Post-Quantum Cryptography: Top Questions and Practical Ways to Get Started

This IDC Perspective discusses post-quantum cryptography (PQC), top questions related to the subject, and practical ways to get started with it. Content-focused data security is without doubt critical for current objectives, including adhering to privacy regulations and securing GenAI initiatives. However, building trust with customers, partners, and employees means that data security has to also ensure the integrity of that data throughout its life cycle. This requires maintaining a comprehensive inventory of cryptographic identity assets and keeping current on the algorithms that will keep data protected. While quantum computers cannot be used for decrypting encryption algorithms yet, this does not mean that organizations are protected from cybercriminals that are stealing data now to decrypt later. The risk is imminent. Transitioning the enterprise architecture to PQC will take time, planning, and preparation. However, organizational data may already be the target of cybercriminals."The risks to data posed by quantum computing are very real. While true threats will likely manifest in several years when quantum computing is more mature, the transition to post-quantum cryptography will take time. Planning and preparation in the short term will ease the transition and pave the way for a more resilient infrastructure," says Jennifer Glenn, research director, Information and Data Security at IDC."The era of useful quantum computing is here. Organizations currently leverage quantum annealers to solve some business optimization problems. Advancements in error correction make it likely that gate-based systems will soon have some practical usage," says Heather West, PhD, research manager, Quantum Computing at IDC. "Like organizations that are experimenting with this technology to gain a competitive advantage, cybercriminals are experimenting with ways to use it to steal data. Now is the time to become quantum resistant."