Multiple developments in the past two weeks have accelerated the conversation around post-quantum cryptography (PQC). Google has publicly committed to completing its own PQC migration by 2029. A joint paper from Caltech and startup Oratomic suggests a cryptographically relevant quantum computer may need as few as 10,000 physical qubits - not millions. And the Cloud Security Alliance has published detailed guidance on what cloud-native organizations should do right now. Together, these signals paint a picture that is less about distant theoretical risk and more about near-term operational planning.
The Timeline Is Compressing
For years, the working assumption was that a fault-tolerant quantum computer capable of breaking RSA or elliptic curve cryptography would require millions of physical qubits and remain decades away. That assumption is eroding.
A joint research paper from the California Institute of Technology and Oratomic concluded that advances in neutral atom arrays indicate a quantum computer capable of breaking classical encryption may require as few as 10,000 qubits, not millions as previously thought. 1Why is the timeline to quantum-proof everything constantly shrinking? — CyberScoop
Separately, Google Quantum AI published a whitepaper demonstrating roughly a twenty-fold decrease in the estimated number of physical qubits needed to break 256-bit elliptic curve encryption, estimating the requirement at fewer than 500,000 physical qubits. 1Why is the timeline to quantum-proof everything constantly shrinking? — CyberScoop 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance
Andrew McLaughlin, COO of SandboxAQ, summarized the driving forces as "hardware, math and China" - advances in quantum hardware such as neutral atom arrays, mathematical breakthroughs that use that hardware more efficiently, and rapid progress by Chinese researchers, including the commercially approved 100-qubit Huanyuan 1 system developed at Wuhan University. 1Why is the timeline to quantum-proof everything constantly shrinking? — CyberScoop
Google's response was concrete: the company announced in March 2026 that it will fully transition to post-quantum cryptography by 2029. 3Google Wants to Transition to Post-Quantum Cryptography by 2029 — Schneier on Security Security expert Bruce Schneier characterized this as a sound move, though "not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing." 3Google Wants to Transition to Post-Quantum Cryptography by 2029 — Schneier on Security
Not everyone shares the urgency. Matthew Green, a cryptography professor at Johns Hopkins, said on BlueSky that he would "bet huge amounts of money against a relevant quantum computer by 2029 or even 2035," while acknowledging the prediction might "haunt him." 1Why is the timeline to quantum-proof everything constantly shrinking? — CyberScoop Dark Reading separately quoted cryptography experts warning that it will "take years to be fully quantum-safe, if ever." 4Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now — Dark Reading
The disagreement is about timing, not about the direction. The consensus is clear: migration must begin now.
Why Cloud Environments Face a Distinct Migration Problem
A detailed analysis published by the Cloud Security Alliance, authored by Sunil Gentyala of HCLTech, argues that cloud-native zero-trust architectures introduce PQC migration challenges that on-premises PKI frameworks do not adequately address. 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance Three structural characteristics of cloud environments compound the problem.
Workload identity is provider-controlled. Cloud workload identity systems - AWS IAM Roles Anywhere, Azure AD Workload Identity, GCP Workload Identity Federation - issue short-lived cryptographic credentials. The algorithm those credentials use is determined by the hyperscaler, not the customer. Enterprises that have not built algorithm-agnostic workload identity frameworks risk service disruption when providers switch to post-quantum algorithms on their own schedule. 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance
Secrets management carries inherited vulnerability. Systems like HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault use asymmetric key wrapping to protect secrets at rest. An organization that began using RSA-2048 key wrapping in 2019 has potentially seven years of accumulated wrapped secrets whose confidentiality depends on the continued classical hardness of RSA factorization. 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance The vulnerability window is bounded by the wrapping key's vintage, not the sensitivity lifetime of the data it protects.
Service-mesh mTLS operates at massive scale. Cloud-native microservice deployments can involve thousands of certificates renewed on sub-day cycles. Integrating ML-DSA certificate profiles into Istio, Linkerd, or Consul Connect control planes is technically feasible with tools like the Open Quantum Safe PKI toolchain, but requires explicit deployment configuration that most teams have not adopted. 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance
Where to Start: The Priority Matrix
The CSA guidance prioritizes actions by the intersection of HNDL exposure window and current implementation readiness. AWS KMS, Azure Key Vault, and GCP Cloud KMS all support ML-KEM-based asymmetric key operations in preview as of early 2026. 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance This means certain actions are executable now, without waiting for full provider migration.
The guidance also highlights a procurement dimension that many technology assessments overlook. Cloud provider service level agreements do not currently include post-quantum algorithm adoption commitments or published migration timelines. 2Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures — Cloud Security Alliance Enterprises renewing cloud contracts in 2026 have a narrow window to negotiate PQC readiness language before the largest regulated-industry customers set the terms.
Looking Ahead
The post-quantum migration is not a single event but a multi-year program of work. The qubit estimates are dropping. The NIST standards - ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205), finalized in August 2024 5Post-Quantum Cryptography Standards — NIST CSRC - are available. Hyperscaler preview support is emerging. But the gap between standard availability and enterprise deployment remains wide.
For cloud-native organizations, the highest-value actions today are inventory-driven: enumerate classical key material, map dependency chains in workload identity, audit service-mesh CA configurations, and start hybrid TLS deployment at internet-facing endpoints. These are not speculative investments - they are the prerequisites for absorbing a transition whose timeline, by every recent measure, continues to compress.
Bild: Dynamic Wang / Unsplash
