As quantum computing inches closer to reality, conversations around its potential to disrupt modern cryptography are gaining ground. While Indian enterprises don’t yet see it as an immediate threat, security leaders acknowledge that the steps taken today will shape their future resilience. In this exclusive interaction with Tech Achieve Media, Vivek Srivastava, Country Manager, India & SAARC, Fortinet, shares insights on how businesses can prepare for quantum-safe security, the barriers to adoption, and Fortinet’s roadmap for helping enterprises future-proof their defenses.
TAM: How are Indian enterprises across sectors currently perceiving the quantum threat? Is it seen as an immediate disruptor or still largely viewed as a long-term theoretical concern?
Vivek Srivastava: Quantum computing is not triggering any alarm bells for Indian CISOs at the moment. Quantum computing is complex and based on science that is difficult to understand. If a theoretical physicist and Nobel laureate thought this, we can safely say mere mortals will not understand the mechanics of Quantum Computing.
This new technology promises an almost unbelievable impact that could wipe out the foundations of modern digital security. Many of us are naturally disbelieving of such claims, particularly those who were around during other “foundational” risks such as Y2K. Those of us who are jaded from this and other similar past experiences may assume this issue is being overhyped.
There is no quantum computer that exists today that’s powerful enough to decrypt modern encryption. Because it’s not an immediate threat, CISOs can always deal with this later.
TAM: What level of preparedness are you seeing among Indian businesses when it comes to transitioning toward quantum-safe encryption? Is this on their immediate roadmap or still viewed as something to evaluate later?
Vivek Srivastava: While organizations should absolutely be aware of and educated about quantum computing, there is no need to panic. A quantum computer capable of factoring RSA-2048 is thought by experts to be optimistically between eight and 15 years from viability.
Quantum computing won’t break your encryption tomorrow. But the steps you take today will determine your future resilience.
As CISO, your role is to lead your organization toward quantum readiness with a clear understanding of the threat, a roadmap for adopting post-quantum solutions, and a commitment to crypto-agility. The quantum era is coming. Security leaders who prepare now will future-proof their defenses, while others will be stuck playing catch-up.
TAM: From Fortinet’s perspective, what’s the most viable approach for organizations considering a shift to quantum-safe encryption? Rip-and-replace, phased implementation, or a layered strategy?
Vivek Srivastava: At Fortinet we are building a hybrid mode for gradual transition to post-quantum security that enables seamless integration of traditional public-key cryptography and Quantum key distribution (QKD). Fortinet introduced support for QKD integrations starting with FortiOS 7.4, enabling interoperability with leading QKD vendors via standardized interfaces. This capability underscores Fortinet’s proactive approach to quantum-resilient network security by integrating quantum-safe key exchange mechanisms into its NGFW architecture.
Fortinet was founded on the principle of converging networking and security through a single operating system. This unique approach enables Fortinet to deploy cutting-edge updates, such as quantum-safe innovations, across its unified operating system, helping customers future-proof their security postures. FortiOS has an enhanced user interface that simplifies the configuration and management of quantum-safe settings so that network administrators can implement quantum-safe security easily. It also supports Algorithm stacking, which combines multiple cryptographic algorithms to create a more resilient solution and enhance network infrastructure security.
FortiOS features empower organizations to safeguard highly sensitive data from quantum threats, migrate to post-quantum security, and future-proof their infrastructure with no performance impact.
TAM: What are the typical internal barriers, technical, operational, or cultural, that hinder the adoption of advanced encryption technologies across industries?
Vivek Srivastava: On the horizon is a topic that many CISOs struggle to quantify and accept as a risk: the incredibly complex and potentially disruptive technology of quantum computing. This technology promises revolutionary breakthroughs in science and industry, but at the same time, there are technical barriers in adopting new encryptions.
At preset many organizations store data that must remain secure for decades such as health records, legal contracts, intellectual property, and national security data. Replacing cryptographic systems at scale requires a significant amount of time. Many software applications, devices, and embedded systems have long life cycles and operate in environments that are difficult to patch or migrate.
TAM: What capabilities or attributes should organizations prioritize when choosing partners to support them in becoming quantum-resilient?
Vivek Srivastava: Start with a crypto-agility assessment. Inventory where and how cryptography is used across your systems, including Internal applications, Vendor products, APIs and protocols, Certificates and key stores. Gaining this visibility is essential for crypto-agility and planning for future migrations to quantum-safe alternatives.
Seek out vendors who proactively implement post-quantum cryptography, as this will become a critical trust differentiator as quantum computing technology advances. It’s encouraging to see that many hardware and software vendors are beginning to offer quantum-resistant options or are at least sharing roadmaps for related offerings that they plan to develop.
Engaging vendors with specific questions about Post-Quantum Cryptography (PQC) is a critical step in preparing for a quantum-safe future. Check if they have support for PQC today and have a hybrid solutions that combine both traditional and PQC algorithms. Make PQC support part of your procurement and vendor risk assessment criteria.
TAM: Are there specific high-impact use cases across sectors where quantum-grade encryption can deliver significant business or security value?
Vivek Srivastava: Quantum computing leverages the principles of quantum mechanics, such as superposition and entanglement, to perform computations exponentially faster than classical computers. In practical terms, this means that quantum computers can perform multiple calculations simultaneously which could, in the future, solve problems in seconds that would normally take traditional systems centuries. This is good news for computational modelling, which is used in various activities, including pharmaceutical drug discovery, logistics, finance, and research and development.
But for the cybersecurity industry, quantum computers have the potential to break the encryption algorithms that secure today’s digital infrastructure. A sufficiently powerful quantum computer running Shor’s algorithm could break the underlying algorithms like Rivest-Shamir-Adleman (RSA), Elliptic Curve Cryptography (ECC), and Diffie-Hellman (DH), rendering most existing secure communications vulnerable to decryption.
TAM: What is Fortinet doing to help Indian enterprises prepare for a quantum-resilient future? Could you share insights into the solutions, partnerships, or innovations Fortinet is bringing to the table in this space?
Vivek Srivastava: At Fortinet, we’re committed to arming customers with cutting-edge technology to protect against new and emerging threats. As quantum computing advances, organizations can trust Fortinet’s technology innovation and leadership to safeguard their critical data and future-proof their infrastructures. Many enterprises are eager to take action to protect their networks from quantum-powered threats. That’s why we’ve made cutting-edge, quantum-safe features available today for FortiGate NGFW and Fortinet Secure SD-WAN customers, so they can confidently transition to post-quantum security.
Also read: Fortinet Advances Quantum-Safe Security to Guard Against Emerging Quantum Threats
With FortiOS 7.6, organizations, such as those using FortiGate next-generation firewall (NGFW) and Fortinet Secure SD-WAN, can now leverage built-in quantum-safe features designed to defend against emerging threats, including harvest-now, decrypt-later (HNDL) attacks. These capabilities help secure network traffic, simplify deployment, and support a smooth transition to post-quantum security. Customers have access to quantum-safe features at no additional cost which include Post-quantum cryptography (PQC) methods, including National Institute of Standards and Technology (NIST)-approved algorithms like ML-KEM and emerging algorithms like BIKE, HQC, and Frodo.
