The cloud's role in PQC migration

How cloud can meet PQC migration challenges

Various PQC algorithms have been around for decades, all of which suffer performance, key size and security tradeoffs. In late 2024, NIST finalized the first Federal Information Processing Standards for PQC algorithms. These aim to improve interoperability and drive adoption.

"Cloud hyperscalers are moving in the right direction, offering PQC-ready services in key areas like [Transport Layer Security], VPNs and key management. But, right now, it's more about experimentation and readiness testing than full-scale enterprise deployment," said Mukesh Ranjan, vice president at Everest Group.

Across all the scenarios, the cloud can be useful in isolating PQC risks, testing hybrid crypto models and validating interoperability across systems. Cloud-native systems will be the most straightforward for PQC migration because of their centralized nature. However, this remains a complex endeavor since numerous crypto systems are spread across each cloud service.

"It's the best environment to run controlled pilots before scaling changes across the enterprise," Ranjan said.

Enterprises face additional risks and complexities in PQC migration efforts for legacy, on-premises and embedded systems. On-premises support is mostly limited to toolkits and documentation, Ranjan said. Embedded systems are lagging, often left to chipmakers and OEMs.

PQC migration challenges

PQC migration presents numerous challenges. Organizations can improve their security for the quantum era by proactively addressing these challenges.

Consider the volume of infrastructure a business uses. Each of these has its own crypto implementation, often hardcoded and undocumented.

"Enterprises today rely on decades' worth of infrastructure -- from mainframes and [programmable logic controllers] to cloud VMs and containerized microservices," said Rebecca Krauthamer, co-founder and CEO at QuSecure, a quantum cybersecurity vendor.

Another issue with PQC migration is the lack of standardization in implementation. For example, at the network level, some providers use post-quantum preshared keys instead of PQC directly. Ultimately, this challenge lies with software developers.

"While there is general agreement on PQC algorithms, there's no single way to apply them," said Carl Dukatz, global lead for quantum at Accenture.

The primary challenges with PQC migration are deeply rooted in the operational and architectural complexity of existing systems, Gibbons said. Some of the areas that create the most challenges are the following.

Legacy systems

Older systems often rely on hardcoded cryptographic libraries or unsupported protocols. These might not be compatible with larger key sizes or entirely new algorithm structures that PQC could introduce. Legacy systems also typically lack crypto-agility, which makes it hard to plug in PQC algorithms.

Without [visibility], any attempt at PQC migration is like flying blind.

Visibility and inventory

Enterprises often lack full visibility into where and how cryptography is used across their environments. Additionally, without a comprehensive cryptographic inventory, identifying what needs to be updated for PQC is a substantial hurdle.

"Without that, any attempt at PQC migration is like flying blind," Krauthamer said.

Dependency management

Dependencies like legacy libraries or closed source vendor software can become roadblocks. Many enterprise applications rely on third-party libraries, hardware security modules (HSMs) or external APIs that might not support PQC. Updating or replacing these dependencies can be expensive and time-consuming.

Integration and update issues

New cryptographic primitives require updates across the entire software stack, from firmware to APIs to application layers. Integration is particularly difficult in tightly coupled systems where cryptography is embedded deeply.

Common approaches exist for application development, such as using APIs or standardizing on the Transport Layer Security (TLS) cryptographic protocol. Still, there is no universal pattern or guide for building IT systems. This means that each system that requires PQC must be updated carefully and thoughtfully.

"It's the diversity and customization of solutions that make this transition challenging," Dukatz said.

Even if the business doesn't patch systems, cloud providers will likely include this in a product upgrade or new release. Otherwise, nonupdatable systems should be protected by another safety measure.

"Creating and deploying these updates takes time, and each step requires education and testing," Dukatz said.

Cloud provider options

Dukatz shared that many cloud providers have begun providing their customers with access to PQC. In fact, AWS, Google and Cloudflare rolled out prestandardized PQC schemes before the NIST standards.

