Before organisations can become quantum ready, they must first become trust ready, says Paul Holt, Group Vice President of EMEA, at the platform DigiCert.
Security teams understand that trust infrastructure rarely gets attention when everything is working as expected. The challenge is that when it fails, the consequences can be immediate. A certificate expires unexpectedly, a critical service becomes unavailable and customers lose access. Internal teams scramble to identify the cause while business leaders ask why the issue was not detected sooner.
These incidents are rarely caused by a single technology failure. More often, they expose a deeper challenge: the growing complexity of the trust infrastructure that underpins modern digital services. The conversation around digital trust has become increasingly focused on post-quantum cryptography (PQC), and rightly so. The prospect of quantum computing breaking today’s encryption standards presents one of the most significant technological shifts the industry has faced in decades.
Yet many organisations face a more immediate challenge. Recent research found that only 34% of organisations have a complete and current view of their digital certificates. Before organisations can prepare for tomorrow’s cryptographic challenges then, many are still struggling to manage today’s trust infrastructure effectively. This matters because digital trust is no longer simply a security issue. It has become a resilience issue.
Visibility is the foundation of risk reduction
Whatever the sector โ financial services, manufacturing, retail or critical infrastructure โ security and technology leaders are faced with the challenge of an operating environment which has evolved faster than the processes used to manage it.
Certificate volumes continue to rise, machine identities are proliferating and organisations are becoming increasingly dependent on cryptographic trust. At the same time, certificate lifecycles are shrinking and regulatory expectations growing. What was once a manageable administrative task has become a strategic challenge for security and infrastructure teams.
That aligns with what organisations are telling us because 62 per centย cite a lack of visibility as one of their biggest challenges. As certificates, machine identities and cryptographic assets continue to grow, security teams cannot effectively manage risk without a clear understanding of where those assets exist and which services depend on them.
Before discussing quantum-safe algorithms, organisations should ask whether they have the visibility and automation needed to manage trust at scale.
A single view of trust is becoming essential
It’s perhaps no surprise organisations are increasingly looking to consolidate trust management. Two-out-of–three say centralised management is now either business critical or highly important. The reason is straightforward. Most organisations struggle with siloed solutions and still rely on spreadsheets and manual processes to track critical trust assets. In combination, responsibility for trust rarely sits within a single team. Certificates, DNS and machine identities are often managed separately, creating fragmented visibility and increasing operational risk.
A consolidated approach using a platform helps organisations establish a clearer view of trust infrastructure, improve automation and reduce the likelihood of preventable outages.
PQC is exposing weaknesses
This is where the discussion around PQC becomes particularly relevant as quantum computing further exposes the trust management problem. Preparing for PQC requires organisations to understand where cryptographic assets exist, how certificates are deployed and which systems rely on vulnerable algorithms. Without visibility, discovery and automation, the transition to quantum-safe cryptography becomes significantly more difficult.
The same pattern appears when organisations consider quantum readiness. While awareness of quantum risk continues to grow, only 22pcย of organisations report having fully assessed their systems for future cryptographic threats.
This gap highlights a broader reality. PQC readiness is about achieving crypto-agility: the ability to identify, manage and update cryptographic assets efficiently across increasingly complex environments.
Modernisation is already delivering results
Encouragingly, most organisations recognise the need to act. Four in five are already implementing or planning PKI modernisation initiatives and, more importantly, those already on that journey are seeing tangible benefits. Nearly two-thirds report improvements in certificate lifecycle automation, while 60 per cent have experienced fewer outages because of modernisation efforts. The value of PKI modernisation is not confined to future quantum readiness, it delivers measurable resilience benefits today.
The practical starting point is straightforward. Organisations need a clear understanding of where certificates and machine identities exist, reduced reliance on manual tracking processes, and greater consistency in how trust assets are managed across the business. Visibility, automation and simplified management provide the foundation for reducing risk and responding more effectively to future change.
Those foundations will help organisations navigate a range of challenges, from shorter certificate lifecycles and evolving regulatory requirements to the eventual transition to post-quantum cryptography. The organisations best positioned for the future will be those taking steps today to modernise how trust is managed.
