Secure your future: Upgrade to post-quantum cryptography with Zero Trust

Welcome to this Cloudflare TV episode. I'm John Engates and I am Field CTO here at Cloudflare and this is Security Week 2025. And in this session, we're going to talk about a critical security challenge that we all face from quantum computing and a powerful solution, which is called post -quantum cryptography. This quantum computing revolution promises to revolutionize all kinds of fields, medicine, material sciences, a lot more. It offers unprecedented problem-solving power, but one of the problems quantum computers solve very uniquely well-suited for is really breaking modern encryption. So we're going to spend some time talking about quantum computers in that context. I don't want to steal the thunder of my team here. We've got a number of folks here on the call today that I think are experts at post-quantum. So joining me from the Cloudflare team, Bas Westerbaan, he's research engineer on the Cloudflare research team. Good evening, Bas. I think it's evening in your time zone. Almost still afternoon. Great to be here, John. Good to see you. And we have Sharon Goldberg. Sharon is product director on the Cloudflare product team. Hi, Sharon. Hi, thanks for having me. Okay. So thanks, Bas and Sharon. I'll introduce you a bit more in terms of your background and what you work on, but this is a big week at Cloudflare. This is Security Week, lots of news, lots of blogs, basically excitement and announcement across the company. And I thought we'd start with the announcement that we're going to spend some time on today. So Sharon, why don't we just jump right in and tell us what we announced on the blog this week? Yeah. So what we are announcing is the first phase of quantum readiness of our Zero Trust platform. And let me unpack what that means and why it's exciting. So first of all, in November, 2024, NIST announced that the conventional cryptography algorithms that we use everywhere in the Internet, that's RSA and ECDSA, they need to be deprecated by 2030. So that's five years away. That means that organizations have five years to figure out how to get these protocols, which are everywhere, out of their systems, which is a hard problem. And even more immediately, organizations need to be thinking about harvest now decrypt later attacks. That's a term that we use to just explain something very simple. If an adversary captures your communication today, and then in the future when they have a quantum computer and they can decrypt it, they can then decrypt your secret information in the future. So any information you have today would hurt you if it was decrypted in five or 10 or 15 years. That information needs to be protected with post-quantum cryptography today. So that's the sort of landscape that we're in right now. And at Cloudflare, we're not waiting until 2030 when NIST said that these very, very important algorithms are being deprecated. What we're doing is we've been deploying post-quantum cryptography across the company, across our products for years. And today our focus is on the Zero Trust platform. And so what that means is organizations can tunnel their corporate network traffic through our Zero Trust platform. And that platform will protect that traffic with post-quantum cryptography. So rather than having to go and upgrade every single individual application that they have or individual system that they have to post-quantum cryptography, you can imagine just shoving it through our Zero Trust platform and getting that post-quantum protection, wrapping it up. I'm going to go into more detail on exactly how we did this and what part of the platform are protected and how we've protected it. But really the idea is to just remove some of that burden from our customers and allow them to use our Zero Trust platform as a way of protecting their traffic as a whole as it flows through their corporate networks. Okay. Let me respond to some of that. I heard a lot in there. There's a lot going on. This is the most fun part about Security Week is there's so much going on. So Zero Trust and post-quantum cryptography, we are putting those two things together now. It's a lot of words. So let's just zoom out just a second and we'll talk to Bas. Why don't you tell us a little bit about quantum computers? I mentioned in the intro that these have the potential to undermine encryption as we know it today. So tell us a little bit about that and then we'll go back to Zero Trust and post -quantum. Yeah. So quantum computers really are a mixed blessing, right? So it's really exciting what they might bring for us in material science and there's all kinds of speculative applications. So it's something to look forward to. It's just a bit annoying that they break RSA and elliptic curve cryptography, right? Sharon touched upon it. Everything that's encrypted might be broken later. So we need to do something there. Luckily, we have the answer already. I mean, people have been thinking about the answer for a long time, academics, already for a few decades now. And that is post-quantum cryptography. That's cryptography designed to be resistant against the attacks of quantum computers. So that exists. And one step is having the cryptography, the other step is having