Postquantum Readiness Starts With a Map. It Ends at the Data Level.
New Gartner® research lays out the full journey to postquantum readiness. Here's what's inside it, and the one layer we think too many teams are about to overlook.
Right now, someone could be copying your encrypted data and filing it away. Not to read today. To read the day a quantum computer can break the math protecting it.
That's not science fiction. It's harvest now, decrypt later (HNDL): attackers capturing encrypted data today to crack it once quantum machines are capable. It's why "we'll deal with quantum when it gets here" is one of the most expensive sentences in security planning. Your data has a shelf life measured in years. The attacker's patience doesn't.
Gartner put a date on it. In "A Journey Guide to Postquantum Readiness," Gartner® analysts Sarah Almond and Mark Horvath open with a blunt assumption: "By 2030, advances in quantum computing will make conventional asymmetric cryptography unsafe to use."
So, the algorithms quietly protecting almost everything you own (RSA, ECC, the asymmetric cryptography baked into your systems) are on a clock. 2030 isn't the year to start. It's the year to be done. Which leaves every security leader asking the obvious question: where do I even begin?
Key takeaways
- Postquantum cryptography (PQC) is a new class of NIST-standardized algorithms designed to resist quantum attacks, with migration needed by 2030.
- The Gartner journey guide maps postquantum readiness as a four-step program, from gaining foresight and getting grounded to scaling up and managing change.
- Most of the industry's postquantum energy is going to the network layer (quantum-safe VPNs and TLS), which protects data in motion.
- That leaves data at rest exposed: the files sitting on endpoints, in data stores, and on the mainframe, which carry the highest harvest-now-decrypt-later risk.
- We believe the answer is file-level data protection: encryption that lives with the data itself and is crypto-agile enough to evolve as standards change.
What We Believe the Gartner journey guide actually maps
This is what makes the report worth your afternoon: it isn't another quantum scare piece. It's a step-by-step journey across four phases, written for the leader who has to turn "the sky is eventually falling" into a funded, staffed, multi-year program.
If you've ever sat in a budget meeting for a threat that "feels far off," or wondered how much of this you can hand to your vendors, this is the map that turns the panic into a plan. We think it's the clearest starting point out there for a problem most teams know they have and quietly hope they have more time for.
Read the whole thing.
Download the full Gartner report →
Now here's our own take, because there's a part of this the market is getting dangerously wrong.
Everyone's racing to make the network quantum-safe
Watch where the industry's attention has gone. The most visible postquantum work happening right now is at the network layer. Networking vendors, Cisco among them, are building PQC into firewalls and VPNs so the traffic crossing the wire is protected against tomorrow's quantum attacks. (Cisco published its own Secure Firewall roadmap recently if you want one example of the trend.)
That work matters. Data moving across public networks is highly exposed to harvest now, decrypt later, so hardening the transport layer is a smart first move. If your networking vendor is doing it, that's a win.
But it's one layer. And the rush to quantum-proof the network is creating a blind spot you could drive a breach through.
A quantum-safe tunnel protects the trip. Not the destination.
Encrypting the network secures your data while it moves. The problem is that your data doesn't spend its life moving. It spends its life sitting still.
It sits on laptops and endpoints. It sits in databases, file shares, and object stores. It sits on the mainframe, where some of the most sensitive records in regulated industries have lived for decades. A quantum-safe VPN gets a file safely from point A to point B. Then the tunnel closes, the file lands, and it goes right back to being protected by whatever was wrapped around it before it left. Often that's the exact RSA-based encryption with the 2030 expiration date.
And it's data at rest the harvest-now crowd wants most, because it's the data with the longest shelf life. Patient histories. Financial records. Intellectual property. Government data. Records that have to stay confidential for years or decades. The tunnel protected the trip. It never touched the prize.
We believe the answer is file-level data protection
Here's PKWARE's view: if the data is what attackers are after, then the data is what you protect. Not just the path it happens to travel.
File-level data protection means the encryption lives with the data itself. You find your sensitive data, classify it, and protect it at the file level, so that protection travels with the file and stays in force wherever it goes: on the endpoint, in the data store, on the z/OS mainframe, in a backup, in motion or at rest. The network a file crosses stops being the only thing standing between an attacker and your data. The file protects itself.
It starts with discovery, because you can't protect what you can't see. Knowing where your sensitive data actually lives across the enterprise is the precondition for everything else, and it's the same visibility a serious postquantum program demands.
And because postquantum migration won't be a one-time event, file-level protection has to be crypto-agile: built so you can change the algorithm protecting your data as standards evolve, without re-architecting every system that touches it. That's how you migrate once and keep migrating, instead of re-running this whole fire drill every few years.
