IBM Consulting and Thales are forecasting a critical shift in cryptographic security as the threat from quantum computing intensifies, detailing three key areas of focus for organizations. The collaboration addresses a dangerous reality where a “set it and forget it” approach to encryption has left many unknowingly vulnerable due to fragmented tools and a lack of visibility into their cryptographic footprint. “The window to prepare for post-quantum risk is already narrowing,” says Dinesh Nagarajan, Global Partner, Security Services at IBM Consulting, emphasizing the escalating cost of inaction regarding sensitive data. Despite cryptography being recognized as critical infrastructure by many, organizations still lack basic visibility into what they’re relying on, according to Todd Moore, Vice President, Data Security Products at Thales; together, IBM Consulting and Thales are delivering a comprehensive path toward crypto-agile security, enabling clients to better protect sensitive keys, secrets, and data while preparing for tomorrow’s cryptographic standards.
Joint capabilities enable a unified enterprise key discovery and inventory, automated lifecycle operations, and a centralized control plane for keys and hardware security modules, forming the foundation for quantum-safe cryptographic transformation.
Crypto Agility for Applications Cryptography often sits hardcoded inside applications, creating hidden risks and delaying modernization
The pervasive practice of embedding cryptographic code directly within applications is creating a significant and largely unseen vulnerability for organizations worldwide, hindering their ability to adapt to evolving threats. This approach results in fragmented security tools, outdated encryption algorithms, and a critical lack of visibility into an organization’s complete cryptographic footprint. Experts anticipate that this lack of awareness will become increasingly dangerous as the threat landscape expands, particularly with the approaching reality of quantum computing. Organizations are unknowingly exposed because they lack a comprehensive understanding of the cryptographic systems they depend on, impeding effective risk assessment. IBM Consulting and Thales are collaborating to address this challenge by helping organizations identify and decouple embedded cryptography from core application logic. This decoupling allows for centralized policy enforcement, enabling the creation of development pipelines that facilitate seamless transitions to post-quantum cryptography without requiring costly and time-consuming application rewrites.
As Todd Moore, Vice President, Data Security Products at Thales, notes, “Despite cryptography being recognized as critical infrastructure by many, organizations still lack basic visibility into what they’re relying on; without that, they cannot assess risk.” Together with IBM Consulting, we are delivering a comprehensive path toward crypto-agile security, enabling clients to better protect sensitive keys, secrets, and data while preparing for tomorrow’s cryptographic standards.
The window to prepare for post‑quantum risk is already narrowing. Cryptographic systems protect some of the most sensitive data organizations hold, and the cost of waiting only compounds-operationally, regulatorily, and in long‑term exposure.
Dinesh Nagarajan, Global Partner, Security Services at IBM Consulting
Quantum-Safe for Payments Payment systems carry some of the highest quantum-related risks due to their dependency on complex, interconnected cryptographic processes
Thales’s director of Global Systems Integrator Partnerships, Jarrett Hicks, authored an article outlining a shift in cryptographic security strategies as the company expands its collaboration with IBM Consulting. This partnership aims to proactively address the escalating threat quantum computing poses to existing digital infrastructure, particularly within the high-stakes world of global payments. Payment systems are uniquely vulnerable due to their reliance on intricate, interconnected cryptographic processes, demanding immediate attention to potential breaches. The combined capabilities will deliver end-to-end cryptographic mapping specifically for payments, alongside a detailed post-quantum cryptography impact analysis, and dual-track classical and quantum-safe cryptographic options. Industry leaders describe a move toward controlled, nondisruptive migration paths for large-scale payment ecosystems, enabling organizations to secure transactions and data without compromising performance. This collaboration extends beyond immediate security concerns, supporting modernization efforts for next-generation digital finance by integrating quantum-safe design principles from the outset.
By prioritizing risks and establishing centralized cryptographic control at critical network points, organizations can achieve crypto agility at network, gateway, and cryptographic service layers. This approach promises to eliminate redundant tools and reduce management complexity across hybrid and multi-cloud environments, ultimately accelerating innovation in areas like artificial intelligence and cloud transformations. Modernizing cryptographic posture isn’t solely a defensive measure; it’s a strategic business advantage, according to Thales. Organizations embracing this transition can expect minimized breach risk by eliminating “silent” control failures and orphaned keys, materially reducing their attack surface. The era of assuming digital trust is over, and the era of actively building it has begun. Upcoming webinars on May 21 and June 18 will showcase these joint capabilities in action, offering organizations a pathway to confidently lead their industries into the quantum era.
Despite cryptography being recognized by many as ‘critical infrastructure,’ many organizations still lack basic visibility into what they’re relying on.
Todd Moore, Vice President, Data Security Products at Thales