it standardized. And that's been a long process, which has been underway for a long time now. Back in 2007, NIST started a competition, 2006 maybe even, and now the standards are out and we're using it. It's 2016 actually. It's 2016. No, it's right. I think Cloudflare has been working on this ever since I looked at it. I was in the room when they made that announcement. I think we were both in that room, Vaz, when they made that announcement. Was it 2016 in New York? No, you're right. There's too many numbers, right, Vaz? I looked back at our blogs at Cloudflare and I've seen consistent messages from Cloudflare going back to the 2016, 2017 timeframe. And so we've been working on this a long time. You've been working on this a long time, right? You've been involved in a lot of the behind the scenes when it comes to standards and how this is going to manifest in the world. So tell us just a little bit about that. Yeah, not quite from the start, but 2019 is when I rolled in. But this has been the forward thinking of our research team, because we've been working on making changes on the Internet with TLS 1.3, with QUIC encrypted high and low. And there's always one threat with changes on the and it's hard. Things don't go as easy as you expect. Things break. So we know that if you want to change something, want to make a big change, we have to start early. And that's why back in 2018, I'm not so sure about my years, we started an experiment with Google Chrome to try to figure out, does this stuff work? How will it perform in the real world? We have the theory, but how does it actually perform in practice? And over the years, we've been experimenting and deploying. And finally, in 2022, we felt ready to enable post-quantum encryption across the board on our edge. So that's Cloudflare basically jumping in early. You mentioned it. I think the scale that we have complicates things, but it also gives us an advantage in terms of trying things out at a scale perhaps that other people don't see. But it also requires us to get involved early because we want to understand what's coming. We want to shape perhaps the standards a bit, make sure that they work at our scale. And we want to get them into the hands of our customers fairly early, really just to try out, make sure it doesn't break things. And so you've been working on that for quite a while. And we have lots of blog posts. I would encourage everybody not just to read today's blog post about quantum-safe encryption, but all the ones that we've done in the past, because they sort of show you this process that we've followed. And we have enabled post-quantum on the Cloudflare edge, right? So basically the websites, the applications that are served by Cloudflare through our WAF, through our sort of edge infrastructure have been post-quantum for some time. Is that true? Yeah, yeah. Since 2022. Yes. And this is on by default. On by default. And that works in what context? Like would the browser tell us about how that works in practice? Well, it's quite seamless. If you have a modern browser, so if you have Chrome or Firefox, then it will just use it. If you go to any site on the Cloudflare website, it will use post-quantum cryptography immediately. And it's not just browsers, because a lot of the web is not browsers. Also, if you have an application that uses, supports post-quantum cryptography, it will just work seamlessly. But key part is the client application has to support it. So browsers support it. Yes. Thank you. I'm going to show a picture here. Number one. Worth a thousand words. So on the left, we see the browser and in the middle is Cloudflare. And if you go to any property hosted on Cloudflare, and you use a modern browser that supports it, it will automatically talk post-quantum cryptography. And that is basically represented there by, I guess that's Frankfurt in terms of the data center that we're, I guess that's what FRA is, either France or Frankfurt. So anyway, the point is that once you're connected to the Cloudflare network, we are able to provide you with a post-quantum cryptography tunnel all the way through, basically to the origin servers of the backend infrastructure. And that gives you a layer of protection from what Sharon described. Sharon, you called it harvest now, decrypt later. Is that the right term? Tell us about that. Yeah. So today, quantum computers cannot break cryptography, at least as far as we know, with what's publicly known. So we're not worried about adversaries like jumping in on connections and injecting information and manipulating the communication in order to break the communication live. What we're worried about is an adversary that collects the information, either stored data or TLS connections on the Internet, whatever it is that you're doing, copies that encrypted information, puts it in a database and pulls it back out in five or 10 or 15 years and decrypts it all. And so we do know of a lot of organizations and maybe Bas, you can speak to some of the ones that you've spoken to that are really concerned about their data today because they're worried that if whatever is collected today is decrypted in 10 years, that could actually be damaging to their business in 10 years. So we have a lot of customers and we've actually