What Quantum Computing Means for IT Security

Reflections from a discussion with Ingo Schubert, Field CTO, RSA Security, at Bletchley Park Trust.

Last month, I had the privilege of joining Ingo Schubert from RSA at Bletchley Park for an RSA event where we debated the implications of quantum computing for IT security.

While this post doesn’t replicate our conversation exactly, it follows the structure of our discussion. Ingo and I took different positions — he was a little more sceptical, and I was, perhaps, a bit more enthusiastic! But it was a lively exchange about one of the most transformative topics in our field.

Quantum Computing: A New Frontier

Quantum computing is moving from theory to reality. Unlike classical computers that process bits as 0s or 1s, quantum computers use qubits, which can exist in both states simultaneously. Through superposition, entanglement, and interference, they can perform certain calculations exponentially faster than even the most powerful supercomputers today.

That opens the door to extraordinary possibilities — from accelerated drug discovery to optimisation problems we’ve never been able to solve. But as always, where there is opportunity, there’s also risk — and in this case, that risk strikes at the very heart of digital trust.

Reality Check

It’s easy to get carried away with the hype. Fault-tolerant, large-scale quantum computers are still years away. The engineering challenges — maintaining qubit stability and managing error correction — are monumental.

Yet, waiting for the technology to mature before acting would be a serious mistake. The “harvest now, decrypt later” threat is already real. Adversaries are stockpiling encrypted data today, expecting to decrypt it when quantum power becomes available. The clock is ticking, even if the hardware isn’t ready yet.

What Will Be Possible

The core of the issue is Shor’s Algorithm, which allows quantum computers to factor large primes exponentially faster than classical machines. That means algorithms like RSA, ECC, and Diffie-Hellman — the backbone of today’s encryption — will be broken.

The same quantum capabilities will drive extraordinary advances in AI, data analytics, and materials science — but they’ll also reshape cyber risk. From codebreaking to vulnerability discovery, the balance between attackers and defenders is about to shift.

Impact on IT Security

The most immediate impact will be on cryptography. TLS, VPNs, PKI, blockchain, IoT — all depend on mathematical problems that quantum computers can solve in minutes, where classical computers would take millennia.

And it doesn’t stop there. Key management, digital signatures, certificates, and even firmware in embedded devices will be affected. For sectors where data must remain secure for decades — like government, finance, and healthcare — the urgency is now, not later.

NIST’s Post-Quantum Cryptography (PQC) standards are emerging, and vendors are beginning to offer hybrid crypto models that blend classical and quantum-safe algorithms. The challenge will be migration — knowing what to replace, when, and how.

Threats Today and Tomorrow

The biggest threat today isn’t a quantum computer — it’s complacency. We know that cryptographic migrations take years, and many systems in use today were built on algorithms standardised in the 1990s.

The risks ahead include:

  • Encrypted data harvested today and decrypted tomorrow.
  • Compromised digital identities as PKI trust collapses.
  • Broken blockchains and invalid digital signatures.
  • IoT and embedded systems that can’t be easily updated.

We can’t afford to treat quantum risk as “tomorrow’s problem.” By the time the capability exists, it will already be too late to start planning.

Preparation: A Call to Action

So, what should organisations do now?

  1. Inventory your cryptography — know what algorithms and key lengths are in use.
  2. Plan for agility — design systems that can adapt as standards evolve.
  3. Engage with standards bodies and vendors — align early with NIST’s PQC guidance.
  4. Educate boards and leadership — this isn’t just a tech issue, it’s strategic.
  5. Start testing hybrid crypto — it’s the bridge between today’s and tomorrow’s world.

The move to PQC is not a “crypto upgrade” — it’s one of the largest IT transformations of the next decade. It’s about safeguarding trust, privacy, and resilience in the post-quantum era.

Final Thought

Ingo and I may not have agreed on everything — he was pragmatic, I was optimistic — but we both landed in the same place:

Most organisations are still not doing enough to prepare for an existential threat to their cryptographic keys.

Quantum computing isn’t just coming — it’s already changing how we must think about security. The question isn’t if it will affect you, but when — and whether you’ll be ready when it does.

I would like to hear: What are your thoughts on the Quantum Threat?

At Burning Tree, we help organisations turn complex security challenges into clear, actionable strategies. From assessing cyber maturity to implementing post-quantum resilience and identity solutions, our experts work alongside you to strengthen defences and build lasting confidence in your security posture.

With new threats and technologies reshaping the landscape, there’s never been a better time to take stock. Contact us today at 02045 423 332 or info@burningtree.co.uk to start securing your business for 2025 and beyond.

#PostQuantumCryptography #QuantumSecurity #CyberSecurity #Encryption #DigitalTrust #QuantumComputing #InformationSecurity #RiskManagement #IAM #CryptoAgility #SecurityStrategy #PQC #BletchleyPark #BurningTree

Related Posts