 |
| Concept artwork about PQC generated by Google Gemini (Flash 2.5). |
The company launched World Quantum Readiness Day in 2024 as a catalyst for action, urging enterprises and governments worldwide to evaluate their preparedness for the emerging quantum era.
At DigiCert’s 2025 World Quantum Readiness Day event held on 10 September, CEO Dr Amit Sinha warned that the technology will soon trigger a breakthrough moment similar to ChatGPT: “One day you’ll wake up and realise the disruption has already happened. The big tech firms like Google, Microsoft, and AWS are racing for quantum supremacy, and the pace of advancement is staggering,” he said.
"Moving to quantum is a huge change for organisations, and whenever people and organisations are faced with a big change, they usually go through the five stages of grief: denial, bargaining, anger, depression, and acceptance. Today, 24% of organisations are still in denial about the risks of quantum computing. Our goal with the Quantum Readiness Day event is to help them move toward acceptance, because this is the year that shift must happen," said Dr Sinha at the beginning of the September 10th event.
Industry observers have echoed DigiCert's sense of urgency on PQC.
“Every month you delay the transition, the risks compound. The expense of emergency migration under pressure will far outweigh the investment of starting early,” said Lakshmi Hanspal, Chief Trust Officer at DigiCert, speaking at the event. Colin Soutar, Deloitte’s Global Quantum Cyber Readiness Lead, agreed, saying at the event: “Organisations that wait will end up paying more, financially, operationally, and reputationally.”
"Quantum computing holds enormous promise, but it also creates fundamental risk. With quantum computing comes the ability to break the encryption that secures everything from personal communications and financial transactions to healthcare data, cloud services, government systems and critical infrastructure. Algorithms like RSA and Elliptic Curve Cryptography (ECC), which underpin today’s digital security, will be rendered insecure once quantum computing technology matures," said Dr Adam Everspaugh, Cryptography Expert, Keeper Security.
Dr Everspaugh noted that criminals are already anticipating PQC. "Adversaries are already preparing for this shift with time-capsule attacks – sometimes called ‘harvest-now, decrypt-later’ – intercepting encrypted information today as it traverses the Internet, knowing that quantum computers will one day be able to unlock it. By the time those machines are operational, it will be too late to begin defences," he shared.
Kevin Bocek, Senior VP of innovation at CyberArk agreed on the urgency: “World Quantum Readiness Day serves as a stark reminder that the future isn’t as far off as we think. We’re in the midst of a once-in-a-generation change that no one can escape: the move to PQC. While quantum computers capable of breaking traditional encryption may still be several years away, the time to start preparing is now."
Machine identities
"Machine identities – the digital certificates and keys that make up the backbone of our global digital economy – will inevitably need to be replaced when quantum arrives, and securing these identities will be the linchpin for navigating this transition successfully," Bocek added.
"This means gaining visibility into what machine identities you have, where and how they are being used, and having an effective way to control and replace them with their updated quantum-resistant versions. Comprehensive governance and automated lifecycle management will be key. These investments won’t just prepare organisations for the quantum future; they’ll also strengthen resilience against immediate threats, such as outages and breaches. The question isn’t if quantum is coming; it’s who will be ready when it does.”
Software development
Yashaswi Mudumbai, Senior Director of Solutions Engineering, JFrog, a software development specialist, couched the PQC challenge in software terms. "World Quantum Readiness Day isn’t only about new algorithms. It’s about proving trust at the same speed we already ship software: fast, continuous, and across an increasingly complex ecosystem," he said.
"In the Asia Pacific region's (APAC’s) fast-growing digital economies, from Singapore’s financial hubs to India’s public digital platforms, competitiveness will hinge on integrity. That means continuous evidence and verification across the software supply chain, not just once a year during an audit."
When AI is also considered, the challenge becomes more complicated, Mudumbai said. "The convergence of AI and quantum will only make our web of dependencies more tangled. That reality highlights a bigger truth: DevOps, DevSecOps, and MLOps can no longer work in silos. A shared language of compliance and trust has to be built in, end-to-end," he elaborated.
"Quantum timelines may be uncertain, but the steps we can take today are clear:
- Know your dependencies to keep an accurate inventory.
- Adopt verifiable software bills of materials (SBOMs), so you know what’s inside.
- Rehearse cryptographic agility. Rotate keys, test migrations, and be ready for post-quantum standards.
"Readiness isn’t a project you tick off once. It’s a mindset. Anticipating risk, embracing cryptographic evolution, and embedding trust into every software release will define resilience. The future will favour organisations that treat trust not as an afterthought, but as the foundation for innovation."
Planned migration
"Quantum readiness does not mean abandoning today’s safeguards. It means continuing to strengthen cybersecurity practices like strong credential management and layered defenses, while beginning the adoption of quantum-resistant cryptography. Practical steps include assessing which systems rely on vulnerable encryption, monitoring the emerging NIST standards and planning gradual migration through hybrid approaches that combine ECC with lattice-based algorithms such as Kyber," Dr Everspaugh advised.
"On World Quantum Readiness Day, the focus should be on understanding where quantum risks intersect with existing systems, and taking steps to ensure cryptography evolves ahead of threats."
Besides Kyber, companies can consider using the first standardised PQC algorithm, ML-DSA, which was approved by NIST last year. William Whyte, Senior Director of Technical Standards at Qualcomm, explained at DigiCert's event that ML- DSA is not vulnerable to quantum attacks and predicted that the standard will become one of the most widely used alternatives to today’s RSA encryption. But Dr Taher Elgamal, cryptographer and father of SSL, cautioned at the event that organisations should not think of ML-DSA as the final solution. “The migration from RSA to ML-DSA will not be the last. Agility is the way forward,” he said.
Deepika Chauhan, Chief Product Officer at DigiCert, has outlined three practical steps for companies beginning the transition. “First, focus on creating a thorough inventory of your cryptographic assets, but don’t wait for that process to be complete before getting started. Second, assign clear owners to those assets, because ultimately they will be the ones responsible for driving the transition. And third, begin thinking about automation from the outset, as it will be critical to managing the scale and complexity of migration,” he suggested.
“Quantum computing adoption across APAC remains sporadic, but advanced markets such as Singapore are now leading the charge. As a major financial hub, Singapore is moving from readiness to leadership, positioning itself as the regional quantum-security epicentre. The goal is not simply to keep pace, but to set the standard for coordinated and resilient adoption of PQC,” added James Cook, APAC Group VP, speaking at the DigiCert event.
Explore
- Read the TechTouch Asia article about NTT Data being a finalist at the 2025 DigiCert Quantum Readiness Awards (https://techtouchasia.blogspot.com/2025/09/ntt-data-is-finalist-at-digicert.html)
- Download DigiCert's 2025 PQC for Dummies, DigiCert Special Edition at https://www.digicert.com/campaigns/pqc-for-dummies-ebook
No comments:
Post a Comment