Cloudflare has launched what it is calling “the industry’s first quantum-safe Zero Trust platform.” It allows organisations to securely route all web-based communications to take advantage of end-to-end quantum-safe connectivity.
It says it will extend this to support all IP protocols by mid-2025 with the release of WARP-client-to-tunnel network configurations. This will give organisations a simple route to making all communications quantum-safe without updating all applications or systems individually.
Matthew Prince, co-founder and CEO at Cloudflare, said, “Cloudflare has long committed to making post-quantum security the new baseline for Internet security, delivering it to all customers so we can bolster defenses against future quantum threats. Now, we’re offering that protection built directly into our Zero Trust solutions.
“We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security. We will continue to make advanced cryptography accessible to everyone, at no cost, in all of our products.”
What is this about?
Every organisation wants end-to-end encryption of all its communications, from web browsing to data moving to and from web applications and all other traffic. The emergence of quantum computing threatens to make current encryption algorithms redundant. This is because its computing power will allow it to break existing protocols.
Once broken, all data in transit will be exposed, causing significant problems for organisations and individuals. It is not just data in transit that is at risk from quantum computing. National state attackers have been stockpiling data from breaches. That will be subjected to quantum computing attacks to unlock the data.
In 2016, the National Institute of Science and Technology (NIST) launched its post-quantum search for new encryption algorithms. Some of those are beginning to come to market, but integrating them across the Internet is a complex problem.
This is the challenge that Cloudflare is seeking to resolve here, along with other security issues. In 2023, it committed to providing post-quantum cryptography for free by default to all customers. It claims that 38% of the human-generated traffic connecting to its global network already has post-quantum protection.
This announcement takes that further and continues to deliver on that 2023 promise. The additional support later this year will take it even further.
Cloudflare’s Zero Trust Platform at the core of its solution
Cloudflare’s primary solution for post-quantum cryptography is its Zero Trust Platform. It brings together all the company’s Zero Trust solutions into one place for customers. In the release, the company says that this announcement will enable organisations to:
- Protect against “harvest-now decrypt later” attacks: Cybercriminals can capture encrypted data today, and store it until they can decrypt it when better quantum computers are available. Starting today, customers can direct their web traffic through Cloudflare’s global network, to protect against these future attacks by using post-quantum cryptography.
- Enable corporate web applications with end-to-end quantum security: Now organisations can grant employees access to corporate web applications—like HR systems, payroll and collaboration systems–without needing to upgrade the security of every single corporate web application individually. Cloudflare Access now can secure the Internet traffic from web browsers to corporate web applications from quantum threats.
- Deliver quantum safety for Internet traffic travelling to any corporate office, cloud environment or datacentre: By mid-2025, organisations will be benefit from end-to-end quantum safety for any protocol connected through Cloudflare’s most popular network configurations by installing Cloudflare’s WARP device client on their end users devices.
Enterprise Times: What does this mean
The clock for post-quantum cryptography has been ticking for almost a decade. While an increasing number of vendors are delivering solutions, organisations are still not rushing to adopt them. One key reason is the impact on all their existing applications and systems.
Cloudflare is looking to remove that blocking factor with this release and the updates to WARP in mid-2025. Implementation is relatively simple, and therefore, it will appeal to all customers.
However, customers will not want to deploy a solution with a history of outages. This year, the company has had multiple issues with billing, subscriptions and updates. Its rules system, object storage and other components have been down several times. Being secure is critical, but so is being operational. It creates a real conundrum for customers as to what to do.
It will be interesting to see how quickly Cloudflare’s competitors in the Zero Trust market respond to this announcement. For most large enterprises, having more than one trusted service is a requirement for resiliency purposes.
This is a reminder that organisations need to make post-quantum cryptography a key goal for 2025.