The full picture
So, here's the honest version of postquantum readiness.
Securing the network is necessary. It isn't sufficient. The network vendors are hardening the pipe, and they should. Your job is to make sure that when the data arrives, sits down, and stays for the next ten years, it's protected by something a quantum computer can't unwind. That's the data layer. That's the part you own. And it's the part that's still wide open the moment the tunnel closes.
Start with the map. In our view, the Gartner journey guide will get your program off the ground. Then protect what's at rest, at the file level, where the data actually lives.
See how PKWARE delivers file-level data protection across the endpoint, data store, and mainframe →
Frequently Asked Questions
What does postquantum readiness involve?
Postquantum readiness means migrating the cryptography that protects your data and systems to quantum-resistant algorithms before quantum computers can break today’s encryption. Gartner frames it as a multi-phase program covering the threat, the funding case, execution, and scaling the change across the organization.
Is a quantum-safe network or VPN enough for postquantum readiness?
No. A quantum-safe VPN or TLS connection protects data while it’s in transit. It does not protect data at rest on endpoints, in data stores, or on mainframes. Full readiness requires protecting the data itself, not just the network it travels across.
What is harvest now, decrypt later (HNDL)?
HNDL is an attack strategy where adversaries capture encrypted data today and store it until quantum computers can break the encryption. It makes long-lived sensitive data an immediate concern, even though quantum computers can’t break it yet.
What is file-level data protection?
File-level data protection applies encryption to the data itself rather than to the network or storage around it. The protection travels with the file wherever it goes, so the data stays secured whether it’s in motion, at rest, copied, or backed up.
What is crypto-agility and why does it matter for PQC?
Crypto-agility is the ability to change the cryptographic algorithms protecting your data without re-architecting the systems that rely on them. It matters because postquantum migration isn’t a one-time event, and standards will keep evolving.
Gartner, "A Journey Guide to Postquantum Readiness," Sarah Almond, Mark Horvath, 13 March 2026.
Gartner is a trademark of Gartner, Inc. and/or its affiliates.
The views on postquantum strategy and on file-level data protection expressed in this article are PKWARE's own and do not represent the opinion or endorsement of Gartner. Cisco Secure Firewall roadmap details referenced from Cisco's blog "Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap" (13 April 2026). Cisco and Cisco Secure Firewall are trademarks of Cisco Systems, Inc. PKWARE is not affiliated with, sponsored by, or endorsed by Cisco.
New Gartner® research lays out the full journey to postquantum readiness. Here's what's inside it, and the one layer we think too many teams are about to overlook.
Right now, someone could be copying your encrypted data and filing it away. Not to read today. To read the day a quantum computer can break the math protecting it.
That's not science fiction. It's harvest now, decrypt later (HNDL): attackers capturing encrypted data today to crack it once quantum machines are capable. It's why "we'll deal with quantum when it gets here" is one of the most expensive sentences in security planning. Your data has a shelf life measured in years. The attacker's patience doesn't.
Gartner put a date on it. In "A Journey Guide to Postquantum Readiness," Gartner® analysts Sarah Almond and Mark Horvath open with a blunt assumption: "By 2030, advances in quantum computing will make conventional asymmetric cryptography unsafe to use."
So, the algorithms quietly protecting almost everything you own (RSA, ECC, the asymmetric cryptography baked into your systems) are on a clock. 2030 isn't the year to start. It's the year to be done. Which leaves every security leader asking the obvious question: where do I even begin?
Key takeaways
- Postquantum cryptography (PQC) is a new class of NIST-standardized algorithms designed to resist quantum attacks, with migration needed by 2030.
- The Gartner journey guide maps postquantum readiness as a four-step program, from gaining foresight and getting grounded to scaling up and managing change.
- Most of the industry's postquantum energy is going to the network layer (quantum-safe VPNs and TLS), which protects data in motion.
- That leaves data at rest exposed: the files sitting on endpoints, in data stores, and on the mainframe, which carry the highest harvest-now-decrypt-later risk.
- We believe the answer is file-level data protection: encryption that lives with the data itself and is crypto-agile enough to evolve as standards change.
What We Believe the Gartner journey guide actually maps
This is what makes the report worth your afternoon: it isn't another quantum scare piece. It's a step-by-step journey across four phases, written for the leader who has to turn "the sky is eventually falling" into a funded, staffed, multi-year program.
If you've ever sat in a budget meeting for a threat that "feels far off," or wondered how much of this you can hand to your vendors, this is the map that turns the panic into a plan. We think it's the clearest starting point out there for a problem most teams know they have and quietly hope they have more time for.
Read the whole thing.
Download the full Gartner report →
Now here's our own take, because there's a part of this the market is getting dangerously wrong.
