Q-Day just got brought forward several years. Both Google and Cloudflare have revised their timelines for post-quantum cryptography (PQC) migration to 2029. Following a similarly compressed timeline will put extra operational strain on many HPE Nonstop customers. But that’s only the half of it. Legacy certificate and key management practices already overburden some of the world’s largest enterprises through manual work, high overheads and audit costs.
The bottom line: it’s time to modernize cryptographic operations. And that work should start with SSL and SSH.
Boston Consulting Group (BCG) estimated in October 2025 that PQC transition costs would amount to around 2.5% of annual IT budgets. That is for enterprises that begin the work immediately. Delaying to 2035 could double that figure, it claimed.
Moody’s explains why: “The loss of ability to stagger costs over time, misalignment with hardware refresh cycles, the need to execute migrations under tighter timelines, as well as increased execution risk and operational disruption.”
It adds that organizations “with the most complex, legacy-dependent technology environments” – like banks, payment processors and critical infrastructure providers – face “the steepest transition burden.”
This has two implications for HPE Nonstop customers. First, they should try to find quick wins wherever possible across their cryptographic environment, to ease the PQC transition burden. And second, this is a golden opportunity to tackle long-standing challenges with key and certificate management.
The risks should by now be well known to IT leaders operating HPE Nonstop environments. There’s no centralized key and secrets management functionality on the platform, meaning many organizations may have keys residing in clear text, or else have passphrases to unlock them stored in unprotected configuration files. Both represent an unsustainable single point of failure which could lead to costly security breaches and compliance failures.
Worse still, manual certificate rotation stretches teams and invites human error, increasingly the likelihood of outages if mistakes are made. And scattered secrets storage makes it difficult for auditors to get a single source of the truth – raising the cost of compliance with NIS2, PCI DSS 4.0 and other regulations. The burden is set to grow as certificate lifetimes shrink to 100 then 47 days over the coming three years. And as key sizes grow with PQC.
HPE Nonstop customers that do nothing will find their key and certificate management pipelines grow in cost and complexity, consuming engineering resources and exposing the organization to breach risk. This in turn erodes competitive advantage and increases the risk of costly breaches.Fortunately, there’s a better way forward, thanks to comforte TAMUNIO Assure. It’s a drop-in upgrade to post-quantum SSH and SSL designed specifically for HPE Nonstop environments. No script or code changes are required. Better still, it offers a centralized, HSM-backed way to manage keys and secrets, and automate certificate and key rotation. That delivers several benefits:
The G7 wants financial institutions to start their preparation, discovery, planning and risk assessment work now for PQC migration. This is not out of an abundance of caution. Given the risk today of harvest-now-decrypt-later attacks, it’s a necessity.
With a solution like TAMUNIO Assure, the business case for doing so becomes more compelling:
Q-Day is coming. But for HPE Nonstop enterprises, it can be an opportunity as well as a risk.