The Quantum Shift: Why Cloud Customers Need a Post-Quantum Strategy Today

Q-Day is a problem that has always felt like a distant threat, something for “Tomorrow Me” to worry about. Not anymore. Hardware vendor roadmaps and recent algorithmic breakthroughs have collapsed the timeline for when quantum computers can potentially break current PKI. We're looking at timetables as soon as 2028 now, maybe sooner.

If you manage sensitive IP, long-term financial records, or critical infrastructure data, this belongs on your near-term plan, especially for long-lived data.

The hardware is gaining ground faster than expected

Modern encryption, such as TLS, VPNs, digital signatures, relies on the mathematical complexity of factoring large numbers. Legacy computers struggle with this. Quantum computers running Shor's Algorithm won't.

The estimates have shifted in a way that should make people uncomfortable. Breaking 2048-bit RSA once required massive quantum systems. New research suggests it could take as few as 1,400 logical qubits in an optimized scenario. To be clear, today’s systems are nowhere near that in fault-tolerant logical qubits. The concern is how quickly the estimates and roadmaps are moving. Quantum hardware providers, like IBM Starling and Blue Jay systems, are projecting they'll have the necessary qubit counts and connectivity by 2028-2030. Those forecasts are aggressive, and vendors have incentives to project confidence; planning still needs to assume the window could tighten.

However, that's still not a comfortable margin.

Regulators see it too. FedRAMP's Policy for Cryptographic Module Selection (v1.1.0, January 2025) now emphasizes crypto agility and lifecycle management, not just one-time encryption checks. The joint guidance from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) (August 2023) tells agencies and contractors to start crypto inventories now. Canada's Cyber Security Centre has a roadmap running through the end of the decade. The European Network and Information Security Agency (ENISA) 2024 report pushes European providers toward similar goals.

Taken together, the direction is obvious: regulators are going to ask how fast you can change crypto, not just whether you use strong crypto.

Adversaries are already expected to use these strategies, and it changes how we should think about long term data.

Most teams will miss a big part of this. The damage isn’t obvious. Sophisticated adversaries aren't twiddling their thumbs waiting for quantum computers to be ready. They're running what's called a "Harvest Now, Decrypt Later" (HNDL) strategy:

While there’s no public, case-by-case proof to point to for obvious reasons, government guidance treats this as a credible risk. This applies anywhere encrypted data can be collected at scale, from internet transit to enterprise networks. This is easier to do at scale than it sounds, because adversaries do not need to pick the perfect target today. They just need volume and patience. They collect encrypted data now and store it. Later, when quantum capability catches up, they go back and decrypt what they saved.

Any data that needs to stay secret for five years or more deserves a hard look right now. Trade secrets, legal documents, patient histories. The security compromise begins the moment that data transmits, even if the breach won't be realized until later.

What to actually do about it

This is no longer a topic for the back-burner. Quantum is still an emerging risk, but long-lived data makes it worth planning for alongside today’s threats. Cloud customers with gnarly, multi-cloud dependencies need a focused approach. Here's where to start.

The quick win: move symmetric crypto to AES-256

Grover's Algorithm provides a quadratic speed-up for searching encrypted keys. That instantly reduces AES-128's effective security to 64 bits, which is completely insufficient.

Migrate to AES-256 anywhere you control symmetric encryption. Start with disk and database encryption, then VPNs. It’s a straightforward upgrade that buys you margin. It protects the symmetric layer, and it should run alongside inventory and your RSA and ECC migration plan.

Build your cryptographic inventory

Start with TLS termination points like load balancers and gateways. Then scan code repos for crypto library calls. List every service that negotiates TLS. Finally, check off-the-shelf systems that use legacy crypto under the hood, especially directory services and older authentication stacks.

Once you start pulling on this thread, the work stops being purely technical. This work gets political fast. Asset ownership is messy. Some systems cannot move quickly. Build an exception process early so risk decisions are explicit and time bound.

Start testing NIST's Post Quantum Cryptography (PQC) standards

NIST has selected the first set of Post-Quantum Cryptography algorithms. Your teams should start testing and piloting these standards now:

• ML-KEM for key exchange.
• ML-DSA for digital signatures.

PQC is still new, and the artifacts are bigger. Most teams are taking a hybrid approach, pairing a classical algorithm with a PQC algorithm during the transition so they can keep compatibility while they learn what breaks.

Migrations rarely go as planned. It’s been reported that Cloudflare saw handshake overhead and some legacy breakage when testing PQC in TLS. It has also been reported that Google’s Chrome experiments hit negotiation issues with real enterprise traffic. NIST has been blunt about the same friction points, especially certificate size growth and middleware compatibility. Pilot it in a small slice first, watch failures and latency, then expand.

Document what you learn. Those friction points become the evidence you will need later to explain the change, justify the risk decisions, and get through compliance reviews without turning it into a debate.

Update your software stack

Many tools are already PQC-ready. Organizations are just slow to adopt new versions. A tale as old as time.

Example: Recent OpenSSH releases include post-quantum key exchange options, but most environments are behind on upgrades. Adoption remains low. Evaluate similar quick-win updates in your commercial software, cloud-native tools, and operating systems.

Where Coalfire can help

At Coalfire, we see the regulatory pressure and the day-to-day complexity this creates. The scale is significant, but achievable.

We help clients by:

• Finding the crypto dependencies that actually matter first, not boiling the ocean
• Building a phased plan that fits your change windows and your audit reality
• Supporting hybrid rollout decisions so you do not break production while you migrate

The goal is less friction. When your crypto inventory, version tracking, and test results are organized, reviews move faster and debates get shorter.

The countdown isn't a reason to panic

But it is a call for deliberate action with the right partners.

Engage Coalfire if you're preparing for an imminent Federal compliance audit (FedRAMP, CMMC) and need to demonstrate a plan you can show, defend, and actually execute for PQC readiness.

We're ready to provide the clarity, strategy, and assurance to turn quantum risk into a manageable path. Contact us to discuss your PQC roadmap.