Quantum Computers Threaten Encryption — Here’s the Fix | Sharon Goldberg

Cloudflare| 00:05:44|Apr 16, 2026
Chapters7
Sharon Goldberg outlines her role, focus areas in AI security, postquantum cryptography, and data sovereignty at Cloudflare.

Cloudflare’s Sharon Goldberg urges rapid post-quantum upgrades, targeting 2029 rollout and 2028 readiness for Cloudflare 1, with a shift from encryption to post-quantum authentication.

Summary

Sharon Goldberg, a senior director at Cloudflare, outlines the urgent shift toward post-quantum cryptography as quantum computers inch closer to breaking public key cryptography. She notes that new research in the past three weeks has accelerated the industry’s sense of inevitability about this threat, and cites NIST’s 2030 deadline as potentially too late. Cloudflare is positioning itself as a critical infrastructure partner, aiming for 2029 upgrades across its network and 2028 readiness specifically for the Cloudflare 1 platform (Sassy). The focus is no longer solely on post-quantum encryption, but increasingly on post-quantum authentication to prevent credential forgery by quantum adversaries. Goldberg emphasizes checking with vendors about post-quantum encryption today and their roadmaps for post-quantum authentication, stressing customer demand as a driver. She also explains the distinction between “harvest now, decrypt later” scenarios and the newer authentication risks that quantum computers introduce. Finally, she highlights Cloudflare’s recent blog-supported initiative—the enterprise MCP reference architecture—as a practical artifact to help enterprises design secure, cost-conscious architectures. This video blends policy urgency, vendor awareness, and concrete product timelines to frame the industry’s path forward.

Key Takeaways

  • Post-quantum upgrade timelines are accelerating: Cloudflare targets 2029 for network-wide post-quantum cryptography upgrade and 2028 for Cloudflare 1 (Sassy).
  • 67% of traffic to Cloudflare’s network uses post-quantum encryption today, demonstrating early adoption and practical viability for the approach.
  • The industry shift from post-quantum encryption to post-quantum authentication reflects a new threat model where forged credentials could grant quantum-era access to critical systems.
  • Vendors should be pressed for current post-quantum encryption support and clear roadmaps for post-quantum authentication to drive urgency and adoption.
  • Cloudflare’s enterprise MCP reference architecture provides a concrete blueprint for secure, cost-conscious deployment of post-quantum capabilities in large organizations.

Who Is This For?

This is essential viewing for security engineers and decision-makers at tech and financial companies who rely on cryptography for infrastructure, as well as vendors building quantum-safe products who need a clear customer demand signal.

Notable Quotes

"In 2024, NIST… told the industry that we need to upgrade all of our public key cryptography by 2030."
Goldberg cites the NIST deadline to frame urgency.
"We announced last week that we are setting 2029 as a day for all of Cloudflare to be upgraded to postquantum cryptography."
Shows tangible company commitment and timelines.
"About 67% of the traffic that hits Cloudflare's network from a web browser for example is using postquantum encryption."
Demonstrates real-world adoption level already in place.
"Postquantum authentication… is what the internet is really working towards upgrading right now."
Highlights the strategic shift from encryption to authentication.
"The reference architecture for enterprise MCP… helps enterprises build these secure architectures and also control costs."
Connects the blog initiative to practical outcomes.

