google in two weeks. The argument isn’t about deadlines. The timeline actually exposes an assumption baked into every PQC conversation: that the enterprises doing the migrating already know what they’re migrating. Most don’t. Most aren’t close. Here's an example: At RSAC 2026, one Fortune 100 enterprise shared its internal metrics publicly. Despite having a dedicated cryptography program and executive backing, the organization reported only 50% visibility into its cryptographic inventory. Rotation agility, the ability to change keys and certificates within 45 days, sat at 10%. Algorithm agility was zero. An estimated 95% of its systems were still using quantum-vulnerable cryptography. This isn’t an outlier. It’s a well-resourced organization that started early and still measuring its readiness in single digits. Most enterprises haven’t even started measuring. The blocker isn’t the algorithms NIST finalized the first three PQC standards in August 2024, ML-KEM, ML-DSA, and SLH-DSA, and added HQC in 2025. The math is done. Vendors are shipping. Hybrid PQC key exchange has been live in Chrome since 2023. Algorithm selection isn’t the issue. Teams need to still find the cryptography. Cryptography doesn’t live in one place. It’s in our PKI and CAs, our TLS terminators and load balancers. It’s in machine identities, service accounts, workload certs, IoT devices, a population of non-human identities that outnumber human users by an order of magnitude. It’s also in application code, often inside a library three imports deep that nobody on the team explicitly chose. It’s in cloud KMS configurations, HSMs, and endpoints. And it’s in long-lived secrets, root certs, code-signing keys, encrypted backups, that will outlast the people who generated them. No single tool the organization already own covers all of that. The CLM sees certificates. SBOM tooling sees software components. The key vault sees what’s in the vault. Each gives us a slice. None gives us the map. Gartner has been blunt: most IT organizations don’t know what cryptography they’re running, which applications depend on it, or who’s making the decisions. That’s not a critique of engineering teams, it’s a description of how cryptography got embedded everywhere over 20 years, quietly, without anyone being asked to keep a list. CISA reached the same conclusion from the federal side: its automated discovery strategy under OMB memo M-23-02 represents an admission that manual inventories can’t keep up, and that even today’s tools can’t reliably detect every algorithm embedded inside shipped software. What actually works Forrester’s Sandy Carielli frames the work as four moves in order: discover, prioritize, remediate, and add crypto-agility. The “order” is the whole argument. Here’s a plan: Establish a Crypto Center of Excellence early on. Gartner projects that organizations with a CryptoCoE in place by 2028 will spend roughly half as much as their peers on PQC transition. Cryptography cuts across security, infrastructure, and identity. Without a central function that holds the policy and inventory, every team solves the same problem locally. A CryptoCoE isn’t a committee: it’s the group that owns the cryptographic bill of materials and gets to say no. Make discovery continuous, not a project. A point-in-time inventory is wrong the day it’s delivered. Workloads spin up, libraries get imported, certs get issued. CISA’s guidance treats discovery as a running capability — the cryptographic analog to the SBOM most mature programs already maintain. Prioritize by risk, not convenience. Harvest-now-decrypt-later isn’t a future risk. Nation-state actors are already collecting encrypted traffic with the plan of decrypting it once the hardware catches up. The enterprises furthest ahead are scoring cryptographic assets by credential lifespan, attack surface exposure, blast radius, and dependency chains, then triaging by what actually matters, not by what’s easiest to remediate. Google itself reprioritized around authentication and digital signatures, the long-lived signing operations that validate software updates and device identity, and publicly recommended that other engineering teams do the same. Design for substitution, not a one-time swap. Post-quantum resistance is not the same as post-quantum safe. NIST has telegraphed that HQC gets finalized in 2027, with more standards to follow. Organizations planning for a single migration will end up executing two or three migrations as algorithms mature and threat models evolve. Carielli’s right about the bar for crypto-agility: when the next algorithm breaks, we can respond with a configuration change in weeks, not an architecture project measured in years. In terms of getting PQC done, published estimates run five to seven years for small enterprises, eight to 12 for mid-sized, and 12 or more for large organizations with legacy sprawl. A mid-sized enterprise starting in earnest this quarter can finish somewhere between 2034 and 2038, past NIST’s 2035 disallowance deadline, and past the point where Google and Cloudflare will have dropped classical algorithm support across significant parts of their infrastructure. The SHA-1 to SHA-2 transition took 12 years and was a smaller, cleaner problem. PQC is bigger, on a tighter clock, and colliding with the CA/Browser Forum’s move to 47-day TLS certificates in the same 2029 window — a 12-fold jump in renewal cadence that forces certificate lifecycle automation, whether our PQC work is finished or not. Google’s 2029 date doesn’t change when a cryptographically relevant quantum computer actually arrives. What changed was the planning horizon the companies operating most of the internet’s cryptographic surface area are working toward. That’s the horizon our organizations have to work toward, too. Those starting this year are starting on time. Organizations arguing about whether there’s actually a real threat are already late. Bassam Al-Khalidi, chief innovation officer, Axiad SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial. Bassam Al-Khalidi Bassam has over 20 years of experience designing and deploying identity and access management solutions across large government, enterprise, and healthcare organizations. He is an industry-leading expert in phishing-resistant authentication, CAC/PIV smart card, and PKI deployment. Related Data Security Kyber ransomware targets Windows and ESXi with post-quantum encryption claims SC Staff April 23, 2026 Cybersecurity firm Rapid7 analyzed two distinct Kyber variants deployed on the same network in March 2026. Data Security BlackBerry survey reveals government security risks from consumer messaging apps SC Staff April 22, 2026 A survey by BlackBerry Secure Communications found that 98% of security decision-makers in government and critical infrastructure across the US, UK, Canada, and Singapore use foreign-hosted platforms not designed for confidential communications. Data Security Report: FTP protocol security gaps expose millions of systems SC Staff April 21, 2026 About half of 6 million internet-connected systems using the legacy File Transfer Protocol continue to lack encryption, making them vulnerable to cyberattacks, according to SecurityWeek. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Business Continuity Plan (BCP) Data Encryption Standard (DES) Decryption Diffie-Hellman Digital Signature Standard (DSS) Emanations Analysis Encapsulation Fast File System (FFS) Full-Disk Encryption (FDE) Pretty Good Privacy (PGP)™ You can skip this ad in 5 seconds