In this guest blog post, Michael Fasulo, Senior Director of Portfolio Marketing at Commvault, discusses how quantum computing will threaten cryptography and how Commvault Cloud in Microsoft Marketplace can help.
In today’s digital economy, trust is currency – and cryptography is its vault. Every transaction, login, and backup rely on encryption to keep data safe. But what happens when the locks we’ve relied on for decades are no longer secure?
That’s not a hypothetical: It’s a looming reality that demands immediate attention.
Quantum computing, once a distant concept, is rapidly becoming tangible. These machines promise breakthroughs in chemistry, logistics, and science — but they also threaten to break the very cryptographic foundations that protect our digital world. Asymmetric cryptographic algorithms like Rivest–Shamir–Adleman (RSA) and elliptic curve cryptography (ECC), which underpin secure communications and digital signatures, are now vulnerable to quantum attacks.
This isn’t just a future problem — it’s a now problem, especially for industries and organizations that manage long-lived sensitive data. Due to harvest now, decrypt later (HNDL) tactics, threat actors and nation-states are collecting encrypted data today, betting they’ll be able to decrypt it once quantum capabilities mature and become more accessible.
Fragile cryptography in a quantum world
The National Institute of Standards and Technology (NIST) has prepared for this moment since 2016. In 2024, it finalized the first set of post-quantum cryptographic (PQC) algorithms: CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON. These algorithms are designed to withstand both classical and quantum attacks.
But implementing them isn’t as simple as flipping a switch.
Most organizations don’t know where cryptography resides in their infrastructure. Encryption is embedded in applications, application programming interfaces (APIs), data pipelines, and third-party integrations. Without a clear inventory, migrating to PQC is like trying to renovate a house without knowing where the wiring is.
If your data needs to remain confidential for five years or more — think healthcare records, financial data, or intellectual property — it’s already at risk. And if your organization lacks crypto-agility, you may be stuck with outdated algorithms long after they’re deemed insecure.
Start now, stay ready for the road ahead
Quantum computing may still be years from mainstream deployment, but the time to act is now. As organizations gain visibility into their cryptographic footprint, data retention policies, and threat exposure, they can begin reducing risk today.
To prepare, ask your vendors:
• What’s your road map for PQC? (An organization is only as strong as its weakest link.)
• How do you support, implement, and scale crypto-agility?
• What steps are you taking to protect against harvest now, decrypt later (HNDL) threats?
Crypto-agility meets cloud-scale resilience
That’s why Commvault and Microsoft are taking a proactive stance. Commvault’s approach to post-quantum readiness is built on three pillars:
1. Crypto-agility by design: Commvault Cloud in Microsoft Marketplace integrates a crypto-agility framework that enables swapping of cryptographic algorithms as standards evolve, without requiring system overhauls. PQC is available at no additional cost as part of Commvault Cloud platform’s security capabilities.
2. Cryptographic inventory and risk classification: Using Commvault Risk Analysis and Microsoft Purview, organizations can identify where sensitive data resides and classify it based on sensitivity, type, and retention requirements.
3. Post-quantum encryption at scale: Commvault implemented NIST-approved PQC algorithms like Kyber (ML-KEM), Dilithium (ML-DSA), and FALCON (FN-DSA). NIST also proposed Hamming Quasi-Cyclic (HQC) as a backup to ML-KEM in case of compromise. These algorithms are available today within the Commvault platform and are supported across network pipelines, protecting sensitive traffic from HNDL attacks. A rule-based policy engine allows for automated, scalable application of PQC across sensitive workloads.
Enabling secure, scalable transformation
Commvault’s post-quantum capabilities are part of a broader “defense in depth” strategy, improved by deep integration with Microsoft’s security and cloud ecosystem:
• Microsoft Azure powers Commvault Cloud SaaS and provides the scalable infrastructure to accelerate PQC-enabled workloads globally.
• Microsoft Defender integrates with Commvault’s Cleanroom Recovery and threat-scanning capabilities to detect threats and support clean recovery and forensic use cases.
• Azure Key Vault supports Commvault’s privileged access management strategy, enforcing just-in-time access and multi-person authorization for sensitive operations.
Together, Commvault and Microsoft deliver a zero-trust architecture that’s resilient today — and future-resilient for tomorrow. To learn more, watch a video discussion from Commvault experts considering post-quantum cryptography, preparedness, and the threat landscape (https://www.youtube.com/watch?v=5QRIDpx4psY), and take in a cybersecurity discussion in which Commvault delves into quantum computing and delivering next-level cyber-resiliency (https://www.youtube.com/watch?v=RI6i27mRfRs).