Questions This Video Answers

  • What is post-quantum cryptography and why is it urgent for the internet?
  • When will Cloudflare upgrade to post-quantum cryptography and what does that mean for me?
  • What is post-quantum authentication and how does it differ from post-quantum encryption?
  • How can enterprises adopt MCP reference architectures for quantum-safe security?
  • Which vendors currently support post-quantum encryption and what are their timelines for authentication?
Post-quantum cryptographyPost-quantum authenticationHarvest now, decrypt laterCloudflare 1 (Sassy)NIST PQC timelineMCP enterprise reference architectureQuantum threat to encryptionCloudflare blog post
Full Transcript
Hi, I'm Sharon Goldberg. I'm a senior director on the product team um inside Cloudflare 1 and I've been at Cloudflare for about two years now. So, right now I work on AI security, postquantum cryptography and I've also recently started working on our data sovereignty plans at Cloudflare. So, we're at a really interesting moment right now in terms of the postquantum uplift of the internet. In the last maybe 3 weeks, we've had new research results that were unexpected that really made the community, the quantum computing community, feel like we're getting closer to a day where we will have quantum computers that can actually break all of the public key cryptography that's being used on the internet. And we think that that day is sooner than we thought. And what's really interesting for me is that in 2024, NIST, the National Institute of Standards, told the industry that we need to upgrade all of our public key cryptography by 2030. And now what we're feeling like is 2030 might be too late, like cutting it close. And that's all really changed in the last 3 weeks. We at Cloudflare, we're an infrastructure provider. We provide infrastructure to much of the internet. And so because people rely on us for infrastructure, we feel it's really important that we be upgraded very soon because everyone else really needs to turn things on and use us and use infrastructure providers themselves. And so we're going to be ready as soon as we can. Um we announced last week that we are setting 2029 as a day for all of Cloudflare to be upgraded to postquantum cryptography. and the product uh suite that I work on which is Cloudflare 1, our Sassy platform. We um announced that we'll be ready by 2028. So really excited about that and lots of work to do. say if you're listening to this and thinking what you need to be doing. I think the most important thing to do right now is look at your vendors, look to see which one of them supports postquantum encryption today, because that's pretty much all that's available right now in the market, postquantum encryption, and then ask them about what their plans are for postquantum authentication, which is what the internet is really working towards upgrading right now. I think it's important that vendors hear this from their customer base because it's really going to help drive the urgency and the process of making these upgrades happen in time for whenever um that day comes when we have those powerful quantum computers. So, let's talk quickly about encryption versus authentication. Up until now, most of the industry has been focused on something called harvest now decrypt later attacks, which is something we should still focus on, right? And that's an attack in which an adversary collects data that's encrypted, stores it, and then in the future when the quantum computers become powerful enough, goes and decrypts that data. And so this is a threat if it's something like healthcare data, government data, financial data, all that stuff remains valuable even 5 10 years in the future. Right? So we've been worried about harvest now decrypt later attacks. How do you stop those attacks? Postquantum encryption. Which is why as of today about 67% of the traffic that hits Cloudflare's network from a web browser for example is using postquantum encryption and we use it in a lot of other places including Cloudflare 1 our sassy platform. So that's where most of the progress has been made by vendors up until now. Now what's changing is that there is now going to be an emphasis on postquantum authentication. So authentication is needed to stop someone from getting into a system that they're not authorized to access. So think about after we have these powerful quantum computers. If someone can forge credentials to a system using a powerful quantum computer, they can get into that system. So think about getting into banks, getting into telecoms, getting into infrastructure providers, getting into tech companies, using quantum computers to forge credentials is a really big threat. And so that's why our concern now in the industry and what we're doing at Cloudflare and where a big focus is is on postquantum authentication. And so you're going to start to see vendors talk about that. And the last thing I would say is that as you're thinking about this, you know, you talk to your vendors, see if they're supporting postquantum encryption today because they should be and then see if they're supporting postponum authentication in the future and what's their roadmap for getting that work done. You work in this area for a few years, encryption and post quantum included, and you have students. Can you give us a run through of what excites you the most in this area? Why do you like this area in particular? what should people know about them that I mean I'm really excited to work on this because I'm currently working at Cloudflare which is a great place to actually have an impact on the internet's cryptography. I used to work at a university where I would be kind of going to people companies like Cloudflare going to the ITF and and suggesting things but being at Cloudflare and being able to make those decisions is just really really exciting. So I'm having a really good time working on this cryptography uplift across the company. Can you tell us about the blog post that was launched this week where you participated in? Why is that important and people should care? This week we released Cloudflare's reference architecture for enterprise MCP. This happens to be something that I've had tens of customer conversations about. I get pinged every other day um for someone asking me to meet their customers and talk about how we've um adopted MCP in the enterprise. And so we decided it was time to really just write down what we've done internally and write down how do you build these secure architectures. And so um and actually not just about security, it's also about cost control and making it easier to discover things and use things. And so we wrote that all down and it became this giant reference architecture that um really excited to release in partnership with so many people across Cloudflare. And you can find it on the blog and it's part of agent week. So I hope you'll take a look and read it.

More from Cloudflare

Cita James on HR, Growth, and Building People Teams at Cloudflare thumbnail

Cita James on HR, Growth, and Building People Teams at Cloudflare

Sitta James outlines her HR career journey—from Oklahoma to Cloudflare, with stints in Austin, Lisbon, and London—and he

00:09:38
More Cores, Less Cache — And It Still Got Faster | Cloudflare Gen 13 thumbnail

More Cores, Less Cache — And It Still Got Faster | Cloudflare Gen 13

The episode centers on Cloudflare’s Gen 13 server hardware and accompanying software rewrites, detailing how hardware ch

00:44:30
Sales Is a Math Problem | Vinti Batiste, VP of Enterprise Sales at Cloudflare thumbnail

Sales Is a Math Problem | Vinti Batiste, VP of Enterprise Sales at Cloudflare

The video features Vinty Batist outlining her 30-year career in sales across IBM and Cisco, and her current leadership r

00:12:54
Cloudflare Email Service: now in public beta. Ready for your agents thumbnail

Cloudflare Email Service: now in public beta. Ready for your agents

The video introduces Cloudflare email service for agents, demonstrating how to send and receive emails, and showcasing i

00:10:41

Get daily recaps from
Cloudflare

AI-powered summaries delivered to your inbox. Save hours every week while staying fully informed.

Get Started