COMMENTARY: The race to reliable and scalable quantum computing continues to heat up. Google last December announced Willow, its newest quantum chip, which performed the gold standard RCS quantum benchmark in under five minutes. And, in February 2025, Microsoft announced Majorana 1, the world’s first Quantum Processing Unit (QPU) powered by a Topological Core and designed to scale to a million qubits on a single chip.
While quantum computing may not be ready for primetime, these recent innovations show it’s no longer a “what if” but more of a “sooner than expected.”
Q-Day: the ability of quantum computers to break current encryption standards, may arrive earlier than what has been predicted.
To prepare for this eventuality, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) issued its final set of post-quantum cryptography (PQC) standards in August 2024 following a multi-year evaluation of quantum-resistant algorithms. NIST has encouraged computer system administrators to begin transitioning to the new standards as soon as possible.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
So, it’s definitely time for organizations to take quantum computing seriously and prepare to avoid getting caught off-guard. Organizations need to anticipate the data compromises looming from Q-Day based on decryption of readily accessible data in transit and in storage, as well as “harvest now, decrypt later” scenarios which compromise already-stolen encrypted data which, in turn, could lead to a spike in ransomware, extortion, spear phishing and other attacks.
CISOs must begin to prioritize preparation for Q-Day this year, given this known, future risk to data and the monumental tasks associated with rolling out PQC standards. In addition to migrating the infrastructure associated with encryption management, security leaders should consider proactive reduction of the data “attack surface” to lower both the migration workload and the risks associated with data bloat.
Reliance on encryption
When discussing quantum computing’s impact on security, security pros wonder whether encryption remains a reliable and viable method of data protection. The short answer: yes. But it’s a much more nuanced long answer. Encryption remains the primary means of protecting data and will remain so for years to come. As long as the algorithm remains (practically) impossible to crack, key management is sound, and the underlying infrastructure supports it, encryption still makes sense. Obfuscation remains a great strategy, as long as the data stays obfuscated.
Quantum computing promises to upend encryption’s protective barrier because it has the ability to break many of the encryption algorithms in use today, particularly those based on RSA, elliptic curve cryptography (ECC), and other methods that rely on the difficulty of factoring large numbers or solving discrete logarithms.
The arms race around quantum computing and PQC underscores the ultimately fragile nature of any single security control: no measure is ever permanent or sufficient on its own. Sound security strategy calls for diligent avoidance of single points of failure. Arguably, encryption has become that in data security.
The looming Q-Day casts a stark reminder of this reality. Security leaders must consider a layered approach to data security which includes migration to PQC standards and other controls to mitigate risks of data loss.
Data sanitization and encryption: a powerful combo
Data sanitation, or ensuring that data no longer needed gets permanently and verifiably removed has become critical to eliminating redundant, obsolete or trivial data so that unnecessary information does not get inadvertently exposed. It also supports data security by helping to prevent leakage of sensitive data and reducing the data attack surface.
Data sanitization and encryption are both essential components of a comprehensive data protection strategy. When used together, they promise to enhance security by addressing different aspects of data protection, significantly increasing the likelihood that data remains protected from unauthorized access, both during its lifecycle and when it’s no longer needed.
By sanitizing data along the way, security pros can focus finite attention and resources on the data that needs to remain protected. It also reduces the volume of sensitive data being exposed if encryption ever gets compromised, by quantum computers or other data breach methods.
Quantum computing will pose a potential risk to existing encryption methods in the years to come. However, efforts being made to develop quantum-resistant cryptographic algorithms, along with hybrid systems and quantum key distribution, still make encryption a reliable and viable method of protecting data.
While the timeline for the widespread use of quantum computers remains uncertain, it’s crucial for organizations to start transitioning now to quantum-safe encryption standards, while deploying complementary security measures such as data sanitization. This proactive approach can mitigate the risks of future data breaches, and also help ensure regulatory compliance, customer trust, and a strong cybersecurity posture in the rapidly evolving technological landscape.
Maurice Uenuma, vice president and general manager, Americas, Blancco
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
