Quantum computers threaten the foundations of modern IT security. Organizations that want to protect sensitive data over the long term must act now, explains Sebastian Hausmann, Senior Manager Solutions Engineering, NetApp.
Quantum computers are widely considered the next major technological disruption after AI. What once sounded like a distant prospect is rapidly approaching: studies project that cryptographically relevant quantum computers could become available as early as the 2030s — capable of breaking classical cryptographic algorithms such as RSA or ECC within days. This tipping point is known as Q-Day, but the real threat is already here and goes by the name “harvest now, decrypt later.” The strategy: cybercriminals and state-sponsored actors are already exfiltrating encrypted data today, intending to decrypt it later with quantum computers. Organizations that believe they still have time are fundamentally underestimating the risk.
A Narrow Window for PQC Migration
The dilemma stems from two converging realities. First, data lifecycles are long: much sensitive data must remain confidential for decades — health records in Germany for up to 30 years, contracts for up to ten years. Second, PQC migration takes time — depending on organizational size, anywhere from several years to, according to one migration study, 12 to 15 years for large enterprises. The math is clear: Q-Day minus migration lead time equals urgency — and the clock is already ticking.
Regulatory requirements, including NIS2 and the GDPR, add further pressure. Both mandate protective measures in line with the current state of the art. Germany’s NIS2 Implementation Act has been in effect since December 2025, and in February 2026, the European Commission proposed explicitly incorporating PQC into NIS2 requirements. The National Institute of Standards and Technology (NIST) finalized three PQC standards in 2024: FIPS 203, FIPS 204, and FIPS 205. Germany’s Federal Office for Information Security (BSI) recommends these approaches in its TR-02102-1 guideline and, along with 21 European partner agencies, calls for PQC adoption by 2030. Organizations that fail to incorporate quantum risks into their risk analysis today will quickly find themselves on the defensive during audits.
Storage: The Last Line of Defense
Storage has traditionally played an underappreciated role in security architecture. Yet data-at-rest encryption is the last line of defense: even if attackers bypass upstream protective measures, data remains secure — provided it is encrypted with quantum-resistant algorithms. A practical first step: self-encrypting drives (SEDs), which automatically encrypt data at the hardware level without performance overhead.
Crypto-agile key management automatically replaces legacy keys with PQC-compliant algorithms — without operational disruption. Crypto agility — the ability to exchange algorithms in a controlled manner — is not a one-time event but an ongoing organizational capability. The NIST National Cybersecurity Center of Excellence (NCCoE) has published concrete migration guidance on this topic. Storage systems that already support NIST-compliant PQC algorithms offer a fast, low-effort entry point into the migration journey.
A Structured Path to Migration
Build a crypto inventory: Transparency is the first step. Create a comprehensive list of all assets that need to be encrypted with PQC-compliant methods. This includes communication protocols such as TLS, SSH, VPN, and S/MIME; encrypted databases; backups; hardware security modules (HSMs); and cloud services — as well as third-party vendors and the supply chain. For large organizations, this inventory process alone can take years.
Prioritize risks: Use a PQC risk assessment model — such as those developed by the financial sector — to evaluate systems based on data retention period, criticality, and migration complexity. Patient records, proprietary R&D data, and personnel records should receive the highest priority, as they often require protection for decades.
Launch a storage pilot project: A backup system or data archive is an ideal starting point. Hybrid approaches that run legacy and new encryption methods in parallel also protect against conventional attacks. Lessons learned from the pilot should feed directly into the enterprise-wide rollout.
Avoiding Common Mistakes
Many organizations are waiting for better standards — yet NIST standards have been finalized since 2024. Others treat PQC as a purely IT-driven initiative, overlooking the need to involve data protection, compliance, procurement, and business units. Relying on cloud providers to solve the problem ignores the fact that data protection responsibility remains with the organization. And PQC is not simply an algorithm swap — all associated processes, training programs, and emergency response plans must also be updated.
Conclusion: Those Who Wait, Lose
Nearly half (46 percent) of German companies have yet to implement any quantum-resistant measures, according to a recent PwC study — even as attackers are already actively collecting encrypted data for future decryption. Strengthening storage as the last line of defense, building a crypto inventory, and systematically prioritizing risks: these are the three actions that matter most right now. Organizations that equip their storage infrastructure with crypto-agile key management and PQC-capable encryption today remove the value from “harvest now, decrypt later” attacks — and buy themselves the time that enterprise-wide migration will inevitably require.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de