Microsoft, Google, and Cloudflare Push Quantum‑Ready Deadline to 2029
Microsoft, Google, and Cloudflare have moved the quantum‑security deadline to 2029, warning that imminent "collect‑then‑decrypt" attacks make post‑quantum cryptography urgent, and outlining the industry‑wide shift, technical challenges, and recommended early‑action steps for organisations.
New Risks and Perspectives
Microsoft, Google, and Cloudflare have announced that they will move the quantum‑security deadline forward to 2029, warning that “collect‑then‑decrypt” attacks make post‑quantum cryptography urgent.
“We believe cryptography‑relevant quantum computers may appear sooner than expected, and the preparation effort is massive, so organizations need to act now,” said Microsoft Azure CTO Mark Russinovich.
Russinovich explains that the transition to quantum‑safe cryptography is a multi‑year engineering effort; early planning reduces cost and risk. Microsoft’s Quantum Security Program (QSP) targets a 2029 migration of products and services to post‑quantum cryptography (PQC) within its Secure Future Initiative (SFI).
What Changes Does Post‑Quantum Cryptography Bring?
“There is no cryptographically relevant quantum computer yet, but many labs worldwide are exploring ways to build one,” noted Cloudflare’s post‑quantum expert Bas Westerbaan.
Westerbaan defines “Q‑Day” as the point when a quantum computer can break today’s encryption. He cites Google’s recent research into neutral‑atom quantum computers as an example of expanding hardware approaches.
Current public‑key algorithms such as RSA and ECC rely on the difficulty of integer factorisation and discrete logarithms, which Shor’s algorithm could break. Post‑quantum candidates based on lattice or hash‑based constructions remain hard for quantum attackers.
Google security VP Heather Adkins and cryptography lead Sophie Schmig state that development and product integration for PQC are already underway, with Android 17 integrating ML‑DSA signatures that meet NIST standards.
Now People Face the Threat of “Collect‑Then‑Decrypt”
Certes CTO Simon Pamplin warns that most organisations lack visibility into where encryption is used across applications, infrastructure, legacy systems, and data flows, and that “collect‑then‑decrypt” threats are already being stockpiled by state‑level actors.
“The real driver is not just hardware progress but the strategic threat of data being harvested now and decrypted later,” Pamplin says.
He argues that waiting for a specific deadline (2027, 2029, or 2030) is irrelevant because data collection continues regardless of compliance timelines. Organisations should create and maintain a dynamic encryption asset inventory to prioritise modernisation.
Don’t Wait Until 2026, Act Now
The article concludes that the quantum era will intersect with AI, and that the next steps are uncertain but urgent, urging architects and engineers to design for cryptographic agility now rather than reacting later.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
21CTO
21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
