Introduction

I recently watched the latest video from John Savill on quantum-safe cryptography, and it’s one of the clearer explanations I’ve seen on why this topic actually matters today.

Not for 20 years.
Not “once quantum computers exist”.
Today.

Quantum computing isn’t just about being faster.

One of the most important things John says is that quantum computers don’t just make everything faster.

They are very good at solving very specific problems:

  • Factoring large numbers
  • Solving discrete logarithms
  • Finding the periods in mathematical functions

That’s exactly how modern public-key cryptography works.

RSA, ECC and Diffie-Hellman are all fundamentally broken once large quantum computers with the ability to tolerate faults are available.

The Real Threat: Harvest Now, Decrypt Later

The most uncomfortable part of the video is the reminder that attackers don’t need quantum computers today.

They can start encrypting your traffic right now. Store it and decrypt it later.

If your data is important (like government or healthcare data, or data about who you are), then it could already be at risk in the future.

Post-Quantum Cryptography Helps

The move toward post-quantum cryptography is the right one:

  • Kyber (ML-KEM) for key exchange
  • Dilithium (ML-DSA) for signatures

These algorithms don’t rely on math problems that quantum computers are good at solving.

Microsoft integrating these into SymCrypt, Windows, Azure, and M365 is a big step in the right direction.

Azure’s Advantage

One of the biggest benefits of using Azure’s services is that you don’t have to manage the cryptographic migration yourself.

Services like Azure App Service, Azure Storage, Azure SQL Database, and Azure Key Vault are continuously updated by Microsoft to support the latest cryptographic standards. As post-quantum algorithms become standardized, these services will automatically incorporate them.

What this means for you:

  • Automatic cryptographic agility: You don’t need to apply a manual patch.
  • Compliance by default: Azure is responsible for planning the schedule for the migration.
  • Defense in depth: There are lots of different layers to keep things safe, and not just using codes.

Practical Steps for Azure Customers

While Azure’s services handle much of the heavy lifting, you should still:

  1. Inventory your cryptography usage: Use Azure Policy and Microsoft Defender for Cloud to identify where cryptography is configured in your environment
  2. Review custom applications: Check any custom code that implements cryptography directly
  3. Enable TLS 1.3: Already supported across Azure services and includes more modern cipher suites
  4. Plan for Private Endpoints: Reduce exposure by keeping traffic within Azure’s backbone network
  5. Monitor security recommendations: Azure Security Center will flag outdated cryptographic configurations

But here’s the critical part:

Cryptography has never compensated for bad architecture.

Quantum-safe algorithms won’t work if:

  • Your traffic is out in the open for everyone to see.
  • Your data doesn’t have to leave your device, but it often does.
  • You share information that is too sensitive.

What Actually Makes Sense Today

What I took away from the video is not panic, but preparation:

  • Reduce data exposure wherever possible
  • Prefer private networking over public endpoints (Azure Private Link, VNet integration)
  • Understand where and how cryptography is used in your systems
  • Start inventorying crypto dependencies in custom applications
  • Use Azure Key Vault for all key management (Microsoft manages the quantum-safe migration roadmap)
  • Enable Azure Policy to enforce minimum TLS versions across your subscriptions

Vendors will take care of most of this for services.
The real work is usually in your own code or cloud foundation.

Final Thoughts

Quantum computing will definitely change security.
But the basics stay the same:

  • Defense in depth
  • Minimize attack surface
  • Don’t rely on crypto alone to save you

And if you’re using Azure’s services, you’re already on the right path.

Sources

  1. John Savill, “Quantum-Safe Cryptography Explained,” YouTube, https://www.youtube.com/watch?v=5—yBhgDrXM

  2. Microsoft, “Quantum-Safe Cryptography Journey,” Microsoft Security Documentation, https://learn.microsoft.com/en-us/security/quantum-safe/

  3. Microsoft, “Azure Well-Architected Framework - Security,” Azure Documentation, https://learn.microsoft.com/en-us/azure/well-architected/security/

  4. NIST, “Post-Quantum Cryptography Standards,” NIST Computer Security Resource Center, https://csrc.nist.gov/projects/post-quantum-cryptography

  5. Microsoft, “Azure Key Vault Security Features,” Azure Documentation, https://learn.microsoft.com/en-us/azure/key-vault/general/security-features

  6. Microsoft, “Microsoft Defender for Cloud,” Azure Security Documentation, https://learn.microsoft.com/en-us/azure/defender-for-cloud/