Thales’ Third PQC Palooza Sets the Scene for Post-Quantum Priorities Throughout 2025

At its annual PQC Palooza at RSA last week, Thales brought together industry leaders, post-quantum experts, and top cybersecurity vendors together to discuss everything and anything quantum computing, including Post-Quantum Cryptography (PQC) and Quantum Random Number Generation (QRNG). Kicking off with a fireside chat between renowned experts, Dr. Michele Mosca and Dr. Taher Elgamal, and with panels led by in-house quantum expert, Blair Canavan, discussions focused on the prospective impact of the quantum threat throughout the cybersecurity industry. There to lend their expertise on two panels were Accenture, IBM Consulting, Deloitte, Kyndryl, Google Cloud Services, Palo Alto, and Keyfactor, while experts from DigiCert, Ascertia, Quantinuum, Garantir, and InfoSec Global offered insights into their individual activities in helping customers prepare for Cryptographically Relevant Quantum Computers (CRQCs).

Since its conception in 2023, the PQC Palooza has become a staple among cryptographic enthusiasts at RSA. Beyond its popularity among RSA attendees, Thales exclusively announced its decision to take the Palooza on the road, hitting the Asia-Pacific region and Latin America in the coming year. Increasing demand for post-quantum events, beyond the boundaries of North America encapsulate the growing global focus on the current post-quantum transition, while firmly placing Thales at the edge of quantum innovation. With the National Institute of Standards and Technology’s (NIST) announcement of four official PQC algorithms last August, and the addition of HQC to the list in March this year, 2025 is already shaping up to be a critical year for post-quantum investments, sparking early market developments in the burgeoning quantum space. Through expert-led panel discussions and vendor presentations, the Palooza underscored the most pressing matters for expert attention on the cybersecurity quantum agenda, at least for the next year.

Namely, the heavy presence of cryptographic asset management vendors and organizations offering digital signing solutions illustrated the critical role of inventory management as a first step in the quantum transition and pinpointed firmware and software signing as first-movers toward PQC, in line with ABI Research’s forecasts in our Post-Quantum Cryptography: Developments in the PQC IP Market (PT-2995) report. Given the demands for crypto-agility, not only as a focal part of the post-quantum transition, but as a crucial step in preparing for shortening certificate lifecycles and managing enterprise data sprawl, the Palooza indicated that vendors that prioritize flexibility and collaborative business models are likely to see the most success in the emerging quantum market (see ABI Research’s PKI and PQC Business Models report (PT-3203). Discussions around cloud computing and PQC adoption exhibited the necessity of balancing both the unique challenges that cloud computing brings to the quantum table, including latency and interoperability issues, but also the enhanced horizontal testing capabilities proffered by cloud ecosystems. Last, Palo Alto outlined the role of Artificial Intelligence (AI) in bolstering the success of brute force attacks and the importance of strengthening key entropy, centering QRNG as the solution to these woes and emphasizing the growing currency attached to the terms “quantum,” “quantum-safe,” and “quantum-resistant” when describing new technologies.

Current statistics state that there is a 10% risk of a post-quantum disaster in the next 5 years, increasing to 30% in 10 years, and the vast landscape of assets and processes with protections that will require updating, so the move toward quantum resilience requires careful preparation, clear prioritization, and collaboration across the cybersecurity ecosystem. To date, inventory discovery has been overly technical and siloed. A top-down, organization-wide approach is necessary to ensure that all avenues are covered within an enterprise’s quantum strategy. Additionally, crypto asset protection and management should be rooted in the business context in which enterprises are operating; without contextualization, there is no clear impetus for enterprises to implement quantum-safe measures for their data and assets. Understanding system dependencies and providing context with regard to potential impacts on Intellectual Property (IP) and business continuity will differentiate vendor remediation solutions from the pack.

Further, compliance remains a key piece of the puzzle, especially with NIST setting clear deadlines for the deprecation of RSA and ECC. However, centering internal quantum policies around a self-managed, outcome-based migration process, rather than regulation-driven migration will be key to accommodating the unpredictable length of time needed for upgrade cycles, as well as enterprise or vertical-specific challenges. Getting ahead as much as possible is key, especially as the transition to PQC is expected to be dynamic and regulators may not always be able to forecast accurate deadlines for implementing PQC. Certifications will be crucial in this regard, particularly via the NIST Cryptographic Algorithm Validation Program.

While the path toward quantum resistance is becoming clearer, the post-quantum market remains fluid and unsettled, with remaining questions still to be answered. With regard to remediation, it is not clear what shape the market ecosystem will take as of yet. Hyperscalers, service providers, and vendors offering custom solutions are all vying for a spot, but who will dominate is still unknown. Moreover, misalignment continues between quantum experts and industry leaders regarding the role of emerging technologies such as QRNG in the quantum transition. Debates persist around whether there is a true quantum threat to randomness, seeing no clear advantage with QRNG compared to how randomness is currently constructed. Others propose QRNG as the new foundation for cybersecurity systems and as a vital part to CRQCs when they arrive. To streamline the post-quantum transition and bolster alignment, collaborative industry events like the Thales PQC Palooza that stimulate conversations between experts on opposing sides of the fence are increasingly important in the post-quantum space.