There’s a comfortable assumption baked into most enterprise security roadmaps: that the cryptographic foundations underpinning everything—TLS sessions, VPNs, digital signatures, key exchanges—will hold for at least another decade. That assumption is increasingly dangerous.
The conversation around post-quantum cryptography (PQC) has shifted dramatically in the past two years. What was once an academic exercise reserved for NIST working groups and university labs is now an operational concern with real deadlines, real standards, and real adversaries already positioning themselves to exploit the transition gap.
If your five-year security roadmap still treats PQC as a “future consideration” line item, it’s time to revisit that plan.
The Standards Are Final—and the Clock Is Running
In August 2024, NIST released its first three finalized post-quantum cryptographic standards: FIPS 203 (ML-KEM, a key encapsulation mechanism), FIPS 204 (ML-DSA, a digital signature algorithm), and FIPS 205 (SLH-DSA, a stateless hash-based signature scheme). A fourth standard based on FALCON (FN-DSA, FIPS 206) is currently in draft form and expected to be finalized soon. These aren’t proposals—they’re published standards ready for implementation.
This matters because it removes the last legitimate excuse for inaction. For years, organizations could reasonably argue that the standards weren’t settled, that investing in migration before finalization was premature. That argument is gone.
Meanwhile, CISA and the NSA have been increasingly direct in their guidance. NSA’s Commercial National Security Algorithm Suite 2.0 sets a timeline for transitioning national security systems to quantum-resistant algorithms, with the earliest milestones—including software signing and web browser/server updates—targeting 2025, and full transition required by 2033. Federal agencies are already required to inventory their cryptographic assets under OMB Memorandum M-23-02. If you do business with the U.S. government—or if you operate in a regulated industry that takes cues from federal policy—these timelines apply to you by extension, whether or not you’ve acknowledged them yet.
“Harvest Now, Decrypt Later” Isn’t Theoretical
The most urgent reason to act isn’t that quantum computers will break your encryption tomorrow. It’s that adversaries are already collecting your encrypted data today, banking on the ability to decrypt it once quantum capabilities mature. This is the “harvest now, decrypt later” (HNDL) strategy, and it’s not speculative—CISA’s own post-quantum cryptography guidance explicitly warns that threat actors are harvesting encrypted data now for future decryption, and multiple congressional testimonies from intelligence officials have reinforced that nation-state actors are actively engaged in this collection.
Think about the data flowing across your networks right now. Financial transactions, intellectual property, M&A communications, health records, defense-related correspondence, strategic plans. How much of that data retains its value for five years? Ten? Twenty?
If the answer is “a lot”—and for most enterprises in regulated industries, it is—then your encrypted traffic is already a target for collection by nation-state actors with long time horizons. The data doesn’t need to be decrypted today to cause catastrophic harm in 2032.
PQC migration isn’t about protecting against a future threat. It’s about protecting data that is already exposed to a present one.
Why Migration Takes Longer Than You Think
Even organizations that recognize the urgency often underestimate the complexity of migrating to post-quantum algorithms. This isn’t a software patch. It’s a fundamental change to the cryptographic primitives that touch nearly every system in a modern enterprise.
Here’s where the timeline gets uncomfortable:
- Cryptographic asset discovery is harder than it sounds. Most organizations don’t have a comprehensive inventory of where and how cryptography is used across their environment. It’s embedded in hardware, firmware, software libraries, protocols, certificates, APIs, IoT devices, and third-party integrations. Finding it all is a significant undertaking by itself.
- Algorithm substitution isn’t always straightforward. Post-quantum algorithms generally have larger key sizes and different performance characteristics than their classical counterparts. ML-KEM-768 public keys, for example, are roughly 1,184 bytes compared to 32 bytes for an equivalent X25519 elliptic curve key—a difference that can break assumptions baked into protocols, packet sizes, handshake timings, and hardware constraints designed around compact classical parameters.
- Hybrid approaches add complexity. Most guidance recommends running classical and post-quantum algorithms in parallel during the transition (hybrid mode), so that security isn’t degraded if a PQC algorithm is later found to be flawed. This doubles the cryptographic workload and complicates implementation across the stack.
