Cloudflare boosts defenses against future quantum threats

Cloudflare announced that it is expanding end-to-end support for post-quantum cryptography to its Zero Trust Network Access solution.

Available immediately, organizations can securely route communications from web browsers to corporate web applications to gain immediate, end-to-end quantum-safe connectivity.

By mid-2025, Cloudflare will extend this support to include all IP protocols, significantly broadening compatibility across most corporate applications and devices. With this, organizations will be able to rely on Cloudflare to transition their Internet communications between users, devices, and applications to post-quantum cryptography without the complexity of individually upgrading each corporate application or system.

Today encryption is used to keep online data protected—everything from personal messages, to financial information, to customer data—and anything that people and organizations would want to keep safe from hackers. As quantum computers move closer to production, that data is at risk of being unlocked, breaking current encryption methods and potentially exposing data that was once secured.

Conventional cryptographic algorithms used across the Internet securing everything from major financial organizations and healthcare providers to government agencies and consumer smart devices, are vulnerable to post-quantum attacks.

The National Institute of Standards and Technology (NIST) even made a landmark announcement to phase out conventional cryptographic algorithms and to adopt post-quantum cryptography by 2030, as experts now estimate significant risks could emerge in as little as five years. There is an urgent need to adopt post-quantum cryptography, and Cloudflare has led the industry by contributing to the creation of industry standards and making post-quantum security free, by default, for all of its customers.

“Cloudflare has long committed to making post-quantum security the new baseline for Internet security, delivering it to all customers so we can bolster defenses against future quantum threats. Now, we’re offering that protection built directly into our Zero Trust solutions,” said Matthew Prince, CEO at Cloudflare. “We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security. We will continue to make advanced cryptography accessible to everyone, at no cost, in all of our products.”

Since 2017, Cloudflare has been at the forefront of researching, developing, and standardizing post-quantum cryptography. Today, over 35 percent of the human-generated traffic connecting to Cloudflare’s global network benefits from post-quantum protection. Even in a future where quantum computing could compromise conventional cryptography, Cloudflare’s quantum-safe Zero Trust Network Access (ZTNA) solutions are designed to protect data as it travels over the public Internet. With this announcement, Cloudflare’s Zero Trust Platform will enable organizations to:

• Protect against “harvest-now, decrypt later” attacks: Cybercriminals can capture encrypted data today, and store it until they can decrypt it when better quantum computers are available. Starting today, customers can direct their web traffic through Cloudflare’s global network, to protect against these future attacks by using post-quantum cryptography.
• Enable corporate web applications with end-to-end quantum security: Now organizations can grant employees access to corporate web applications—like HR systems, payroll, and collaboration systems–without needing to upgrade the security of every single corporate web application individually. Cloudflare Access now can secure the Internet traffic from web browsers to corporate web applications from quantum threats.
• Deliver quantum safety for Internet traffic travelling to any corporate office, cloud environment, or datacenter: By mid-2025, organizations will be benefit from end-to-end quantum safety for any protocol connected through Cloudflare’s most popular network configurations by installing Cloudflare’s WARP device client on their end users devices.

“The world has five years to replace vulnerable cryptography with post-quantum solutions,” said Tom Patterson, emerging technology security lead at Accenture. “To meet this urgent client need, Accenture and Cloudflare offer a hybrid approach, enabling an iterative, low-risk migration while maintaining compatibility and cryptographic agility.”

Cloudflare’s quantum-safe Secure Web Gateway and clientless Access network configurations are available today, and WARP-client-to-tunnel network configurations will be available by mid 2025.