Quantum computing still sounds like something reserved for research labs and sci-fi headlines. But the encryption protecting your bank logins, corporate VPN sessions, and health records may not age gracefully. That is the backdrop for Cloudflare’s latest announcement.
The company says it is now the first SASE platform to support modern post-quantum encryption standards across its entire Cloudflare One stack. That includes Zero Trust access, Secure Web Gateway, and WAN use cases powered by IPsec and its appliance. The idea is straightforward. Protect enterprise traffic now so it does not become readable later.
The urgency is not coming out of nowhere. The National Institute of Standards and Technology has warned organizations to upgrade cryptographic algorithms by 2030 or risk exposure to quantum-capable systems that could break traditional encryption. That deadline might feel distant, but migrating global infrastructure is not a weekend project.
There is also the issue of “harvest now, decrypt later” attacks. Threat actors can intercept and store encrypted traffic today, betting that future quantum computers will eventually unlock it. State secrets, financial data, healthcare records, and corporate intellectual property could all sit in cold storage waiting for that day.
Cloudflare has been talking about post-quantum cryptography for years. It previously rolled out post-quantum TLS and, in 2025, introduced a cloud-native post-quantum Secure Web Gateway and Zero Trust solution. With this update, it extends that protection to IPsec tunnels for WAN deployments, covering branch offices, data centers, and remote workers without requiring hardware upgrades or added costs.
CEO Matthew Prince did not mince words in the announcement. “Securing the Internet against future threats shouldn’t be a complex burden, or a reason to fragment the web,” he said. He also noted that since 2017, the company has been “doing the heavy lifting to bake post-quantum standards directly into the fabric of our network.” On the business side, he emphasized making post-quantum security “the default” with “no hardware upgrades, no complex configurations, and no added cost.”
Operationally, the IPsec implementation leverages the company’s global network for high availability. If a data center fails, traffic is rerouted automatically. The implementation also follows modern Internet standards to support interoperability across vendors, rather than forcing enterprises into a proprietary corner.
To be clear, large-scale quantum computers capable of cracking mainstream encryption are not here yet. But waiting until they are would be reckless. Security teams that push this off as a future problem could end up scrambling under pressure.
Whether competitors move quickly to match this remains to be seen. What is clear is that post-quantum encryption is no longer a niche research topic. It is becoming part of mainstream enterprise networking conversations. And that shift alone says a lot.
