Quantum computing is forcing organisations to rethink the foundations of digital security, with existing encryption methods expected to become obsolete far faster than many companies anticipate, according to DigiCert chief product officer Deepika Chauhan.
Chauhan said the industry has been working on post-quantum cryptography for nearly a decade, warning that once quantum computers mature, they will be capable of breaking today’s cryptographic algorithms in minutes.
“When that happens, everything encrypted today effectively becomes plain text,” she told Techobserver.in. “That makes this core to what we do.”
DigiCert has worked closely with National Institute of Standards and Technology and other standards bodies to develop and approve quantum-safe algorithms. Those algorithms are already supported on the DigiCert ONE platform, she said.
The company enabled support for working versions of post-quantum algorithms even before standards were formally finalised, allowing customers to experiment in sandbox environments and understand the operational impact early.
But Chauhan said preparing for quantum computing goes beyond product capability. DigiCert has launched quantum readiness initiatives that bring together customers and partners, including large consulting firms such as Deloitte, to discuss how organisations should prepare.
“It is evangelism as much as technology,” she said.
Adoption varies sharply by sector. Globally, banks are among the most advanced, driven by regulatory scrutiny and the long-term sensitivity of financial data. For many institutions, quantum risk is already a board-level issue.
Other organisations remain inclined to wait until quantum computers become commercially viable, an approach Chauhan said could leave them exposed.
She pointed to the industry-wide transition from SHA-1 to SHA-2 encryption standards, which took nearly a decade to complete, as a warning of how long cryptographic change can take once it begins.
“The problem is that when quantum arrives, it will already be too late to start,” she said.
The first step to quantum readiness, Chauhan said, is understanding cryptographic assets. Organisations need clear inventory and discovery of certificates, keys and algorithms before they can build a realistic migration roadmap. Regulation, she added, may help accelerate progress by nudging organisations to act sooner.
Resilience is becoming as critical as security. Certificate management failures increasingly result in service outages, not just security incidents. Public TLS certificates are currently valid for one year, but validity periods are shrinking rapidly.
“What used to be an annual task will soon need to be done multiple times a year,” Chauhan said. “That leaves no option but automation.”
She acknowledged that full automation is unrealistic for most large organisations, particularly those with legacy infrastructure. Instead, risk reduction comes from layered controls, including visibility, ownership, alerts and partial automation.
“PKI modernisation is a journey,” she said.
Hybrid IT environments add further complexity. Many organisations operate across on-premise data centres and cloud platforms, often under strict data residency and regulatory constraints.
While public certificate authorities cannot be deployed on-premise under global standards, Chauhan said private certificate authorities can be run within customer environments, with DigiCert ONE managing them from the cloud. That hybrid approach, she said, addresses both security and compliance concerns.
As quantum computing advances, Chauhan said cryptography can no longer be treated as a purely technical issue.
“This is about long-term trust,” she said. “And organisations need to start preparing now.”