in the last few months had a lot of inbound interest from people asking to understand what is our strategy on post-quantum cryptography. And I think that's a combination of the NIST announcement that really made everything real, like saying that you're deprecating RSA and ECDSA, that is a very big deal to make that statement, in my opinion. And I've been in cryptography for many, many years. And so I feel like people are now paying attention and really trying to understand what does this mean for them. And then we also have organizations that have been concerned about the harvest now decrypt later attack and threat model for even longer than that, even before the NIST announcement. And so just the last few months have been really, really exciting actually watching announcement after announcement, quantum computing breakthrough after quantum computing breakthrough over the last few months, kind of leading up to what Kloveler has been doing quietly behind the scenes and now really a lot more actively when working with and talking to our customers. Yeah, I've been following the news lately and have seen announcements from all the major tech companies, right? So Google, then Microsoft, and then Amazon have all made announcements around quantum chips, basically the chips that are going to enable quantum computers in the future. We know that other companies have been working on this for some time. IBM comes to mind. We know governments are also super interested in quantum computers. There's sort of a race to quantum in the works. And I think the challenge is we don't really know when they're going to arrive. We have no definitive date, but we do have now some guidance around when we should prepare for quantum. So the dates that you've mentioned, Sharon, the 2030, 2035, those are coming from federal government, NIST specifically. I think the government and the financial sector seems to be the two sectors that are the most interested in this. So those are the questions I'm getting a lot is like, what do we need to know? What do we need to do? And again, Kloveler has been investing in this for quite some time. And I threw this picture up on the screen because it sort of describes that web browser to Kloveler Edge, but it goes a little further because on this screen, it says quantum ready clientless ZTNA. So that's part of the announcement as well. Tell us, Sharon, what, how the Kloveler network prepared us, you know, the work that we've been doing for some time to extend this capability. So first of all, I realized that I said a lot of buzzwords, which I don't like doing. So I'm going to try to rewind. So when we say Zero Trust or Zero Trust network access, really, that is what Kloveler calls our platform for building internal corporate networks. So you have employees, they need to access your data center, they need to access your offices, they need to access your corporate applications. How are they going to do that? The traditional way of doing that is with a VPN, virtual private network. Today, a lot of organizations are moving to a Zero Trust model. And all that really means is that in a VPN world, all you're all you're kind of doing is you're saying, employee can access VPN, and then they can get into everything that's in the corporate network. That's what VPN does. It's kind of like a castle in moat. There's a wall around your company. Once you're inside the wall, you can access all of the company's resources. What Zero Trust says is that we're going to use policies to say who can access what set of things, right? So, you know, I work in finance, I can access financial applications, I'm an engineer, I can access backend, I'm an SRE, I can access really sensitive, you know, servers and hardware. So all of those different pieces are controlled by Zero Trust platform. Cloudflare has a Zero Trust platform. And our Zero Trust platform uses actually cryptography and TLS to enable the connections. And one really cool thing that we've, we've been doing is we've been focusing on upgrading all of the connections that not only connect, you know, resources like servers or offices or data centers, so resources, but also subjects, so end users on their laptops into the network, right? So we've got resources on one side, which is all of the different corporate things you want to access. We've got subjects, which are all the people who want to access the things. And we want that entire connection from the subject to the resource to be post quantum secure. And so that's what this announcement is really about, that these connections are actually being carried over TLS with post quantum cryptography today. So if you look at this figure, this is a figure of one of the modes and the most popular network configuration of Cloudflare Zero Trust platform, which is when the user has a client on their device, which is the warp device client, and that client will connect them into Cloudflare's network, then they will travel across Cloudflare network. So in this example, the user has entered in Frankfurt and is going to leave in San Francisco, and then exit from San Francisco to whatever corporate office they're trying to access where there's some sort of server. So that's our zero trust platform. What we're saying today is that those connections