Quantum computing has been discussed for decades without any real discernable idea of when theory and expectation would become reality. But in recent months, the ever-emerging technology has had its day in the sun, with even Microsoft predicting that a fault-tolerant and useful quantum system will become a reality in years rather than decades.
Microsoft, Google, and Amazon Web Services have made headlines in recent months with new quantum processors they claim solve the thorny issue of error correction for qubits, a key step in the development of quantum computers that can solve extraordinarily complex problems that even the largest supercomputers today can’t.
At the same time, companies like Google, HP, and others are instituting quantum-resilient encryption standards to protect data and systems from future quantum-based cyberattacks, NIST last year standardized general-purpose quantum-resistant cryptography algorithms, and the European Telecommunications Standard Institute (ETSI) this week launched its own post-quantum security standard.
Also this week, tech heavyweights Nokia and Honeywell joined Numana – a Canada-based think tank focused on emerging technology – to explore ways to protect networks in the upcoming quantum era.
What's an MSSP to Do?
With all this activity and a still unclear future, how should MSSPs be addressing quantum themselves or with their clients? That’s also unclear. There are some who argue they can start now to help organizations transition to post-quantum cryptography (PQC), which will enhance security today and down the road when quantum computing comes into play.
Others say that functional quantum computing is still many years away and the focus should be on encryption in the here and now, with an understanding that somewhere over the horizon will come a time for dealing with PQC.
For Chris Gonsalves, chief research officer at Channelnomics, the message is: “It’s called ‘post-quantum’ for a reason. It’s coming, but it’s not here this morning. Deep breaths, people.”
“I hear two things in the security channel about PQC,” Gonsalves told MSSP Alert. “First, ‘It’s many years away and I don’t need to worry about that.’ Or, second, ‘It’s happening now and, OMG, my hair is on fire! I need to get on this! Please help me!’ The reality for diligent PQC preparation for MSSPs today is somewhere between those two polar extremes.”
No One's Sure When It Will Arrive
The uncertain timeframe plays a role in perceptions. That uncertainty was on display at Nvidia’s GTC 2025 show this month, where the GPU maker reserved a day to focus solely on quantum computing. It was there that Nvidia co-founder and CEO Jensen Huang walked back an earlier prediction that useful quantum computers were at least 15 years away.
Whatever the timeframe ends up being, it’s still a while away, said Kevin McGrail, cloud fellow and principal evangelist with Google Cloud security partner DitoWeb.
“I don't think Quantum is close enough to commercial availability nor will most customers have needs that take advantage of the advantages of Quantum Computing until a few years after it is available,” McGrail told MSSP Alert. “For now, my opinion is that it's laboratory-grade and its next phase will likely be the supercomputer category, where most companies won't have one and MSSPs won't deal with them.”
The Arms Race
He noted that Google is working on quantum computing and is among those companies embracing PQC. He also recognized that threat actors, including adversarial nation-states, are now collecting stolen encrypted data with the idea of decrypting it when quantum computing comes online, a strategy referred to as “harvest now, decrypt later.”
But that’s the nature of cybersecurity anyway, and it gives legs to advice that McGrail gives his customers: “Plan for the encryption today to be broken readily and quickly.”
“Think about how many encryption methods we've had on computers [that are] broken a few years later without even worrying about quantum computing,” he said. “It's always an arms race.”
It echoes Gonsalves’ thoughts about organizations’ immediate needs.
“The reality is that a great many MSSPs have their hands full dealing with all of the non-sexy, lesser-hyped cybersecurity basics at every client they serve,” he said. “When you’ve got the whole NIST CSF [cybersecurity framework] on lock, then we can stress about the impact of quantum computing on what is now very strong, very capable cryptography. We’re not there yet on either of these challenges.”
Things That Can Be Done Now
That doesn’t mean there’s no room for quantum discussions. In a column for MSSP Alert in December, Karthik Kannan, vice president of product consulting and partnerships for global MSSPs and GSIs at certificate management firm AppViewX, outlined a number of steps MSSPs can take now.
Those include working with cybersecurity vendors to make CISOs and security architects aware of the security risks that will come with quantum computing, helping organizations implement quantum-safe algorithms like those from NIST, and collaborating with others to create a framework companies can use to adopt PQC
“Quantum computing may still be years away from mainstream adoption, but the risks it presents demand action now,” Kannan wrote. “MSSPs provide the expertise, tools, and proactive strategies to help businesses secure their digital assets in a post-quantum world.”
'Without Hype or Scare Tactics'
That dovetails with Gonsalves’s overall view, which is that MSSPs would be best served now by getting clients educated and prepared for the impact of quantum “without the hype or scare tactics.”
“Use your position as a security consultant and a trusted advisor to walk clients through realistic risk assessments of their security and encryption posture as it stands,” he said. “Do this with an eye toward understanding the implications of PQC 10 years out and what that might mean for increased investments in infrastructure and capabilities.”
He added, “Quantum computing’s evolution takes time, but adopting and implementing systems to deal with it also takes time, so now is the opportunity to plan and set target dates.”
