“Harvest now, decrypt later’: an attacker collects your encrypted data today and will decrypt it as soon as he has access to a sufficiently powerful quantum computer. The risk is not theoretical; it is already a reality”.
Cryptography is the foundation of security for any digital infrastructure.
Every certificate, every TLS connection, every digital signature depends on asymmetric algorithms such as RSA or ECC. Algorithms that a sufficiently powerful quantum computer would make no longer secure.
Although less immediate than asymmetric cryptography, the threat also extends to symmetric cryptography and to all data confidentiality mechanisms.
This is not about long-term predictions. High-risk organisations managing critical infrastructure (NIS2) or exchanging data with multi-year confidentiality requirements must begin the transition now. Not because quantum computers are already available, but because the lifecycle of data and infrastructure does not wait.
As specified in Gartner Article 4 Steps Towards Post-Quantum Readiness, “most organizations lack enforceable policies, complete inventories, and crypto-agile development practices”.
Post-Quantum Cryptography (PQC) adoption is not a project, but it’s more a programme with a well defined action points.
In this article, we describe the three main operational phases of a PQC migration: environment assessment, cryptographic inventory and action plan. A practical approach, not a theoretical exercise.
Phase 1 – Understanding the environment and assessing the impact
The first mistake organizations make is to skip straight into selecting algorithms. Before making any technical decisions, it is essential to understand where cryptography is used, which assets are actually at risk, and how a breach would impact the organization.
Which data and processes are at risk?
Not all data are equally vulnerable to quantum threats. The assessment must take three aspects into account:
- Data sensitivity: personal data, confidential data, mission-critical data, intellectual property.
- Data longevity: the required duration of confidentiality implicates the urgency. Data that must remain confidential for 10 years are already at risk of ‘harvest now, decrypt later’.
- Business impact: reputational damage, financial loss, operational disruption, regulatory penalties
Which use cases, applications and devices are involved?
Cryptography is often implicitly embedded in systems. It is necessary to map out every use case — secure communications (TLS, VPN), authentication, digital signatures, data cryptography at rest, PKI models — and create a comprehensive inventory that includes:
- Custom applications and commercial software used (COTS)
- Cryptographic libraries and SDKs
- In-house CAs, HSMs, KMS systems
- IT infrastructure: servers, endpoints, network equipment, IoT, embedded systems
As referenced in the Gartner article mentioned above, it’s necessary to Mandate Crypto-Agility by Design.
For each component, it is essential to assess its crypto agility and plan the necessary adjustments to allow quick cryptography swapping.
Overlooking devices with hardware limitations or legacy firmware is one of the main risks of an incomplete assessment.
The analysis must include the roadmaps provided by vendors
Establish Enforceable Cryptography Policies and Crypto-Agility Standards
A centralized policy authority is essential for post-quantum readiness. Without it, organizations risk inconsistent upgrades, unmanaged exposure, and growing technical debt as quantum deadlines approach.
Phase 2 – Cryptographic discovery: full visibility or zero visibility
Without an accurate discovery, any migration plan is built on unstable foundations. Organizations realize too late that they have forgotten certificates, deprecated algorthms still in use on critical systems that have not been updated.
The key question at this stage is simple: which cryptography do we use today, and where?
External and internal CAs: measuring the exposure
Most enterprise organizations rely on external Certification Authorities for public services and (often) also on internal PKI infrastructures, which provide a wide range of local but extended services. For both, it is necessary to identify the certificates, the algorithms in use, renewal times and dependencies.
Public CAs will update their systems to support PQC. However, it is essential to understand dependencies on external providers in order to align their own timelines with the providers’ roadmap.
The internal CA environment, on the other hand, is the largest, most extensive and often less monitored cryptographic area. The most common issues are:
- Certificates embedded in applications or firmware, which are not actively managed.
- Ghost certificate: certificates that are in use but not monitored, meaning that any compromise goes undetected.
- Duplicate certificates: the same certificate (and the same key) used on multiple unaligned endpoints, with risks of silent exposure.
Mapping of algorithms: RSA, ECC and quantum vulnerabilities
For each component of the infrastructure, the algorithm in use — RSA, ECC, AES, SHA-1/2/3 — must be identified, along with its vulnerability assessment, compliance status and possibility of updating.
Automated discovery: the only scalable approach
A manual research is by definition incomplete and not effective. Discovery carried out using specialist tools, on the other hand, could be extremely helpful – almost a mandatory prerequisite – for obtaining a comprehensive and accurate overview and managing a large-scale cryptographic migration.
An effective Discovery process must be able to reach every part of the infrastructure, on every level (HW, SW middleware…). Only a comprehensive scan provides a true picture.
Discovery must be conducted on a continuous basis, refining configurations and improving its capabilities.
The inclusion of functions such as control dashboards and alerts on expiry dates, together with the potential introduction of the automated management of the certificate lifecycle, helps to provide an effective response to the basic need represented by Crypto Agility.
A useful incentive for adopting CLM systems is the current roadmap for SSL certificates, which provides for a progressive reduction in their validity to 47 days by 2029.
