Right, so here’s the thing that’s keeping every CTO awake at night — and if it’s not, it bloody well should be. NIST dropped their first official post-quantum encryption standards back in August 2024, yet most enterprises haven’t begun preparing their post quantum encryption cloud infrastructure for what’s coming. We’re already halfway through 2025. Yet most enterprises are still running their cloud infrastructure like quantum computers are some distant sci-fi fantasy.
They’re not. Google’s Willow chip proved that quantum error correction works. Microsoft’s got their Majorana topological qubits running. IBM’s booking billion-dollar quantum deals. The quantum threat isn’t coming — it’s here, and it’s accelerating faster than most IT departments can spell “cryptography.”
What You’re Up Against
Let’s cut through the noise. When a sufficiently powerful quantum computer comes online (and that’s “when,” not “if”), it’ll crack RSA-2048 encryption faster than you can make a cup of tea. What is your current cloud security setup? All those nice little padlocks you see in your browser, your SSL certificates, your database encryption? They’ll become about as useful as a chocolate teapot.
The maths is brutal. Where classical computers would need billions of years to crack modern encryption, quantum machines using Shor’s algorithm could do it in hours. That encrypted customer data you’ve got sitting in AWS S3? The financial records in Azure SQL? Your Google Cloud storage buckets? All of it becomes readable by anyone with access to quantum hardware.
“But we’ve got time,” you say. “Quantum computers aren’t there yet.”
Wrong. Security works on something called the “harvest now, decrypt later” principle. Bad actors are already hoovering up encrypted data, betting they’ll have quantum capabilities before your encryption expires. If you’ve got sensitive data with a shelf life longer than five years, you’re already in the danger zone.
NIST Standards Are Live, Not Draft
Here’s what changed in August 2024 that most people missed whilst arguing about AI budgets. NIST finalised three post-quantum cryptography standards:
- FIPS 203 (ML-KEM) for key establishment
- FIPS 204 (ML-DSA) for digital signatures
- FIPS 205 (SLH-DSA) for digital signatures
These aren’t “recommendations” or “draft guidelines.” They’re proper, ratified standards. The same NIST that gave us AES encryption and SHA hashing algorithms has now given us quantum-proof replacements.
What’s more, NIST dropped IR 8547 in November 2024 — a transition roadmap that explicitly tells you which current cryptographic standards are quantum-vulnerable and what to replace them with. They’ve done the hard work of mapping old to new. No excuses for “we didn’t know what to do.”
Cloud Providers Are Moving (Some Faster Than Others)
The big three cloud providers aren’t sitting around waiting for enterprises to figure this out. They’re pushing ahead with post-quantum implementations because they know what’s coming.
Google Cloud got there first. In February 2025, they launched quantum-safe digital signatures in Cloud KMS, achieving full FIPS 204/205 compliance. They’re rolling out HSM integration for Q3 2025, and their post-quantum strategy covers everything from Cloud KMS to their networking stack.
AWS published their post-quantum migration plan in December 2024. They’re taking a three-phase approach: inventory and planning, followed by data confidentiality algorithms, then authentication and integrity. Smart approach — protect the data before you worry about the signatures. This quantum-safe strategy builds on AWS’s broader quantum computing investments through AWS Braket, creating a comprehensive quantum roadmap that covers both quantum computing capabilities and quantum-resistant security.
Microsoft Azure has been quieter, but they’re moving. Their quantum-safe roadmap ties into their broader quantum computing play, and they’re integrating post-quantum algorithms across Azure Key Vault and their identity services.
But here’s the kicker — they’re all doing this on their own timelines, using their preferred implementations. There is no standardised approach across providers. If you’re running multi-cloud (and who isn’t?), you’ve got to manage three different post-quantum strategies.
The Implementation Reality Check
Let’s be honest about what this actually means for your infrastructure. You can’t just flip a switch and go quantum-safe. This is a migration project, not an upgrade.
First up, you need to audit what you’ve actually got. Most enterprises have no bloody clue where all their cryptographic implementations are hiding. It’s not just your databases and file storage — it’s your load balancers, API gateways, microservices, third-party integrations, mobile apps, and IoT devices. Cryptography is everywhere, and most of it’s invisible until it breaks.
The NIST roadmap helps here. They’ve identified the quantum-vulnerable algorithms you need to replace:
- RSA encryption and signatures
- ECDSA signatures
- ECDH key agreement
- Diffie-Hellman key exchange
Your replacement shopping list from NIST:
- ML-KEM for key establishment (replaces RSA-OAEP, ECDH)
- ML-DSA for signatures (replaces RSA-PSS, ECDSA)
- SLH-DSA as backup signatures (hash-based, more conservative)
Crypto Agility is Your Safety Net
Here’s where most organisations get it wrong. They think post-quantum migration is a one-time switch. It’s not. It’s about building crypto agility into your systems so you can adapt when the next threat emerges.
NIST’s March 2025 guidance on crypto agility isn’t academic waffle — it’s practical insurance. Build your systems so you can swap out cryptographic algorithms without rebuilding your entire stack. Because here’s the uncomfortable truth: these first post-quantum standards might not be the final ones.
NIST is already working on additional algorithms. What happens when they find weaknesses in ML-KEM? What happens when quantum computers get powerful enough to threaten these new standards? You need systems that can evolve.
What You Need to Do Right Now
Stop waiting for perfect solutions. Start with your risk assessment. What data do you have that needs to survive quantum attacks? Customer records, financial data, intellectual property, anything with compliance requirements — that’s your priority list.
Next, audit your current cryptographic implementations. Use automated tools where you can, but expect to find surprises. That legacy system nobody wants to touch? It’s probably using RSA-1024 and hasn’t been updated since 2018.
Then, start planning your migration path. Cloud providers make this easier than on-premises, but you still need a strategy. Begin with new deployments — implement post-quantum algorithms for greenfield projects now. Then, work backwards through your existing infrastructure based on risk priority.
For hybrid deployments, you’ll probably want to run both classical and post-quantum algorithms in parallel during transition. Double the overhead, but it’s the safest approach until you’re confident everything works.
The Cost of Doing Nothing
Let’s talk numbers. Post-quantum algorithms have larger key sizes and higher computational overhead. ML-KEM keys are roughly 10x larger than equivalent RSA keys. Signatures are bigger, processing is slower, bandwidth usage increases.
But you know what’s more expensive? A quantum attack on your current infrastructure. The cost of retrofitting quantum-safe encryption after a breach is orders of magnitude higher than implementing it properly from the start.
Plus, compliance frameworks are already moving. The PCI DSS will soon mandate post-quantum readiness. GDPR fines for quantum-vulnerable encryption won’t be far behind. The regulatory pressure is building, and late adopters will face both technical debt and legal risk.
Your Next Steps
Start small and move fast. Pick one service or application and implement post-quantum encryption there. Learn from the experience. Understand the performance implications. Get your team comfortable with the new algorithms.
Work with your cloud providers. AWS, Azure, and Google all offer post-quantum implementations now. Use their managed services where possible — let them handle the complexity of quantum-safe HSMs and key management.
But don’t assume cloud providers will solve everything. You still need to understand your crypto dependencies, plan your migration timeline, and test everything thoroughly. Post-quantum encryption isn’t a drop-in replacement — it’s a fundamental shift in how we think about cryptographic security.
The quantum threat is real, it’s coming faster than expected, and the tools to defend against it are available today. The question isn’t whether you need post-quantum encryption — it’s whether you’ll implement it before or after quantum computers make your current security obsolete.
It’s time to get moving.
