The Post Quantum Cryptography countdown

Picture this: It’s 1977. Disco is king, Star Wars is breaking box office records, and two mathematicians, Ron Rivest and Adi Shamir, team up with Leonard Adleman to unveil RSA encryption, a public-key cryptosystem, and one of the oldest systems widely used for secure data transmission.  

It’s a masterpiece of number theory, built on the idea that factoring massive numbers—like multiplying two 300-digit primes—is so computationally hard that no machine could crack it in a human lifetime. For nearly 5 decades, RSA has been a cornerstone of digital security, locking everything from bank transactions to your company’s cloud-stored customer data.  

But the clock is ticking. Quantum computers are coming, and when they arrive—on what some call “Q-Day”—RSA’s fortress could crumble. Your data, whether sitting quietly on a drive or zipping across networks, needs a new shield: post-quantum cryptography (PQC). Here’s why you need PQC, and why the storage layer, which is NetApp’s business, is ground zero.  

RSA’s strength lies in its simplicity. Take two huge prime numbers, multiply them, and you get a public key that anyone can use to encrypt a message. The catch? Someone can derive the private key—by factoring that product back into its primes—to decrypt it. In the 1970s, factoring a 600-digit number would have taken a supercomputer longer than the universe has existed. Even today’s fastest conventional machines struggle. Enter Peter Shor (of Shor’s algorithm), who in 1994 dropped a bombshell: a quantum algorithm that could do it exponentially faster. Wired magazine does some solid fear-mongering in this article about quantum computers breaking encryption—it’s a relevant and current issue to dive into. 

Here’s where it gets real. Security pros obsess over firewalls and VPNs, but the storage layer, where data sits at rest or flows in flight, often gets a shrug. It’s the vault holding your trade secrets, patient records, or financials. RSA and its cousins (like Elliptic Curve Cryptography, or ECC) encrypt this data, whether it’s parked on NetApp® storage or streaming through a hybrid cloud. Attackers won’t just snoop live traffic—they’ll harvest encrypted data now, store it, and decrypt it later when quantum is a reality. That decade-old backup? That email archive? All fair game. 

Data at rest (think databases or cloud buckets) faces a “harvest now, decrypt later” nightmare. If it’s sensitive enough to protect for years (hello, GDPR’s 20-year retention rules), it’s vulnerable unless you act. Data in flight—moving between servers or to end users—fares no better. Transport Layer Security (TLS), the protocol securing your browser, leans on RSA for key exchange. A quantum attacker could retroactively unravel those sessions if they’ve logged the traffic. Storage isn’t just a passive layer; it’s the beating heart of your digital operation, and you need to be sure your storage is prepared. 

The good news? You’re not defenseless. Post-quantum cryptography (PQC) sounds futuristic, but it’s here now and ready to save the day today and tomorrow—dive in with this Storage Review article asking if storage is quantum-ready. Unlike RSA’s reliance on factoring, PQC leans on algorithms that quantum computers can’t easily crack, like lattice-based math or code-based encryption. The National Institute of Standards and Technology (NIST) spent years vetting these algorithms and announced PQC standardization in 2024, landing on winners like CRYSTALS-Kyber and CRYSTALS-Dilithium. These algorithms don’t need quantum magic to work—they’re built for today’s machines, with quantum resilience baked in. 
 
For storage, PQC is a must. For data at rest, it means reencrypting with quantum-resistant keys, ensuring that backups and archives stay safe long term. For data in flight, it’s upgrading TLS to use PQC for key exchanges, locking down data as it moves. NetApp, the most secure storage on the planet, is already aligning with NIST’s standards, weaving PQC into our systems for both scenarios. It’s not just a tech upgrade—it’s a survival strategy. 
 
Q Day isn’t here yet, but the threat is. Attackers are already hoarding encrypted data, betting on future quantum breakthroughs. Businesses can’t afford to wait for the apocalypse before retrofitting. Start with an audit: Where’s your data? How long must it stay secure? Then push your storage vendors—NetApp included—to roll out PQC now, not later. Hybrid approaches, blending RSA with PQC, can ease the shift without breaking workflows.  

The 1970s gave us RSA and bell-bottoms. One’s a relic; the other’s on borrowed time. Post-quantum cryptography at the storage layer isn’t optional—it’s your ticket to a future where your data doesn’t just survive Q Day but thrives beyond it. The quantum countdown is on. Are you ready?  

At NetApp, we’ve built our reputation as a trusted leader in data storage by staying ahead of the curve. Our customers rely on us to keep their data secure and future-proof their NetApp infrastructure. NetApp has complied with AES 256-bit transparent disk encryption for data at rest. With Q-Day on the horizon, where quantum computers will be able to break encryption algorithms, the security landscape is shifting fast. Our existing encryption is already robust, but we’re not stopping there—we’re evolving to meet tomorrow’s challenges today by complying with NIST standards. Today, we’re announcing NetApp’s compliant NIST PQC algorithms for both data at rest and data in flight. You can level up your PQC knowledge with this PQC white paper authored by The Futurum Group and Dr. Bob Sutor, author of Dancing with Qubits.  
 
By aligning with NIST’s PQC standards, we’re not just keeping pace with quantum advancements—we’re setting the standard. Your data deserves nothing less. 
Stay up to date on NetApp’s compliance with PQC.