Cybersecurity is based on a constant race between protection mechanisms and attack capabilities. For more than twenty years, modern encryption protocols have made it possible to secure Internet exchanges, financial transactions and professional communications.

But a new threat is emerging on the horizon: Harvest Now, Decrypt Later.

For organisations that manage sensitive data — businesses, government agencies, and institutions — it is becoming essential to anticipate this development.

Swiss Data Guard has already integrated Post-Quantum Cryptography (PQC) technologies into its infrastructure to protect its customers' communications from this new generation of risks.

The "Harvest Now, Decrypt Later" threat

Today, most secure communications on the Internet rely on cryptographic algorithms such as RSA or ECC (Elliptic Curve Cryptography).

These mechanisms protect:

• HTTPS connections
• VPNs
• Secure email exchanges
• Authentication systems
• Cloud platforms

The problem is not an immediate vulnerability, but something much more pernicious:

• An attacker intercepts and stores encrypted communications today.
• This data remains unusable for now.
• When quantum computers become powerful enough, these archives can be decrypted retroactively.

This means that communication considered secure today could become readable in 10 or 15 years. For certain data—trade secrets, medical records, strategic information, or government data—this timeframe seems compatible with their sensitivity period.

HTTPS: the cornerstone of modern security

The HTTPS protocol, based on TLS (Transport Layer Security), is now the foundation of Internet security. Whenever you see a padlock in your browser:

• the data is encrypted
• the server's identity is authenticated
• communications are protected against interception

However, TLS security still relies heavily on algorithms such as RSA or ECDHE, which could be vulnerable to a sufficiently advanced quantum computer.

Quantum computing: opportunities and new risks

Quantum computing represents a major technological revolution. Quantum processors will enable certain mathematical problems to be solved exponentially faster than conventional computers.

There are numerous potential applications:

• drug discovery
• industrial optimisation
• climate modelling
• advanced scientific research
• artificial intelligence boom

But this power also poses major challenges for cybersecurity. A well-known quantum algorithm - Shor's algorithm - could theoretically break current cryptographic systems based on factorisation and elliptic curves.

The consequences would be significant:

• compromise of historical communications
• loss of confidentiality of encrypted archives
• weakening of national security
• risks to industrial and financial secrets

Many governments and international organisations are already working to prepare for the transition to quantum-resistant cryptography.

The answer: post-quantum cryptography (PQC)

Post-quantum cryptography (PQC) refers to a new generation of algorithms designed to resist attacks from quantum computers.

These algorithms are based on different mathematical problems, which are considered resistant to known quantum algorithms.

Standardisation bodies — notably NIST — have recently selected several PQC standards intended to gradually replace the current mechanisms.Among them:

• CRYSTALS-Kyber for key exchange
• CRYSTALS-Dilithium for digital signatures

These technologies represent the future foundation of global cryptographic security.

Our approach: anticipating the transition

Our approach is based on several principles

At Swiss Data Guard, we believe that security must anticipate emerging threats, rather than simply reacting when they become critical. That is why we are gradually integrating post-quantum cryptography into our secure cloud services infrastructure. Our approach is based on several principles:

Hybrid encryption

We use mechanisms that combine:

• classical cryptography
• post-quantum algorithms

This hybrid approach maintains compatibility with current standards while introducing protection against future attacks.

Protection of collaborative services

Protection of collaborative servicesOur secure platforms — notably Nextcloud hosted in Switzerland — benefit from enhanced protection:

• enhanced TLS communications
• post-quantum key exchanges
• encryption of data in transit and at rest

This reduces the risk associated with the Harvest Now, Decrypt Later scenario.

Sovereign and controlled infrastructure

All Swiss Data Guard solutions are based on an infrastructure that is:

• hosted in Switzerland
• operated by our teams
• based on audited open source technologies

This complete control over the technical chain allows us to quickly integrate cryptographic innovations, including PQC.

Continuous innovation to build trust

The transition to post-quantum cryptography will not happen overnight. It is a gradual process that will involve the evolution of standards, software and infrastructure.

Organisations that anticipate this transition today will be best prepared to protect their strategic data in the long term.

At Swiss Data Guard, our mission is simple:

to offer businesses and institutions sovereign, secure cloud solutions designed to withstand the threats of tomorrow.

The integration of post-quantum cryptography into our infrastructure is fully in line with this vision.