Everyone's racing to make the network quantum-safe
Watch where the industry's attention has gone. The most visible postquantum work happening right now is at the network layer. Networking vendors, Cisco among them, are building PQC into firewalls and VPNs so the traffic crossing the wire is protected against tomorrow's quantum attacks. (Cisco published its own Secure Firewall roadmap recently if you want one example of the trend.)
That work matters. Data moving across public networks is highly exposed to harvest now, decrypt later, so hardening the transport layer is a smart first move. If your networking vendor is doing it, that's a win.
But it's one layer. And the rush to quantum-proof the network is creating a blind spot you could drive a breach through.
A quantum-safe tunnel protects the trip. Not the destination.
Encrypting the network secures your data while it moves. The problem is that your data doesn't spend its life moving. It spends its life sitting still.
It sits on laptops and endpoints. It sits in databases, file shares, and object stores. It sits on the mainframe, where some of the most sensitive records in regulated industries have lived for decades. A quantum-safe VPN gets a file safely from point A to point B. Then the tunnel closes, the file lands, and it goes right back to being protected by whatever was wrapped around it before it left. Often that's the exact RSA-based encryption with the 2030 expiration date.
And it's data at rest the harvest-now crowd wants most, because it's the data with the longest shelf life. Patient histories. Financial records. Intellectual property. Government data. Records that have to stay confidential for years or decades. The tunnel protected the trip. It never touched the prize.
We believe the answer is file-level data protection
Here's PKWARE's view: if the data is what attackers are after, then the data is what you protect. Not just the path it happens to travel.
File-level data protection means the encryption lives with the data itself. You find your sensitive data, classify it, and protect it at the file level, so that protection travels with the file and stays in force wherever it goes: on the endpoint, in the data store, on the z/OS mainframe, in a backup, in motion or at rest. The network a file crosses stops being the only thing standing between an attacker and your data. The file protects itself.
It starts with discovery, because you can't protect what you can't see. Knowing where your sensitive data actually lives across the enterprise is the precondition for everything else, and it's the same visibility a serious postquantum program demands.
And because postquantum migration won't be a one-time event, file-level protection has to be crypto-agile: built so you can change the algorithm protecting your data as standards evolve, without re-architecting every system that touches it. That's how you migrate once and keep migrating, instead of re-running this whole fire drill every few years.
The full picture
So, here's the honest version of postquantum readiness.
Securing the network is necessary. It isn't sufficient. The network vendors are hardening the pipe, and they should. Your job is to make sure that when the data arrives, sits down, and stays for the next ten years, it's protected by something a quantum computer can't unwind. That's the data layer. That's the part you own. And it's the part that's still wide open the moment the tunnel closes.
Start with the map. In our view, the Gartner journey guide will get your program off the ground. Then protect what's at rest, at the file level, where the data actually lives.
See how PKWARE delivers file-level data protection across the endpoint, data store, and mainframe →
Frequently Asked Questions
What does postquantum readiness involve?
Postquantum readiness means migrating the cryptography that protects your data and systems to quantum-resistant algorithms before quantum computers can break today’s encryption. Gartner frames it as a multi-phase program covering the threat, the funding case, execution, and scaling the change across the organization.
Is a quantum-safe network or VPN enough for postquantum readiness?
No. A quantum-safe VPN or TLS connection protects data while it’s in transit. It does not protect data at rest on endpoints, in data stores, or on mainframes. Full readiness requires protecting the data itself, not just the network it travels across.
What is harvest now, decrypt later (HNDL)?
HNDL is an attack strategy where adversaries capture encrypted data today and store it until quantum computers can break the encryption. It makes long-lived sensitive data an immediate concern, even though quantum computers can’t break it yet.
What is file-level data protection?
File-level data protection applies encryption to the data itself rather than to the network or storage around it. The protection travels with the file wherever it goes, so the data stays secured whether it’s in motion, at rest, copied, or backed up.
What is crypto-agility and why does it matter for PQC?
Crypto-agility is the ability to change the cryptographic algorithms protecting your data without re-architecting the systems that rely on them. It matters because postquantum migration isn’t a one-time event, and standards will keep evolving.
Gartner, "A Journey Guide to Postquantum Readiness," Sarah Almond, Mark Horvath, 13 March 2026.
Gartner is a trademark of Gartner, Inc. and/or its affiliates.
The views on postquantum strategy and on file-level data protection expressed in this article are PKWARE's own and do not represent the opinion or endorsement of Gartner. Cisco Secure Firewall roadmap details referenced from Cisco's blog "Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap" (13 April 2026). Cisco and Cisco Secure Firewall are trademarks of Cisco Systems, Inc. PKWARE is not affiliated with, sponsored by, or endorsed by Cisco.