Secrets & Machine Identity / PQC
Key Questions
What are the key US executive order requirements for post-quantum cryptography migration?
New executive orders mandate a 2027 pilot migration and creation of cryptographic bills of materials. They also address gaps in data-in-use protection alongside CMMC, FedRAMP, and FISMA implications.
When does Microsoft plan to complete its quantum-safe transition?
Microsoft targets critical products and services for quantum-resistant cryptography by 2029, focusing on TLS 1.3, crypto-agility, and trust chains.
What does Cloudflare data reveal about current PQC adoption?
70% of human HTTPS requests use PQC key exchange, yet only 10% of origin servers support hybrid PQC, highlighting uneven readiness across the ecosystem.
Why is harvest-now-decrypt-later (HNDL) considered a critical risk?
HNDL allows adversaries to store encrypted data today for decryption once quantum computers mature, creating compliance and privacy law exposure for organizations.
How are cyber insurers responding to PQC developments?
Insurers are increasingly scrutinizing organizations' PQC roadmaps as part of risk assessments, tying coverage to demonstrated migration progress.
What approach does the database encryption migration article recommend?
It advocates re-wrapping the key hierarchy at the application layer to enable PQC without re-encrypting petabytes of data at rest.
How does the HSM market growth relate to PQC?
The hardware security module market is projected to grow at 14.7% CAGR, driven by organizations replacing cryptographic hardware to support post-quantum algorithms.
What regulatory pressures affect machine identity management?
Frameworks such as DORA and NIS2 are increasing demands for transparency and governance of non-human identities alongside PQC readiness.
PQC urgency: New US executive orders mandate 2027 pilot migration and cryptographic bill of materials; Microsoft targets 2029 transition (TLS 1.3, crypto-agility, trust chains); Cloudflare data shows 70% of human HTTPS requests using PQC key exchange but only 10% of origin servers supporting hybrid PQC. HNDL critical. Cyber insurance scrutinizing PQC roadmaps. Article 'Why Your AI Intrusion Detection System Needs Quantum-Proof Cryptography Now' highlights HNDL attack vector. HSM market report shows 14.7% CAGR driven by PQC replacement cycle. KPMG NHI article adds transparency gaps and regulatory pressure (DORA, NIS2) for machine identity management. New: 'PQC at the Application Layer: Database Encryption Migration' addresses critical gap—re-wrapping key hierarchy avoids re-encrypting petabytes, with product-by-product status table. New: Quantum legal issues article reframes HNDL as compliance risk, covering harvest-now-decrypt-later, vendor contracts, and privacy law implications—actionable for GRC. New: Post-quantum mandate analysis (EO 14409) highlights scope, CMMC/FedRAMP/FISMA implications, and critical data-in-use gap, reinforcing need for continuous encryption.