Dell Targets Storage for Post-Quantum Transition This Decade

Dell is targeting post-quantum cryptographic readiness in its storage platforms by the end of the decade, a significant acceleration as the threat posed by future quantum computers rapidly intensifies. The timeline is compressing, with some organizations now prioritizing this transition rather than waiting for a later timeframe, driven by the very real risk of “Harvest Now, Decrypt Later” attacks where adversaries are already collecting encrypted data for future exploitation. The risk is already in motion, and attackers are also considering “Trust Now, Forge Later” strategies. This shift focuses attention on storage systems, where long-lived data and foundational platform trust mechanisms are particularly vulnerable to both current data breaches and future system compromise.

Harvest Now, Decrypt Later: Evolving Quantum Threats to Data

The escalating threat of quantum computing is no longer a distant concern; adversaries are actively preparing to exploit future decryption capabilities by collecting encrypted data now. This “Harvest Now, Decrypt Later” (HNDL) attack means adversaries are already collecting encrypted data today with the expectation that it will be decrypted in the future. For organizations managing long-term data storage, this reframes the perceived risk, shifting it from a future possibility to a present-day reality demanding immediate attention. Data intended to remain confidential for decades is now vulnerable if intercepted, as its future security cannot be guaranteed given the anticipated advancements in quantum computing power. Beyond data confidentiality, a secondary threat, “Trust Now, Forge Later” (TNFL), further complicates the landscape. Quantum capabilities extend beyond breaking encryption to undermining digital trust itself; digital signatures underpin firmware validation, secure boot processes, and software updates, all of which are susceptible to forgery.

If those signatures can be forged, attackers can introduce malicious firmware or compromise trusted update mechanisms, with immediate operational impact. This necessitates a shift in focus from solely protecting data to safeguarding the entire platform. With NIST finalizing the first post-quantum cryptographic standards, ML-KEM for key exchange, ML-DSA for digital signatures, and SLH-DSA for hash-based signatures, the building blocks now exist. However, deploying these standards across complex storage systems, layered with hardware, firmware, and software, presents a significant challenge. One expert stated, “PQC ready is not a product claim—it’s a dependency problem,” emphasizing that readiness isn’t solely defined by a platform, but by the entire, interconnected supply chain. Dell prioritizes transitioning firmware authentication and hardware root mechanisms, because if the system foundation is compromised, encrypted data cannot be reliably protected. Organizations must prioritize cryptographic agility and the ability to adapt as standards evolve and best practices emerge.

NIST ML-KEM & SLH-DSA: Building Blocks for PQC Adoption

The solidification of NIST’s post-quantum cryptography standards, ML-KEM for key exchange, ML-DSA and SLH-DSA for digital signatures, marks a critical shift from theoretical preparation to practical implementation. The challenge now lies in integrating these algorithms into complex existing systems. While some organizations now target post-quantum readiness by the end of this decade, rather than anticipating this in the mid-2030s, this acceleration is driven not only by decreasing resource requirements to break current encryption but also by a proactive threat landscape where adversaries are already engaged in “Harvest Now, Decrypt Later” (HNDL) attacks. This strategy underscores that data stored, particularly long-lived archives, backups, and compliance records, is immediately vulnerable if quantum capabilities mature. Storage platforms, comprised of layered hardware, firmware, and software, rely heavily on cryptography for data protection, key management, and trust establishment; each component must evolve without disrupting overall functionality. The ultimate goal is cryptographic agility, the ability to adapt to evolving standards and hybrid models, across all layers of the storage environment, ensuring a seamless transition without disruption.

PQC Readiness as a Dependency Chain, Not a Single Feature

Recent shifts in the projected timeline for quantum computing’s capabilities are forcing a re-evaluation of preparedness strategies, particularly within data storage systems. The complexity of achieving true post-quantum security extends beyond simply implementing new cryptographic algorithms; it’s fundamentally a problem of managing a vast dependency chain. A storage platform, encompassing controllers, drives, firmware, and networking, relies on a complex interplay of cryptographic dependencies, meaning a single vulnerable component can undermine the entire system. Regulatory pressure is further accelerating this transition, with organizations in sectors like finance and healthcare facing requirements to demonstrate PQC migration strategies.

Cryptographic Agility: Dell’s Multi-Layered Transition Strategy

The accelerating threat of quantum computing is forcing a fundamental reassessment of data security, shifting the focus from simply encrypting data to safeguarding the platforms that store it. Some organizations are now targeting post-quantum cryptography (PQC) readiness by the end of the decade, reflecting a perceived increase in immediacy. Storage systems, housing long-lived data like backups and archives, are particularly vulnerable, as data captured could have its confidentiality compromised in the future. This approach acknowledges the complex, layered nature of storage platforms, hardware, firmware, and software, where each component carries cryptographic dependencies. The goal is to engineer agility across these layers, supporting hybrid cryptographic models and enabling core storage workflows to adopt new methods without disruptive redesigns. Regulatory pressure, with directives establishing concrete PQC migration requirements, is further accelerating the need for organizations to prioritize cryptographic agility and build systems capable of adapting to evolving standards.