Entrust Warns Digital Trust Has a Deadline as Post-Quantum Threat Nears, Podcast
Fri Feb 06 2026
Doug Green, Publisher of Technology Reseller News, sat down with Samantha Mabey, Director of Digital Solutions Marketing at Entrust, to discuss new research revealing that most organizations remain unprepared for the coming post-quantum era—despite mounting evidence that the clock is ticking. The podcast, supported by slides, walks through findings from Entrust’s latest global study, 2026 Global State of Post-Quantum and Cryptographic Security Trends, and unpacks what they mean for MSPs, telecom providers, and enterprise security leaders.
Mabey explained that Entrust focuses on identity-centric security, with cryptographic technologies—such as PKI, hardware security modules (HSMs), certificate management, and key lifecycle management—forming the backbone of modern digital infrastructure. These technologies underpin everything from secure web traffic and APIs to device identity, software updates, and machine-to-machine authentication. The challenge, she noted, is that today’s widely used public-key cryptography, including RSA and elliptic curve cryptography, will eventually be breakable by cryptographically relevant quantum computers.
According to the research cited in the discussion, more than half of organizations believe quantum systems capable of breaking current encryption could arrive within five years, yet only 38 percent say they are actively transitioning toward post-quantum readiness. Mabey emphasized that the transition will be far more complex than previous cryptographic migrations, such as the long-running move from SHA-1 to SHA-2, because cryptography is embedded across nearly every system and workflow.
The risks of inaction are significant. Mabey outlined three major areas of exposure: loss of data confidentiality as encrypted information becomes vulnerable in the future; erosion of trust and integrity if digital signatures can be forged; and operational disruption, since many organizations lack full visibility into where cryptography is deployed. The report found that fewer than half of organizations have complete visibility into their certificates and keys, even before factoring in post-quantum requirements.
To become post-quantum ready, Mabey described a phased journey that begins with discovery and inventory—understanding where cryptography is used, who owns it, and how it is managed. From there, organizations must build crypto agility, enabling them to change algorithms without disrupting operations. This includes people, processes, centralized policy, and automation, not just technology. Only then can organizations safely introduce post-quantum cryptography, often through hybrid approaches that combine existing algorithms with quantum-safe methods.
The conversation also highlighted the urgency created by emerging standards. Guidance from NIST indicates that traditional public-key cryptography is expected to be deprecated by 2030 and fully disallowed by 2035, timelines that are likely to be followed globally. For telecom providers in particular, Mabey noted that long-lived infrastructure, embedded systems, and constrained devices increase exposure to “harvest now, decrypt later” attacks, making phased migration and vendor alignment critical.
As the discussion concluded, Mabey stressed that organizations making progress treat post-quantum readiness as a program, not a one-time project. Those moving forward are aligning teams, investing in visibility and automation, and working closely with vendors that have clear post-quantum roadmaps. Those falling behind, she warned, are underestimating the operational burden and waiting for a “perfect moment” that has already arrived.
View the report at https://www.entrust.com/resources/reports/ponemon-post-quantum-report-2026
Visit https://www.entrust.com/
More
Doug Green, Publisher of Technology Reseller News, sat down with Samantha Mabey, Director of Digital Solutions Marketing at Entrust, to discuss new research revealing that most organizations remain unprepared for the coming post-quantum era—despite mounting evidence that the clock is ticking. The podcast, supported by slides, walks through findings from Entrust’s latest global study, 2026 Global State of Post-Quantum and Cryptographic Security Trends, and unpacks what they mean for MSPs, telecom providers, and enterprise security leaders. Mabey explained that Entrust focuses on identity-centric security, with cryptographic technologies—such as PKI, hardware security modules (HSMs), certificate management, and key lifecycle management—forming the backbone of modern digital infrastructure. These technologies underpin everything from secure web traffic and APIs to device identity, software updates, and machine-to-machine authentication. The challenge, she noted, is that today’s widely used public-key cryptography, including RSA and elliptic curve cryptography, will eventually be breakable by cryptographically relevant quantum computers. According to the research cited in the discussion, more than half of organizations believe quantum systems capable of breaking current encryption could arrive within five years, yet only 38 percent say they are actively transitioning toward post-quantum readiness. Mabey emphasized that the transition will be far more complex than previous cryptographic migrations, such as the long-running move from SHA-1 to SHA-2, because cryptography is embedded across nearly every system and workflow. The risks of inaction are significant. Mabey outlined three major areas of exposure: loss of data confidentiality as encrypted information becomes vulnerable in the future; erosion of trust and integrity if digital signatures can be forged; and operational disruption, since many organizations lack full visibility into where cryptography is deployed. The report found that fewer than half of organizations have complete visibility into their certificates and keys, even before factoring in post-quantum requirements. To become post-quantum ready, Mabey described a phased journey that begins with discovery and inventory—understanding where cryptography is used, who owns it, and how it is managed. From there, organizations must build crypto agility, enabling them to change algorithms without disrupting operations. This includes people, processes, centralized policy, and automation, not just technology. Only then can organizations safely introduce post-quantum cryptography, often through hybrid approaches that combine existing algorithms with quantum-safe methods. The conversation also highlighted the urgency created by emerging standards. Guidance from NIST indicates that traditional public-key cryptography is expected to be deprecated by 2030 and fully disallowed by 2035, timelines that are likely to be followed globally. For telecom providers in particular, Mabey noted that long-lived infrastructure, embedded systems, and constrained devices increase exposure to “harvest now, decrypt later” attacks, making phased migration and vendor alignment critical. As the discussion concluded, Mabey stressed that organizations making progress treat post-quantum readiness as a program, not a one-time project. Those moving forward are aligning teams, investing in visibility and automation, and working closely with vendors that have clear post-quantum roadmaps. Those falling behind, she warned, are underestimating the operational burden and waiting for a “perfect moment” that has already arrived. View the report at https://www.entrust.com/resources/reports/ponemon-post-quantum-report-2026 Visit https://www.entrust.com/