Cloud CISO Perspectives: Prepare early for PQC to be resilient against tomorrow’s cryptographic threats

This February 2025 Cloud CISO Perspectives newsletter highlights the urgency of preparing for post-quantum cryptography (PQC). Christiane Peters emphasizes that while quantum computers capable of breaking current encryption may seem distant, the long implementation time for PQC necessitates immediate action. Two key risks are "harvest now, decrypt later" attacks and forged digital signatures. However, the biggest risk for most organizations is the lengthy PQC implementation process. PQC aims to create algorithms resistant to both classical and quantum computer attacks, similar to the Y2K effort. NIST has published quantum-safe standards with a suggested transition timeline by 2035. Google has already taken steps towards PQC implementation, including quantum-safe digital signatures in Google Cloud Key Management Service. The newsletter outlines four crucial steps for PQC preparation: developing a plan, identifying and protecting vulnerable data, anticipating system-wide effects, and learning from past experiences. Early preparation is vital to ensure a smooth transition to quantum-resistant cryptography and avoid future security vulnerabilities. The newsletter also includes updates on Google Cloud security products, threat intelligence, and podcasts.