Blog
← Back to Blog
September 20, 2025 cybersecurity

Quantum Computing Is Coming. Your Encryption Needs to Prepare Now.

Quantum computing and encryption future

Quantum computers capable of breaking RSA and elliptic curve encryption (the standards protecting nearly all internet communication) are estimated to be 5-10 years away. That sounds like a distant problem. It's not.

"Harvest now, decrypt later" attacks are already happening. Adversaries are collecting encrypted data today with the plan to decrypt it once quantum computers become available. If your encrypted data from 2025 needs to remain confidential in 2030, you have a quantum problem.

The Quantum Threat

Current encryption relies on mathematical problems that are hard for classical computers to solve (factoring large numbers, computing discrete logarithms). Quantum computers, using quantum algorithms like Shor's algorithm, can solve these problems exponentially faster.

When practical quantum computers exist:

  • HTTPS encryption can be broken
  • VPN connections can be decrypted
  • Encrypted email can be read
  • Digital signatures can be forged
  • Encrypted backups can be accessed

Why It Matters Now

Long-Term Confidential Data

Healthcare records, legal documents, financial records, all have long confidentiality lifespans. Patient data from 2025 needs to remain confidential in 2035. Current encryption may not protect it that long.

Harvest Now, Decrypt Later

Sophisticated adversaries are already collecting encrypted traffic, storing it, and waiting. When quantum decryption becomes feasible, they'll decrypt years of collected data. Think: encrypted backups sent to cloud storage, VPN traffic, HTTPS sessions.

Post-Quantum Cryptography (PQC)

NIST has standardized post-quantum cryptographic algorithms designed to resist quantum attacks. These algorithms rely on different mathematical problems that are believed to be hard even for quantum computers.

Major vendors are beginning to implement PQC:

  • Google, Microsoft, and Apple are adding PQC to their products
  • TLS 1.3 supports hybrid modes combining classical and quantum-resistant algorithms
  • VPN vendors are implementing PQC options
  • Cloud providers are offering PQC for data at rest

What Practices Should Do

  1. Inventory long-term sensitive data. What data in your practice must remain confidential for 10+ years?
  2. Ask vendors about PQC roadmaps. When will your PMS, cloud backup, email provider, and VPN implement post-quantum encryption?
  3. Prioritize PQC for long-term storage. Data at rest with long confidentiality requirements should move to PQC-protected storage when available.
  4. Plan for cryptographic agility. Your systems should be designed to switch encryption algorithms when necessary. Hard-coded dependencies on specific algorithms create future problems.
  5. Consider data minimization. Data you don't collect can't be decrypted by quantum computers. Review what data you're retaining and whether all of it is necessary.

Quantum computing sounds like science fiction. The timeline is real. Start planning now.