Kyndryl News: Quantum Safe Assessment Service For PQC
Kyndryl, a leading mission-critical enterprise technology services provider, offers its extensive Quantum Safe Assessment solution to prepare enterprises for quantum computing's security hazards. The new tool helps large companies prepare for Post-Quantum Cryptography (PQC) and protect their most sensitive data from quantum decryption threats. An rising number of security experts call the current status of cryptography the most crucial turning point in its history.
Kyndryl's service takes on cryptographically relevant quantum computers (CRQCs). Large-scale quantum computers that can crack RSA and ECC may take years to become fully functioning, but there is little time to prepare. This service is driven by the “Harvest Now, Decrypt Later” (HNDL) threat.
This model shows how negative actors, including state-sponsored organisations, are harvesting bulk encrypted data on financial transactions, intellectual property, sensitive communications, and personal information. Store this data until a CRQC is ready, when it will be easy to decipher. Organisations that store data for decades, such as government records, patents, and life science research, face this risk.
Kyndryl's spokesman says the risk management issue of quantum systems undermining encryption is real. The Quantum Safe Assessment service detects vulnerabilities and creates a customised, phased transformation plan to enable a safe and seamless transition to quantum-resistant standards.
Kyndryl's four-pillar strategy assesses a digital environment to advise, prepare, build, and implement quantum-safe solutions.
The Four Quantum Readiness Pillars
Encryption Discovery begins with a forensic study of the client's IT infrastructure. The most crucial stage, this first step finds all encryption protecting data layers, services, and apps beyond a simple network investigation. Cryptographic Bill of Materials (CBOM) building is the major output.
This CBOM is a centralised inventory of quantum cryptography, its location, implementation, and key holders. This knowledge is significant since many major firms are unaware of their cryptographic dependencies, which are often hidden in outdated systems or third-party components. To protect the enterprise's data layers, apps, and services, the CBOM must determine which encryption methods are used.
Discovery leads to Risk-Based Classification and Prioritisation. In this key stage, systems are assessed and ranked by quantum attack susceptibility and business impact. Kyndryl evaluates data sensitivity, data lifecycle demands, and regulatory compliance, including GDPR and HIPAA.
Payment gateways, public-facing interfaces, particularly sensitive internal data vaults, and cloud infrastructure are exposed to urgent quantum threats and should be migrated first. This risk-based model ensures resource distribution by prioritising the most existential threats to the organisation.
The third step is creating a Transformation Roadmap. This tailored, phased roadmap for crypto agility is the result of the assessment. Crypto agility lets a corporation switch cryptographic algorithms and keys rapidly and smoothly.
The roadmap is future-proof due to ongoing standardisation, especially by the U.S. National Institute of Standards and Technology for PQC algorithms. Businesses can migrate to the freshly standardised PQC algorithms without having to go through the expensive, time-consuming, and disruptive migration process again while still implementing future iterations or hybrid schemes.
Kyndryl carefully integrates Zero Trust Integration into the service. Zero Trust design, predicated on “always verify, never trust,” is considered vital and natural for post-quantum encryption. The service secures each tier of the data protection and communication stack with quantum-resistant encryption to ensure Zero Trust security is resilient to computer power increases.
Despite the imminent threat, Kyndryl has exposed business executives' lack of comprehension. The 2025 Kyndryl Readiness Report found that only 4% of CEOs believe quantum computing will have the greatest impact on their companies in the next three years. This statistic worries me.
Due to this lack of executive urgency, outside, proactive guidance like Quantum Safe Assessment is needed. Kyndryl says upgrading software libraries is only one of the massive migration issue. Re-engineering embedded hardware, complex supply chains, proprietary communication protocols, and IoT devices can take years for large, international companies. Kyndryl claims it can lead this project due to its significant experience managing the world's most complex and important IT infrastructure.
Businesses have less time to prepare as global race to build a workable CRQC heats up. The Quantum Safe Assessment service is a powerful call to action since it gives a systematic, professional way to turn quantum decryption into a brief-term security measure. Multinational organizations must now prepare for PQC as part of their long-term data stewardship and business continuity.