The renewal procedures required in the coming years could place a significant burden on the IT departments currently responsible for managing them. Introducing automation allows you to remove this direct burden and add efficiency measures that help prevent incidents caused by errors in managing deadlines.
Crypto Agility: the strategic objective
Crypto agility is the ability to rapidly adapt cryptographic mechanisms without interrupting operations. A robust cryptographic inventory makes this possible: it decouples applications from hard-coded algorithms, supports new cryptographic models, and reduces reliance on long-term cryptographic policies.
In a PQC migration, crypto agility enables organizations to adopt new standards as they mature, respond promptly to regulatory changes or cryptographic breakthroughs, and avoid high-impact migrations.
An integral part of crypto agility is the design of both hardware and software target systems, to allow flexibility in supporting legacy cryptography and subsequently PQC.
Phase 3 – Action plan: a controlled migration, not a ‘big bang’ approach
As in the Gartner article mentioned above, it’s then necessary to create a phased roadmap for the PQC transition. That, as shared above, is a programme not a project.
At this stage — once the assessment has been completed and the inventory is available — is it possible to draw up a realistic action plan.
The aim is to reduce quantum risk whilst maintaining business continuity.
Hybrid CA: the transition strategy
An immediate switch to PQC-only cryptography is not feasible in most enterprise environments. A hybrid approach is currently the best way to manage the transition.
Hybrid X.509 certificates are certificates that contain multiple public-key algorithms and allow the use of alternative keys and signature algorithms, as specified in Clause 9.8 of ITU-T X.509 (10/2019).
The following information is included in the certificate extensions:
- Alternative public key
- Alternative signature algorithm
- Alternative signature value
In simple terms, a single certificate with dual functionality: legacy and PQC.
The result: the use of hybrid certificates does not cause an immediate impact, and the transition allows legacy systems to maintain operational continuity until they are upgraded, whilst at the same time the new systems benefit from the protection offered by the PQC algorithms contained in the new certificates.
The use of hybrid certificates enables us to begin the transition to the new system. But let us always remember that the final goal of any infrastructure must be to use only PQC algorithms
Review of external CAs and internal PKIs
For external CAs, it is necessary to check the availability of the new hybrid certificates and validate their interoperability with internal systems.
For internal PKIs, the focus is on the compatibility of the CA software and any HSMs in use. Most vendors offer PQC-compatible CAs as part of enterprise licence purchases: mapping your requirements is the first step towards setting a realistic budget.
PQC readiness: systems, applications, processes
The PQC migration is not just about cryptography itself. It affects operating systems and middleware, cryptographic libraries, HSMs, and network and security devices. For each component, the following must be assessed: the performance impact of PQC algorithms, hardware and firmware limitations, and the vendor’s support timeline.
Note: as specified in Gartner article mentioned above, never just trust that a vendor is quantum-ready; require documentation, upgrade plans and regular status updates.
At the application level, the aim is to move from crypto-coupled applications — with hard-coded algorithms — to crypto-agile designs, featuring abstract cryptographic services and support for hybrid models. On the process side, security policies, incident response and compliance workflows need to be updated, and operational and development teams need to be trained
The availability of a test and validation environment is essential for carrying out validation tests before moving to production
Migration plan: priorities, timeline and governance
The migration must follow a risk-based prioritization model: the sensitivity and longevity of the protected data, exposure to external threats, business criticality, and system complexity.
Timelines should be structured over three macro phases: quick wins and pilot projects in the short term, hybrid adoption in the medium term, and PQC-first environments in the long term. Milestones should be aligned with vendors’ roadmaps, the evolution of standards, and the assets’ life cycle.
Continuous supervision is essential: ongoing cryptographic monitoring, policy enforcement, KPIs for migration progress, periodic reassessment of quantum risk, and auditability for stakeholders. Automated dashboards and reports allow you to certify the status of the migration objectively.
NEVERHACK: Operational Experience
No one today can truly claim to have extensive experience in the field of PQC adoption.
However, knowledge in this field and practical experience make the difference.
Neverhack has 25 years’ experience in the field of PKI systems and, thanks to partnerships with leading vendors in the sector, is already able to offer consultancy and support in this highly complex area.
NEVERHACK has already carried out practical PQC testing in enterprise environments. Specifically, in the banking sector, the group has launched and completed a Proof of Concept that included testing for:
- Customization of open-source CA with early version of PQC libraries,
- Generation of a Hybrid Root CA, including testing of the issuance and validation of hybrid certificates.
- Generation of a full PQC Root CA with certificate issuance.
- Comparative testing and analysis of results.
This experience has validated the hybrid approach as a feasible strategy in regulated enterprise environments, confirming the technical and operational feasibility of PQC migration into production.
For another organization, we are launching the first fully operational Hybrid Issuing CA in the financial sector, setting up a complex hierarchy of root CAs and sub-CAs to meet all requirements.
Is your cryptographic infrastructure ready for the quantum threat? Our experts can support you in every step of the process: from the initial assessment and cryptographic inventory, right through to the development and implementation of a migration plan.
Want to learn what Gartner says about Q-Day? Download “4 Steps Toward Postquantum Readiness” here.