However, this doesn't mean that these providers are selling the same offerings.

"Each cloud provider is following a slightly different path to the same goal, and this differentiation fosters innovation," said Dr. Ja-Naé Duane, academic director at Brown University School of Engineering and MIT Research Fellow.

Consider the following PQC offerings from AWS, Google and Cloudflare:

• AWS. AWS provides PQC support for its Transfer Family service to securely move data to and from its cloud. It is taking a phased approach, focusing first on TLS connections and core libraries, like AWS Libcrypto, to secure data in transit across internet-facing services.
• Google. Google uses key encapsulation mechanisms to protect against steal now, decrypt later attacks. It is also heavily investing in cryptographic services, like Cloud Key Management Service (KMS) and Cloud HSM.
• Cloudflare. Cloudflare secures over 35% of its human-generated internet traffic connected to its networks. It is providing immediate quantum-safe tunnels for TLS traffic without requiring customers to upgrade individual libraries.

Dukatz said different ways of accessing the cloud can also lead to different experiences for users upgrading to PQC. For example, with SaaS, most users can upgrade to PQC transparently, as major web browsers already enable these protections. PaaS providers can update their base images and key management capabilities so that users have PQC packages when they deploy new systems.

"However, it's still the customer's responsibility to bring on and enforce these updates, which can be just as complex as an on-premises PQC upgrade," Dukatz said. The same patterns apply to embedded systems managed by the cloud.

3 migration support areas

While cloud-native environments are getting better support first, the transition for on-premises and embedded systems will require more custom work and longer timelines. Gibbons said that cloud service providers (CSPs) are largely focusing on three strategic areas to help enterprises use the cloud to support migration efforts:

1. Cloud-native support. For workloads running in the cloud, CSPs are introducing PQC support through their managed services, such as TLS in load balancers, KMS integrations and secure storage. These are often easier to update and provide the quickest path to PQC readiness.
2. Hybrid and on-premises support. Recognizing the hybrid nature of many enterprises, CSPs are beginning to offer toolkits and SDKs that extend PQC support to on-premises systems. Microsoft's open source PQCrypto-VPN and AWS' integration of PQC into TLS libraries like s2n are examples of this cross-environment strategy.
3. Embedded systems and edge devices. The edge could also play an important role in supporting migration efforts using local cryptographic processing, supporting a gradual transition and firmware and cryptographic update distribution. Support here is still in early development. Cloud providers are collaborating with hardware manufacturers and IoT vendors to test and validate lightweight PQC implementations. Google and Microsoft are contributing to open standardization efforts to ensure compatibility in constrained environments.

Where should you start?

Organizations should start with a cryptographic asset inventory, evaluate their risk exposure to quantum threats and collaborate closely with CSPs to implement early-stage protections and transition pathways.

Dr. Ali El Kaafarani, CEO of quantum security vendor PQShield, recommended enterprises speak to their cloud providers to understand the crypto roadmap for each service. Major providers, like AWS, Microsoft and Google, have clear transition plans and can help businesses prepare theirs.

I would encourage leaders to think of what types of fast experimentation they can do in cloud environments to prove PQC capabilities can work before deploying.

Karl Holmqvist, founder and CEO at identity security vendor Lastwall, recommended enterprises explore how cloud infrastructure can be used as a low-risk sandbox environment to pilot PQC transitions. This can help understand performance impacts or interoperability issues before broad enterprise deployment.

"I would encourage leaders to think of what types of fast experimentation they can do in cloud environments to prove PQC capabilities can work before deploying," he said.

Ultimately, the decision-making and strategic initiatives necessary to undergo migration must come from knowledgeable teams invested in the success of their business.

"While cloud providers are beginning to offer tools and services to support PQC migration, the road ahead requires strategic planning, technical agility and collaboration across IT, security and business teams," Gibbons said.

George Lawton is a journalist based in London. Over the last 30 years, he has written more than 3,000 stories about computers, communications, knowledge management, business, health and other areas that interest him.