are going to be protected with post quantum cryptography. So we've got connection number one, which is the connection from the, if you can see in the figure of connection one, from the client to that server in Frankfurt, that is speaking the mask protocol today, and that we are going to upgrade to post quantum cryptography within a few months that will be available. And so all of the traffic that the user has that needs to go into the corporate network would be able to be carried over this mask protocol that would be protected with post quantum cryptography. Then it's got to hop its way through Cloudflare's global network. So if it came in in Frankfurt, it comes out in San Francisco, it's got to take some hops through the network, one or more. Those are protected with post quantum cryptography. And then when it leaves Cloudflare network, it's going to go into your corporate office. And that is going to be a connection over Cloudflare tunnel, which is also protected by post quantum cryptography. So we have this end to end protection, which I think is really cool. It's not just the connection into the network, but it's also as it hops from data center to data center, we're also protecting it in this way. And so what that actually means is that customers can run whatever protocols they may have. These may be unencrypted protocols, they could be weird protocols. All of that is wrapped in these tunnels that have this post quantum protection. And that would protect it from these harvest now decrypt later attacks as it travels over the global Internet. The other thing I want to say, on the client side, the one link that we're just still needing to upgrade, and that is coming in a few more months, is that connection over mask. But we also have if you go forward one slide, John, this is our clientless mode of our Zero Trust network access. So what this is, is when a customer just uses their web browser to access resources, even without our device client, we do actually sell a Zero Trust platform that operates in this mode. We have some customers that actually use it exclusively in this mode. That is already fully post quantum protected. So that first connection link number one is already protected with post quantum cryptography and TLS 1.3. So that is the thing that we're really proud of. There's been a lot of work by a lot of different people across the company to make sure all of these connections are actually protected with post quantum cryptography. The last thing I wanted to say is if you go down two slides, John. So the last thing I want to say is we also have a secure web gateway as part of our Zero Trust platform. Our Zero Trust platform is actually a pretty sort of giant product portfolio. And one of the things that it also does is called a secure web gateway. What this thing does is it does TLS inspection. So if you are connecting to a website over TLS, what this way will do is it will inspect the TLS and apply rules to it. If you're visiting sites you shouldn't be visiting, or if there's malware being downloaded, all of that is being inspected and dealt with by the SWIG, secure web gateway SWIG. And so today our SWIG actually supports post quantum as well. What that means is if you're speaking to a server that speaks post quantum cryptography, we will be able to inspect that post quantum cryptography as well. So totally different use case, but again, part of our Zero Trust platform and allowing our customers to really live in this post quantum cryptography world without even feeling it or noticing that it's there because this is just there and it's on and you don't know what's happening, which I think is one of the best parts about this whole approach. Right. And I think that is the goal with our Zero Trust platform versus a VPN. I mean, you could always go back to the VPN that you have perhaps in place today or that you've used over time and upgrade that to post quantum, but it doesn't really buy you the full you know, sort of post quantum coverage because it's just that sort of connection from the user to the data center, perhaps that's really what a VPN covers. And you mentioned the castle emote, a traditional VPN, even upgraded to post quantum only gets you a post quantum tunnel to the castle, right? And then you have to think about, well, what's in the castle, what's beyond the castle. And that's really why a platform like Cloudflare is so uniquely well suited to this challenge. Is that, do I have that right? Yeah, no, I think that's exactly right. I mean, I think that we've all, so those of us who've been in the world of VPNs and in corporate networks and all of that, you know, 20 years ago, there was a corporate network, you were in the corporate network, and then we were all happy. Today, we're not happy with that. We know that that leads to lateral movement and all sorts of attacks. And so we really need to segment our corporate network and write policies for access to this corporate network. And so this whole movement to Zero Trust, that's what that's all about. And what we've just done is ensure that when you're making these connections into the resources, those connections are connected with post quantum. And we're also making sure that as the traffic actually does go over the global network via