QIZ advances quantum-resistant work

QIZ Security’s announcement with Google Cloud is less about a new cryptography product than about turning post-quantum migration into an enterprise program. QIZ said on May 20 that it will work with Google Cloud to help companies assess and plan moves toward quantum-resistant cryptography and crypto-agile architectures. (businesswire.com) The release described the work in operational terms: certificate inventories, public key infrastructure, hardware security module dependencies and protections for long-lived data. (nist.gov) ### Why are companies talking about “quantum-resistant” migration now? NIST gave the market a concrete milestone in August 2024 when it released its first three finalized post-quantum encryption standards. That mattered because it moved the discussion from research and pilots toward implementation planning inside large organizations. (businesswire.com) The standards do not force an overnight switch, but they give security teams a reference point for what future migration paths should align to. Long-lived data is a big part of the timing. The concern is that information encrypted today could be collected now and decrypted later if quantum computing capabilities improve enough to break current public-key systems. That is why migration planning tends to focus first on systems with long retention periods, regulated data and hard-to-replace trust infrastructure. (businesswire.com) QIZ’s release explicitly pointed to long-lived data protection as part of the program. ### What does QIZ say it is actually helping enterprises do? QIZ framed the collaboration as planning and assessment work rather than a wholesale rip-and-replace project. The company said the effort will help enterprises identify where cryptography is embedded across PKI, applications and key management dependencies, and then map a path toward crypto-agile designs. (nist.gov) In practice, that means finding where certificates, algorithms and hardware assumptions are fixed deep inside systems before a migration starts. PKI and HSM dependencies matter because they are usually spread across identity systems, internal applications, device fleets and cloud services. A company can change a policy on paper faster than it can change certificate chains, signing workflows or hardware-backed key operations. (businesswire.com) QIZ’s description suggests the first phase is discovery and transition design, not immediate cutover. ### Where does Google Cloud fit into this? Google Cloud has been building out post-quantum features in its own platform alongside broader industry migration work. In a company post, Google Cloud said Cloud KMS was adding digital signatures using NIST post-quantum cryptography standards. That does not mean every enterprise workload is ready for a full transition, but it shows cloud providers are starting to expose standardized post-quantum building blocks inside managed services. (businesswire.com) The QIZ collaboration appears aimed at the layer above that infrastructure: helping customers figure out where they are exposed, which systems depend on legacy algorithms and how to sequence changes without breaking existing trust relationships. (businesswire.com) That is a different problem from shipping a single algorithm in a cloud service. ### Why does “crypto-agility” keep coming up in these announcements? Crypto-agility is shorthand for designing systems so algorithms and keys can be changed without rebuilding everything around them. That matters in post-quantum migration because many organizations will need hybrid periods, compatibility layers and phased replacement across vendors and internal systems. A rigid environment can turn a standards update into a multiyear infrastructure project. (cloud.google.com) QIZ’s release paired quantum-resistant cryptography with crypto-agile architectures for that reason. NIST’s finalized standards give enterprises a target, but the harder work is inventory, dependency mapping and staged implementation. QIZ said its collaboration with Google Cloud is focused on that planning layer, and Google Cloud’s own post-quantum service work suggests the underlying tooling is starting to arrive. (businesswire.com)