How Organizations Can Make a Successful Transition to Post-Quantum Cryptography (PQC)

The Quantum Era is fast approaching—and the eventual threat is no longer a distant concern: quantum computers will change our digital world because algorithms like Shor's break the public-key cryptography that currently underpins digital security. 

The most immediate danger isn't that a quantum computer will appear overnight. It's the "Harvest Now, Decrypt Later" (HNDL) attacks that are likely already happening. Malicious actors are siphoning off encrypted data today: they can store it and wait for the day a quantum computer can unlock its secrets. For data with a long shelf life—trade secrets, government intelligence, healthcare records, financial data—the vulnerability is present now. 

The good news is that the path forward has become clearer. 

Now that standards bodies like the National Institute of Standards and Technology (NIST) have finalized their initial standards for Post-Quantum Cryptography (PQC), the time to plan, inventory, and act is now.

So what steps should your organization take for a successful transition? Here is a practical, four-step guide with recommendations to building your quantum-resistant future.

1. Plan and Adopt a Quantum-Safe Strategy

A successful migration doesn't happen by accident: it requires a deliberate, top-down strategy. Without a plan, efforts will be fragmented, incomplete, and ultimately ineffective. 

Use a hybrid cryptography approach

• A "rip and replace" strategy is too risky. A hybrid approach combines a classic, proven algorithm (like ECDH) with a new PQC algorithm like ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism — finalized by NIST in FIPS 203). ML-KEM is  a leading PQC algorithm designed to secure digital communications against future attacks by quantum computers.
• A session key is generated using both the classical and PQC algorithms, meaning an attacker would need to break both to compromise the connection. This provides a safety net, ensuring security against both classical attackers today and quantum attackers tomorrow, while also hedging against any unforeseen weaknesses in the first generation of PQC algorithms.

Organizations should adopt NIST-recommended PQC algorithms

Relying on standardized, peer-reviewed algorithms is non-negotiable. Organizations like NIST, ISO, and ETSI have subjected these algorithms to years of intense global scrutiny. Adopting them ensures you are implementing the most secure, vetted options available and guarantees interoperability with the broader ecosystem of vendors, partners, and customers who are also making the transition.

Update your internal security and acquisition standards

Strategy must be codified into policy. By explicitly requiring PQC in your organization’s cybersecurity, data security, and vendor procurement standards, you create a powerful forcing function. This ensures that all new software, hardware, and cloud services are evaluated for quantum readiness from day one, preventing the continued growth of your cryptographic debt.

Assign clear ownership

Without accountability, even the best plans fail. The PQC transition is a complex, cross-functional initiative that will touch nearly every part of the business—from IT and security to application development, legal, and supply chain management. Designating a specific leader or a dedicated team creates a center of gravity for the project, ensuring coordination, driving progress, and providing a single point of contact for executive leadership.

2. Inventory Your Cryptographic-Dependent Assets

You cannot protect what you don't know you have. This discovery phase is the foundation of your entire migration effort.

Inventory all cryptographic algorithms, keys, certificates, and protocols

This is the most critical first step. Your organization uses cryptography in thousands of places you might not expect: web servers (TLS), VPNs, SSH connections, code signing, secure boot processes, IoT devices, and internal applications. A comprehensive inventory—often called a Crypto-Bill of Materials (CBOM)—is the only way to understand the true scale of your quantum vulnerability.

Prioritize IT assets vital to business operations

You can't fix everything at once. A risk-based approach is essential. Start by identifying your "crown jewels"—the systems that, if compromised, would cause the most damage to your business. This includes systems managing financial transactions, sensitive intellectual property, customer PII, and critical operational controls. Focusing on these high-value assets first ensures you are mitigating the most significant risks immediately.

Catalog critical data at risk from HNDL attacks

This action is directly tied to mitigating the "Harvest Now, Decrypt Later" threat. You must identify data based on its required confidentiality lifespan. Does this data need to remain secret for more than 5-10 years? If so, it is a prime target for HNDL. Any data encrypted today with classical algorithms—like M&A documents, long-term strategic plans, or patient health records—must be prioritized for re-encryption or protection using PQC.

Identify where public-key cryptography is being used and mark these systems as quantum-vulnerable

This translates your inventory into an actionable roadmap. By pinpointing every instance of vulnerable algorithms like RSA, Diffie-Hellman, and ECDSA, you create a concrete list of systems, applications, and processes that need remediation. This moves the problem from an abstract concept ("we need to be quantum-safe") to a tangible project plan ("we need to update these 50 VPN gateways and these 200 web servers").

3. Implement PQC Key Exchange

The secure handshake that begins every encrypted session is a primary target for quantum attacks.

Replace or complement current key exchange mechanisms with PQC algorithms

The key exchange (e.g., RSA, ECDH) is how two parties establish a shared secret over an untrusted network. Shor's algorithm is specifically designed to break these mechanisms. By transitioning to a PQC key exchange algorithm like the NIST-standardized ML-KEM, you protect the very foundation of your secure connections. As mentioned earlier, implementing this in a hybrid mode is the recommended starting point, ensuring the confidentiality of your session data against all current and future threats.

4. Implement PQC Algorithms for Authentication

Once a session is established, you need to trust the identity of who you're talking to. That's where digital signatures come in.

Transition certificates to use PQC digital signature algorithms

Digital signatures (e.g., RSA, ECDSA) are used in certificates to prove identity and ensure integrity. A quantum computer could forge these signatures, allowing an attacker to impersonate a legitimate website, server, or software publisher. This would shatter digital trust. As PQC signature algorithms like ML-DSA (Module-Lattice-Based Digital Signature Algorithm — formally specified in the FIPS 204 standard) become widely available from certificate authorities, you must begin the process of replacing your existing certificates to protect against identity spoofing and man-in-the-middle attacks.

Engage in proxy optimization efforts

Pragmatism is key to a smooth transition. PQC algorithms often have larger key and signature sizes, which can impact performance and latency, especially for legacy clients or constrained networks. A modern, intelligent security proxy like the public service edge nodes of Zscaler’s Zero Trust Exchange can act as a "crypto-translator." It can establish a PQC-secured connection to a modern server while presenting a classical connection to a legacy client, and vice-versa. This offloads the heavy lifting, optimizes performance, and allows you to roll out quantum-safe protections without needing to update every single endpoint simultaneously.

The Transition to PQC Journey Starts Today

The transition to a quantum-resistant world is a marathon, not a sprint. But it is a race that has already begun. By viewing this not as a single event but as a continuous process of strategic modernization, you can turn a monumental challenge into a competitive advantage. The organizations that start planning, inventorying, and implementing these steps today will not only defend against the threats of tomorrow but also build a more resilient and secure foundation for the future.

Learn more about preparing for the quantum future: save your spot for our webinar launch event where our product experts will walk you through how Zscaler decrypts and inspects quantum-encrypted traffic with hybrid key exchange using ML-KEM.