these connections across Cloudflare's network, that we're not also exposing that to attacks, that we're also ensuring that's protected with post quantum cryptography. And that's the part that people don't always think about. You know, like we can always get the traffic into Cloudflare over post quantum cryptography, and then send it over conventional cryptography over the rest of the Internet. That's not ideal, right? We want to make sure that entire connection is protected with post quantum cryptography. And then so that's what we've been able to do. So when I think about this, I think about, obviously, a large, potentially large, even a small enterprise, somebody that's trying to provide coverage for that end to end connection. But you don't have to use Cloudflare for this. I mean, you know, companies could certainly be on a path already to upgrade. You know, we've been on this path for a while. Bas, tell us about what kinds of things that you've seen in this process that are perhaps challenging or difficult or surprising that maybe an enterprise as they go on this journey might find themselves. Yeah, so at Cloudflare, we have a lot of products. And to be honest, I don't know even half of them. But if you have this task, we need to upgrade everything, right? So with some key products, we started, of course, with the big impact products, right? The very first product of us to get post quantum support is tunnel because that has a high impact. So a few of the big products were actually relatively straightforward to upgrade. But then for the migrating our internal connections, we need to figure out what are all our products, which connections are made, which data is transferred, right? There's not a single person at the company that knows. So this is not actually as much of a technical challenge as it is really a organizational change management challenge, an inventory challenge as well, right? We have it relatively easy because we own practically all of the software we have. We can modify, whereas a typical organization, they will have software from other vendors, maybe software written by companies that might be out of business. So it's a huge challenge. You have to figure out what's going on. What are we running? What do we need to upgrade first? And yeah, better start early, I would suppose. And to be honest, on our own migration, it was a huge effort. We basically had all sent an email to all our engineering teams, all our engineering teams had it on the roadmap in 2023 to figure out which connections there are, which to upgrade. And I'm happy to report that the vast majority of internal connections are upgraded, but there still remains a decent tail, which we are slowly working through. So it's a real challenge. Yeah, but I think one of the fun things that we did with this announcement was actually like we picked a couple of use cases that we thought were really high impact use cases and really focused on making sure that every connection end-to -end was post-quantum, right? And so we picked, in particular, we picked the reason I got involved from the Cloudflare One side was Cloudflare One has this really cool property that you can just shove all your traffic through these tunnels and they come out the other side and they're the post-quantum, regardless of what's actually going on on the traffic itself. And so we did go in one by one, link by link, making sure that we were able to have that post-quantum guarantee. Cloudflare itself is a big user of Zero Trust. We use it to protect our own employees accessing vital resources. And now that we have added post-quantum to it, we can check the box on everything that's tunneled through that. So that's, I mean, it's an incredibly useful tool for ourselves as well, right? So for a larger enterprise, this could potentially accelerate the coverage of post-quantum in a big way. I mean, instead of going through a process of inventory and upgrading and prioritizing all the different things that need to get upgraded, and you may need to do that anyway, because obviously in an organization with the big audits, you're going to have to show and demonstrate that you're post-quantum everywhere at some stage. But in the meantime, you want to mitigate the risk associated with harvest now, decrypt later. You want to protect the traffic that's flowing over the Internet. You want to protect traffic that's connecting between your users and internal and even external applications. And it feels like to me, this is a sort of once and done, you know, sort of a thing where you can take advantage of the Cloudflare network and get that post -quantum coverage from end to end for a very large swath of your organization. Is that how you're thinking about this? Yeah, I think that's right. I mean, I think the way to think about this is the traffic that's floating out of your data centers or flowing out of your offices or flowing from your employees when they're in a coffee shop, right? All of that we want to be protecting with post-quantum cryptography. And if you just run that over the Cloudflare Zero Trust platform, then you've now got that protection just by using the platform. So maybe this is a slide we'll just think about for just a couple seconds here. I mean, this is how Cloudflare obviously