By Milo Sanchez| Trace3 Senior Practice Director
Quantum computing is rapidly moving from theoretical research into a practical enterprise concern. While many organizations still view Post-Quantum Cryptography (PQC) as a future initiative, security and infrastructure leaders are beginning to recognize the risk timeline has already started. The concern is no longer simply “when quantum arrives,” but whether organizations are preparing early enough to avoid long-term exposure.
One of the most significant drivers behind PQC readiness is the growing “Harvest Now, Decrypt Later” threat model. Nation-states and sophisticated adversaries are already collecting encrypted data today with the expectation future quantum computing capabilities may eventually break traditional cryptographic algorithms. Information that appears secure now could become readable years later once quantum systems mature. Trace3 offers a PQC Readiness Assessment that helps organizations understand and prepare their network infrastructure for future cryptographic threats without operational disruption.
For many CISOs and IT executives, this risk feels familiar. Organizations have faced similar moments before during major technology shifts such as cloud transformation, Zero Trust adoption, ransomware-driven segmentation initiatives, and large-scale infrastructure modernization. The lesson has consistently been the same: organizations that begin planning early maintain greater flexibility and operational stability, while those that delay are often forced into rushed and disruptive migrations later.
The challenge is especially important for enterprises that manage long-lived or highly sensitive data. Intellectual property, healthcare information, financial records, government communications, identity systems, source code repositories, and operational technology data may retain value far beyond the lifespan of today’s encryption standards. Even if quantum decryption is not immediately practical, organizations must recognize enterprise-wide cryptographic modernization is a multi-year journey.
The challenge now lies in executing that journey.
Modern cryptography is deeply embedded across enterprise environments, often in ways organizations do not fully understand or inventory today. Encryption touches nearly every major domain of modern IT operations, including remote access infrastructure, firewalls, Zero Trust architectures, SASE platforms, PKI systems, cloud connectivity, APIs, application dependencies, DevOps pipelines, storage systems, Kubernetes environments, and operational technology networks.
Many organizations already struggle with fragmented visibility across these environments. Legacy systems, undocumented application dependencies, inconsistent certificate management, and aging infrastructure create operational complexity long before PQC enters the discussion. Quantum readiness introduces additional urgency because organizations must now evaluate whether existing cryptographic strategies can adapt fast enough as standards evolve.
This is why Trace3 and Fortinet are approaching PQC readiness as a broader enterprise transformation initiative rather than a simple security upgrade.
The first priority is visibility. Before organizations can modernize encryption strategies, they must first understand where cryptography exists throughout the environment and identify where long-term exposure may reside. This includes discovering vulnerable algorithms, identifying certificate dependencies, evaluating third-party application support, and understanding where sensitive data may already be vulnerable to future decryption scenarios.
From there, organizations must focus on building crypto-agility.
Crypto-agility refers to the ability to adapt cryptographic systems as standards, algorithms, and security requirements evolve. Rather than treating encryption as static infrastructure, organizations need architectures capable of transitioning algorithms, updating certificates, modifying trust relationships, and evolving key management processes without creating major operational disruption.
For many enterprises, this represents a major architectural shift. Historically, cryptography has often been deployed once and rarely revisited until systems reached end-of-life. PQC readiness changes that mindset entirely. Future-ready organizations must assume cryptographic standards will continue evolving and design environments capable of adapting over time.
This is where Fortinet provides meaningful differentiation.
Fortinet’s integrated Security Fabric approach helps organizations implement encryption modernization consistently across networking and security environments instead of relying on disconnected point products. By integrating controls across firewalls, SD-WAN, SASE, Zero Trust, cloud security, and data center environments, organizations can reduce operational fragmentation while improving policy consistency during cryptographic transition efforts.
Performance is another major enterprise concern surrounding PQC adoption. Quantum-resistant cryptographic algorithms often require increased computational overhead, which can impact latency, throughput, and scalability if environments are not designed appropriately.
Infrastructure and operations leaders already face pressure to support AI workloads, distributed applications, east-west traffic growth, and increasingly complex hybrid environments. Security modernization cannot introduce unacceptable performance degradation or operational bottlenecks.
Fortinet’s ASIC-accelerated architecture helps address this challenge directly. Purpose-built SPU acceleration enables organizations to support evolving encryption strategies while minimizing many of the performance impacts associated with software-only cryptographic processing.
However, enterprise quantum readiness extends beyond networking and security infrastructure alone.
Development teams must begin evaluating software libraries, APIs, and CI/CD pipelines for cryptographic exposure. Identity teams must assess future impacts to PKI systems, federation models, and authentication architectures. Infrastructure teams need visibility into cloud-native environments, virtualization platforms, storage systems, and application dependencies that may require future modernization.
This is why PQC readiness cannot operate in silos.
Organizations that begin planning now will be far better positioned to navigate future regulatory requirements, evolving cryptographic standards, and the operational realities of enterprise-wide cryptographic migration. More importantly, they will build a more resilient and adaptable security foundation capable of supporting the next generation of enterprise computing.
Beyond preparing for quantum computers, PQC readiness is ultimately about reducing long-term enterprise risk, improving operational resilience, and ensuring organizations remain adaptable as the security landscape continues to evolve.
If you're unsure where your organization stands, we can help. Reach out to your Trace3 representative or find us at Trace3.com.
Camilo “Milo” Sanchez is a U.S. Marine Corps Veteran and seasoned technology leader with over 25 years of experience driving innovation across networking, cybersecurity, and enterprise infrastructure. As a Senior Practice Director for Security & Networking at Trace3, Milo defines national go-to-market strategies, oversees technical excellence, and leads cross-functional teams delivering next-gen solutions, digital transformation, and innovative client outcomes.