- Vendor and supply chain dependencies are real. You can’t migrate faster than your vendors can update their products. If your firewall vendor, your HSM provider, your cloud platform, or your ERP system hasn’t implemented PQC support, you’re blocked—or you’re looking at replacements.
- Testing and validation take time. Cryptographic changes need rigorous testing. Interoperability testing, performance testing, regression testing, compliance validation. Rushing this process invites the kind of subtle failures that create security gaps rather than closing them.
Large-scale migrations of this kind—touching infrastructure, applications, and third-party dependencies—routinely take three to five years even when organizations start with a clear plan. If you haven’t started yet, your five-year roadmap is already behind.
What to Do Now
The path forward isn’t panic. It’s structured action, starting immediately. Here’s what that looks like in practice:
- Conduct a cryptographic inventory. You can’t migrate what you can’t see. Identify every instance of cryptographic use across your environment—algorithms, key lengths, protocols, certificates, libraries, hardware modules. This is the foundation of everything that follows.
- Classify data by sensitivity and lifespan. Not all data faces equal HNDL risk. Prioritize migration for data and communications with long confidentiality requirements: trade secrets, defense information, health records, financial data, strategic plans.
- Assess your vendor ecosystem. Determine which of your critical vendors have PQC roadmaps and which don’t. This will shape your migration sequencing and may inform procurement decisions sooner than you expect.
- Start with high-risk channels. Focus initial migration efforts on VPNs, TLS connections carrying sensitive data, and key management infrastructure. These are the channels most exposed to HNDL collection.
- Plan for hybrid cryptography. Implement hybrid classical/post-quantum schemes where possible, as recommended by NIST and NSA guidance. This provides quantum resistance while maintaining a fallback if any PQC algorithm is compromised.
- Build internal expertise now. PQC migration requires specialized knowledge that most security teams don’t yet have. Invest in training, or bring in partners with deep cryptographic and infrastructure expertise, before demand for that expertise outstrips supply.
The Roadmap Problem
The deeper issue here isn’t technical—it’s organizational. Five-year security roadmaps are built on assumptions about the threat landscape, the technology landscape, and the regulatory landscape. When all three shift simultaneously, as they have with PQC, the roadmap doesn’t just need updating. It needs rebuilding from revised assumptions.
In our assessments, organizations consistently find that PQC readiness isn’t a single line item—it’s a thread that runs through data protection, network architecture, cloud security, vendor management, compliance, and governance. It touches everything.
That’s precisely why Plurilock offers Post-Quantum Cryptography Readiness Assessments—to help organizations understand where they stand today, what their actual exposure looks like, and what a realistic, prioritized migration plan should contain. We’ve found that the organizations in the best position aren’t the ones with the biggest budgets. They’re the ones that started with an honest accounting of their cryptographic dependencies and built a plan around what they actually found.
If your current roadmap has PQC penciled in for 2028 or 2029, ask yourself a simple question: will the data you’re transmitting today still matter in 2033? If the answer is yes, your timeline isn’t early enough. ■
Key Takeaways
-
NIST finalized its first three post-quantum cryptographic standards in August 2024, eliminating the last justification for delaying migration planning
-
Nation-state adversaries are already harvesting encrypted data today under “harvest now, decrypt later” strategies, meaning sensitive data transmitted now is exposed to a present—not future—threat
-
NSA’s CNSA 2.0 timeline targets initial PQC milestones as early as 2025, with full transition required by 2033—timelines that extend to government contractors and regulated industries
-
PQC migration is far more complex than a software update: larger key sizes, hybrid cryptography requirements, vendor dependencies, and the need for comprehensive cryptographic asset discovery routinely push timelines to three to five years
-
Organizations that haven’t begun a cryptographic inventory and data classification exercise are already behind, regardless of what their current security roadmap says
-
The most prepared organizations aren’t those with the largest budgets—they’re the ones that started with an honest assessment of their cryptographic dependencies and built a prioritized migration plan from there
Is your organization ready for the post-quantum transition? Plurilock’s PKI and cryptographic infrastructure services help organizations inventory cryptographic assets, assess quantum-readiness gaps, and build realistic migration plans before adversaries can exploit the transition window. Contact us to start your Post-Quantum Cryptography Readiness Assessment today.
