“There are a handful of commercial tools, which are very expensive, and then only a smattering of open-source tools of which myself and Mark Carney have open-sourced from a Santander perspective,” Cuthbert explained. “Until we make these tools as easy to use and available to all, that’s where some of the struggle is occurring in organizations.”
Dr. Ali El Kaafarani, CEO and co-founder of post-quantum cryptography vendor PQShield, and one of the architects of the NIST standards, agreed that upgrading from legacy to PQC-based systems is far from trivial.
“PQC isn’t plug-and-play; there’s serious work needed to identify where vulnerable cryptography lives, what can be swapped, and what needs a more bespoke solution to maintain performance requirements,” Dr. Kaafarani told CSO, noting that PQC requires more computing resources and more memory than legacy encryption technologies.
