Encryption & Key Management,
Next-Generation Technologies & Secure Development,
Security Operations
Experts Detail Migration Scope, Timelines, and Governance Gaps in Going Quantum-Safe
The transition to post-quantum cryptography represents one of the most significant transformations an enterprise will face. It is a complex challenge that encompasses not only technical aspects but also organizational dynamics. A recent panel of experts, interviewed by ISMG, illuminated the multifaceted nature of this migration, emphasizing its vast scope involving infrastructure, vendor management, governance, and team education. Many organizations, they warn, significantly underestimate both the complexity of the project and the time required to implement it effectively.
Marin Ivezic, CEO of Applied Quantum, has spearheaded post-quantum cryptography migration initiatives that involve upwards of 120,000 individual tasks. He pointed out that only 30,000 of these tasks are directly related to cryptography; the remainder pertains to inventory management, vendor interactions, regulatory compliance, and the upskilling of team members. Ivezic noted, “It is not the number itself that is important. It highlights the size and complexity of these programs, which most people don’t comprehend until they find themselves deep in the process.”
On the other hand, Gregory Skulmoski, who serves as a professor at Bond University, remarked that the sluggish pace of migration in many enterprises can be attributed to their focus on implementing artificial intelligence projects. “Organizations are preoccupied with AI and its governance, alongside other cybersecurity ventures such as enhancing security through zero trust,” he elaborated. This prevailing near-term focus makes it challenging for businesses to shift their attention toward the looming challenge of quantum computing.
Muria Roberts, director of QTM-X Quantum Advisory Indonesia, added her voice to the discussion, pointing out a pervasive lack of organizational discipline and preparedness. “We must regard this as an issue of cybersecurity hygiene, business resilience, and a vital trust infrastructure,” Roberts explained, highlighting the need for a systemic approach to quantum readiness.
In a video interview conducted by ISMG, the panelists elaborated on various critical topics, including:
- The continuation of cryptographic discovery and what constitutes a defensible starting point for organizations.
- Strategies for integrating Post-Quantum Cryptography (PQC) preparedness into vendor and procurement management without reducing it to a mere checklist exercise.
- The critical question of ownership regarding PQC migration programs within organizations, alongside discussions on governance challenges that act as barriers.
Marin Ivezic boasts more than thirty years of experience in cybersecurity and deep technology sectors. His extensive background includes roles at Accenture, IBM, and various Big Four firms, as well as acting as Chief Information Security Officer (CISO) and Chief Technology Officer (CTO) in enterprise settings. As a former quantum entrepreneur behind firms such as Boston Photonics and PQ Defense, he now assists both governments and organizations in navigating quantum-related risks and ensuring their readiness for the future.
Muria Roberts holds the position of director at QTM-X Quantum Advisory, emphasizing quantum cybersecurity and aiding organizations in translating quantum risks into actionable decisions for boards and executive teams. Her work includes founding the Tasmanian Quantum Network and serving as an educator in the quantum sector, establishing her footprint as a leader in quantum awareness and governance.
Gregory Skulmoski has made contributions to academic and practical project management through his role as an associate professor at Bond University, where he leads the project management and planning discipline. His portfolio encompasses technical and non-technical project leadership across diverse regions including Australia, the Middle East, and Canada. He has played an integral role in updating the Project Management Institute’s (PMI) PMBOK Guide and is focused on the critical areas of adaptive project management, navigating digital disruptions, and optimizing Project Management Offices (PMOs).