can step in and help you on this quantum security journey. Everyone's going to go through this, but we've already enabled post-quantum on the websites and the APIs that are served through Cloudflare, as we mentioned, in the context of TLS 1.3, now with post -quantum cryptography. And the announcements this week, spending, you know, sort of time talking about how we extend that into the realm of the Zero Trust platform. So you mentioned clientless, that's really off the back of the work we've already done for TLS, post -quantum network access in the work client context as well, and then the secure web gateway, which really gives you that whole enterprise-focused approach, you know, really coverage for all the users, you know, VPN replacement and that end-to-end connection. That's really the announcement this week. And I wanted to make sure we kind of cover that at the beginning, and as we get close to the end of our session here, just to remind everybody what we've been doing. I wanted to ask just a couple more questions. So, you know, long-term, what are the implications really in terms of this shift? Is this going to change the user experience? Are people going to notice this? Or, you know, tell me a little bit about what enterprises are going to see in terms of the real-world user experience. Great question. So we always worry, with changes, we always worry about breakages, right? And performance. But the nice thing here with Zero Trust is that these connections, they are all pretty mostly, so with the client to us and from us to the origin, these are all long-lived connections. So any slight performance degradation we see is completely ameliorated, right? It's just the startup, it's maybe a millisecond slower. And then, even then, we have been running now post-quantum cryptography on our edge for years now. In fact, 37% of all incoming requests are already secured with post-quantum cryptography. And there is a very small performance impact, but it's... Negligible. It's really hard to find. You see the graph, you barely can see it. So if there's any input, you might notice it. And all of that's offloaded to Cloudflare anyway, right? So basically, that's another powerful aspect of leveraging the Cloudflare network, is any change that's going on. And there's this concept of quantum agility, too. There may be changes coming. I mean, I think this is not the end-all, be-all answer to quantum. So maybe we'll, on the tail end of this conversation, maybe we'll leave it there. What is the future hold, and where are we going next? Oh, yeah. So the first step is encryption, and the next step is authentication. And this was the easy part. The certificates will be the hard part. But we've been thinking about this a long time. We got you covered. We got you covered. I think that is the message. Sharon, your team and the product organization is trying to think ahead and cover our customers' use cases. Maybe just the last word from you in terms of where we're headed as a company in this country. Yeah. I mean, I think we're lucky that we have people here working on the standardization efforts and writing the crypto libraries. It's luxurious as a product person to have those people available in your company. So that's really exciting. And I think that this space will continue to evolve. If you need any proof, you'll note that we are still today dealing with the fallout of MD5, a crypto hash function from 20, 30 years ago, still being in all our protocols and sometimes getting attacked. For example, I and a team of mine attacked it last year. So that still happens, right? And so we're going to be dealing with crypto agility issues for years. But I think one thing you can know about Cloudflare, Cloudflare has invested in this area really long before it was so immediate and even of interest to our customers. And we continue to experiment with new technologies and innovations today. And so it's really exciting as we start to develop, for example, protocols for post-quantum authentication and dealing with post -quantum certificates that will protect us against attacks, active attacks, attackers who are sitting there with a quantum computer and attacking our networks. This is not an attack we're worried about today, as far as I know, but in the future we will be. We need protocols and cryptography to protect us against that. We have a team here that's working on that and we will continue to experiment with that technology and put it in our products, see how it does and roll it out to our customers without them noticing. And so that's what's really fun and exciting to be here and to be sort of like watching all this innovation make its way into the products. Without really anyone noticing it. That's great. Exciting week at Cloudflare, security week, lots going on, especially in this context of post -quantum. Not the last word from Cloudflare on this topic. Stay tuned for a lot more. But this is a good step in the right direction, in my opinion, to really get companies in a position where they can start to be post-quantum ready, quantum secure, quantum safe, whatever the right term you want to use is. And I'm excited. Thank you, Sharon. Thank you, Boz, for joining us today on Cloudflare TV and excited to see what's next. Thank you.