The cybersecurity industry stands on the edge of a profound transformation. For decades, encryption has quietly safeguarded the digital economy—protecting everything from financial transactions to national secrets. In today’s world where threats evolve and tech complexity grows, an organization’s network infrastructure should already check these boxes: scalable, robust, and secure. But above all, it needs to be future proof!
And when it comes to a future that is not too far away (we are talking about 10 years or less!), a real threat that besets our road ahead is none other than quantum computing. While quantum is still considered an ‘infant’ at this point – sensing that the technology is not expected to be ready anytime soon – however, the danger that it poses looms large. As cybersecurity threat actors are actively harvesting digitally encrypted content now, the idea for them is to decrypt the data later when quantum computing becomes much more advanced.
While there are many solutions put forward, the only real potential of disabling that possibility is through Post-Quantum Cryptography (PQC) – a quantum-safe solution that can ably protect our critical assets and data against quantum decryption in future. But the power lies in our hands to do something about this. Having PQC integrated into an organization’s SD-WAN architecture, for example, makes the infrastructure and its control and data planes quantum-safe, ensuring the way sites connect, authenticate, and exchange keys to remain secure. In fact, the benefit of having PQC integrated into SD-WAN is that it future-proofs the entire WAN, not just individual tunnels.
What customers get is a single, centrally managed, quantum-resilient WAN that can evolve as standards change and thereby earn their trust that sensitive data moving cross-organizations, the cloud, and data centers remain secure, even against the threat of quantum computing. Despite the public availability of resources and conversations circulating around quantum computing – which makes the topic not exactly a new kid on the block – organizations have been found holding back from taking the next steps with PQC implementation.
Key obstacles and navigational solutions
The Orange Cyberdefense Security Navigator 2026 report has identified key obstacles hindering an organization’s proactive PQC migration, which can be classified under 3 main categories below. Beyond identifying the challenges, we outline step-by-step solutions under each category as potential answers to helping organizations:
Challenge 1 – Organizational hurdle
- a) Lacking urgency and business case: Organizations do not see quantum computing as an immediate threat that makes it low on their priority list, compared to other urgent costs that they prefer budgeting for. There is also a lack of use cases or proof points in the market about the quantum threat or PQC being a tangible success that further defeats any sense of urgency.
- b) Lacking internal expertise + skills deficit: Beyond just a knowledge gap in quantum-based threats, organizations also lack skilled experts internally to implement PQC solutions.
- c) Unclear internal governance, limited collaboration with ineffective planning implementation: Without a clear PQC framework and clear transition roadmap, what organizations face is ineffective task prioritization and migration journey.
- d) Regulatory void: The pending new PQC specifics meant that organizations are forced to mandate state-of-the-art cryptography due to existing regulations.
Proposed solutions:
Some of the organizational hurdles above can be negated provided there’s willingness – if there’s a will, then there’s a way, such as:
- Engaging external PQC consultants to design the strategy and build knowledge transfer, while managing vendor relationships
- Appointing a PQC migration manager or forming a steering committee to mandate a cryptographic inventory for risk-based migration priority
- Launching training initiatives for IT and management
- Adopting recent PQC standards to meet the state-of-the-art requirement or leverage the EUCC certification for implementation guidelines
Challenge 2 – PQC immaturity
- a) Uncertain selection criteria: Given the immaturity of new PQC technology, organizations are devoid of standard implementation clarity on whether they should choose between an all-phased-out replacement or deploying a hybrid-approach when testing for reliable PQC solutions.
- b) Security + reliability concerns: Uncertainty persists on the issue of maturity and security of PQC algorithms.
Proposed solutions:
Defaulting to a hybrid PQC model with a staged rollout would buy time for organizations to gain operational insights, minimize complications before committing to a full replacement strategy, and enable the transition from non-critical areas to first ensure solution stability and reliability.
Challenge 3 – Rigid code and documentation
- a) Legacy systems (non-flexible): Legacy breeds inflexibility – and this becomes an inept constraint for systems that lack the resource to cope with larger PQC keys and intense computations.
- b) Ecosystem interdependence: Due to the interconnected nature of Public Key Infrastructure (PKI), the transition to PQC thus affects other parties including standards bodies, vendors, and certifying authorities.
- c) Lack of certified and approved components: Certified components remain limited from vendors especially in the more regulated sectors like government and finance.
- d) Lack of agility: The current systems are not flexible or agile enough to respond to new threats or that standards are slow to evolve given the intricate code changes that render complexity.
Proposed solutions
While technical challenges can’t be helped as existing IT infrastructure presents inherent rigidity, there are still ways for organizations to take things one step at a time, if extensive code modification or implementing secure cryptographic changes can seem overwhelming. Start small by:
- Implementing lightweight PQC libraries if hardware replacement is not possible or mandating PQC-capable hardware for new procurement
- Collaborating with suppliers and other regulatory / industry groups
- Prioritizing cryptographic agility that allows for algorithm swapping via simple configuration
Looking ahead
The journey toward PQC readiness is complex but essential. As quantum computing inches closer to practical reality, organizations must act proactively to safeguard their data and infrastructure. By understanding the challenges, adopting strategic phased approaches, modernizing infrastructure, and leveraging advanced network architectures and expert partnerships, organizations can navigate this transition confidently.
The future of cybersecurity depends on our ability to adapt and innovate:
- Stakeholder alignment: Important to get everyone on the same page and prepared – start by appointing a program lead, setting broad goals, and having conversations with vendors on your migration needs.
- Cybersecurity posture evaluation: To establish a comprehensive security baseline, you will need to document all assets, conduct a formal risk assessment for your priority asset list, categorize available data, and evaluate your suppliers’ PQC readiness.
- Business plan underway: This entails appointing a dedicated migration manager to oversee the transformation, conducting a cost estimate along with the timeline and scope.
- Plan execution: This is beginning of establishing a quantum-safe environment –from implementing PQC primitives for key exchange and signatures, adjusting key sizes, integrating cryptographic agility to rapid adaptation.
- Continuous monitoring: Finally, carrying out routine review following the migration, updating your cryptographic inventory, performing security audits, and staying ahead with timely system updates as a form of vigilance against constantly emerging threats.
