Post‑quantum cryptography (PQC) is transitioning from research to early adoption. Cloudflare’s deployment is a significant step, but enterprises need to understand the broader ecosystem—including open-source libraries, cloud providers, hardware tools, and regulatory drivers—to prepare effectively.
1. PQC Momentum at Infosec Europe
At Infosec Europe 2025, Cloudflare demonstrated hybrid TLS protecting edge-to-origin traffic. Other vendors highlighted pilot solutions for internal communications and identity. Experts emphasized that practical challenges remain in performance tuning and interoperability ahead of wider adoption.
Cloudflare announces quantum cryptography beta to thwart decryption
2. Industry-wide PQC Deployments
Meta began migrating internal data-centre traffic to hybrid TLS in 2023, using X25519 + Kyber to counter harvest-now-decrypt-later attacks. This impacted billions of internal connections without disrupting legacy clients.
Mitigating Quantum Threats Beyond PQC
Microsoft has integrated PQC support in Windows Insider and Linux preview builds as of 2025. That enables developers and system builders to test quantum-resistant encryption on common platforms.
Post‑Quantum Cryptography Comes to Windows Insiders and Linux
Red Hat Enterprise Linux 10 includes PQC algorithms under Technology Preview for TLS, SSH, and Kerberos. While not production-ready, it enables early testing and discovery of integration issues.
Post‑Quantum Cryptography in Red Hat Enterprise Linux 10
3. OpenSSL 3.5 Enables PQC Everywhere
OpenSSL 3.5—now available as an LTS release—integrates NIST-approved Kyber, Dilithium, and SPHINCS+ for hybrid TLS by default. This allows any application using OpenSSL to enable PQC with minimal code changes, and supports performance testing across environments.
OpenSSL 3.5: Entering the Post‑Quantum Era
4. Tools, Frameworks, and Case Studies
Booz Allen highlights that enterprise transition to PQC is necessary to defeat “harvest-now-decrypt-later” attacks, recommending immediate planning and early vendor pilots.
From the Frontlines of Post‑Quantum Cryptography
Apriorit published implementation examples using Go, liboqs, and Cloudflare integration. This demonstrates how to incorporate PQC in HTTPS communications for developers working in Go-based microservices.
Integrating Post‑Quantum Cryptography Algorithms
5. Enterprise Readiness: Challenges and Recommendations
Surveys by Idemia reveal that over 50% of organizations are researching or planning PQC implementation, but most lack technical expertise. Regulatory guidance and controls are needed to guide adoption.
Key obstacles to Post‑Quantum Cryptography (PQC) Adoption
Encryption Consulting outlines 10 essential elements for successful migration: crypto inventory, headless CA tooling, monitoring and fallback planning. These form a solid foundation for enterprise-class deployment.
10 Enterprise Must‑Haves for a Successful Post‑Quantum Cryptography Migration
6. Compliance and Regulatory Drivers
NIST finalized its first PQC standards in August 2024. US federal guidelines require quantum-safe encryption in government systems by 2030. IBM, Microsoft, and Google are actively supporting integration of these standards.
NIST Releases First 3 Finalized Post‑Quantum Encryption Standards
India’s BFSI sector currently rates PQC readiness at 2.4/5, though 57.5% of CISOs project quantum risk is substantial within three years. A structured migration framework is being proposed to accelerate adoption.
BFSI not ready to tackle Quantum Computing threats, says study
7. Global Ecosystem and Commercial Offerings
PQShield—a UK startup with £37m funding—supplies post-quantum crypto components to governments and enterprises, powering standards and identity workflows. It is actively involved in advising agencies like GCHQ.
What I learnt … about the security threat from quantum computing
Quantinuum’s Quantum Origin service delivers quantum-generated random keys as a complement to PQC deployments. Partners include PureVPN and utilities in 2024, offering stronger entropy sources.
8. Summary Metrics
| Metric | Value / Estimate |
|---|---|
| Cloudflare PQC-enabled TLS | ~35% non-bot HTTPS traffic |
| Hybrid TLS handshake overhead | ~1 ms |
| Chrome PQC support | ≈10% traffic |
| NIST PQC deadline | Government compliance by 2030 |
| BFSI PQC readiness (India) | 2.4/5 score |
Recommendations for Enterprises
- Deploy hybrid TLS: Enable via OpenSSL 3.5, RHEL 10, or reverse proxies; pilot in low-risk zones.
- Integrate PQC into infrastructure: Update Windows and Linux builds with PQC support using Microsoft previews and liboqs.
- Perform crypto inventory: Identify legacy and hybrid endpoints via scanning tools.
- Enforce crypto agility: In procurement and vendor contracts, mandate support for NIST PQC algorithms.
- Prepare for compliance: Align with NIST, NSA, and international standards; document rollout plans.
- Educate teams: Train crypto, network and security staff on algorithm changes and deployment risks.
Conclusion
Post‑quantum cryptography is gaining real-world traction beyond Cloudflare. OpenSSL 3.5, Linux distributions, Windows builds, and vendors are enabling PQC testing today. Enterprises must operationalise hybrid TLS, audit cryptography across systems, align with regulatory timelines and invest in internal expertise. Early engagement will reduce future risk and position organisations for compliant and secure crypto in a post-quantum era.