Wiz Adds Post-Quantum Cryptography Readiness Features to Cloud Security Platform
TL;DR
- Wiz introduces a PQC toolkit to address 2029 quantum encryption deadlines.
- The suite tackles "cryptographic debt" and shadow encryption in cloud environments.
- Features include continuous visibility into protocols, services, and cryptographic artifacts.
- A new PQC Lens provides a framework for discovery, assessment, and remediation.
The clock is ticking on encryption as we know it. With quantum computing moving from the realm of science fiction into a tangible, looming threat, the industry has locked onto a 2029 deadline for post-quantum cryptography (PQC) readiness. It’s not just a date on a calendar; it’s the point at which current encryption standards could be cracked wide open. To help teams navigate this, Wiz has rolled out its "Wiz for PQC Readiness" suite—a toolkit designed to untangle the messy, often invisible web of cryptographic risk.
The transition to PQC isn't some distant "future-you" problem. It’s an immediate operational headache. Since Google signaled their own 2029 migration timeline back in March 2026, the conversation has shifted. We aren't just talking about key exchange protocols anymore; we’re looking at a total overhaul of authentication services. Why the rush? Two words: "Harvest-Now-Decrypt-Later." Attackers are scooping up encrypted data today, betting that they’ll have the quantum muscle to tear it open in a few years. If your data is intercepted now, it’s effectively compromised for the future.
The Cryptographic Debt Trap
Most organizations are sitting on a mountain of "cryptographic debt." Think of it as technical debt’s more dangerous cousin. It’s a mix of legacy algorithms and forgotten protocols buried deep in the infrastructure, often without a shred of documentation. When you don’t know what’s running, you can’t secure it. This "shadow cryptography"—hidden libraries and undocumented encryption—is a massive blind spot in modern cloud environments.
Wiz is trying to flip the script by turning that reactive, manual audit process into a living, breathing inventory. Instead of a point-in-time snapshot that’s obsolete the moment it’s finished, they’re pushing for continuous visibility. The platform keeps tabs on four high-stakes areas:
- Cloud-managed services: Keeping a close eye on the standards baked into your cloud provider’s native services.
- Protocols in transit: Flagging the ghosts of the past, like SHA-1, 3DES, and TLS 1.1, which have no business being in a modern stack.
- Shadow cryptography: Uncovering those rogue encryption libraries hiding in your applications and CI/CD pipelines.
- Cryptographic artifacts: Cataloging exactly which algorithms and key sizes are actually doing the heavy lifting across your enterprise.
Frameworks Over Firefighting
Migration is a massive undertaking, and it’s easy to get lost in the weeds. The Wiz solution introduces a PQC Readiness Framework to provide a map. It breaks the journey into discovery, assessment, and remediation. The star of the show here is the "PQC Lens," a visualization tool that lets security teams actually see their cryptographic posture. It helps you stop guessing and start prioritizing based on actual usage and exposure.
The urgency here is hard to overstate. While TLS 1.3 is the baseline for PQC, the global internet is still lagging in its adoption. Meanwhile, the industry is coalescing around NIST standards, specifically ML-DSA (FIPS 204) and SLH-DSA (FIPS 205). NIST is leaning heavily toward ML-DSA for digital signatures, making it the frontrunner for anyone building a roadmap today.
| Component | Function |
|---|---|
| PQC Readiness Framework | Provides a structured, phased roadmap for cryptographic migration. |
| PQC Lens | Offers visual risk assessment and mapping of cryptographic assets. |
| Cryptographic Champion Center | Centralizes governance and oversight for PQC initiatives. |
| CI/CD Integration | Embeds cryptographic scanning into the software development lifecycle. |
The Long Road to 2029
The acceleration of quantum computing has forced everyone to rethink long-term data security. The first step, according to the Wiz for PQC Readiness documentation, is simply knowing what you have. You can't replace legacy algorithms if you don't know where they’re hiding.
This is part of a broader, necessary shift toward proactive security. If you haven't already, it’s time to hold your internal policies up against the post-quantum roadmap provided by major infrastructure vendors. Keeping an eye on the cryptography migration timeline is the only way to plan for the inevitable upgrades to authentication and key exchange mechanisms.
Making Security Operational
Let’s be clear: moving to PQC isn’t just a patch. It’s an organizational shift. By baking cryptographic scanning directly into CI/CD pipelines, the goal is to stop the bleeding—preventing new cryptographic debt from being introduced while you’re busy cleaning up the old stuff. Manual reviews just can't keep up with the pace of modern development.
As highlighted in the State of Post-Quantum Cryptography report, the industry’s next big hurdle is PQC-based authentication. We’ve spent a lot of time talking about key exchange, but digital signatures are the backbone of trust. If you can’t verify who you’re talking to, the rest of the encryption doesn't matter much.
The complexity of these systems is well-documented, including in-depth analysis on cryptographic agility and quantum readiness. The challenge is balancing the move to quantum-resistant standards without breaking the systems that keep the lights on today. By centralizing visibility and governance, the industry is finally getting the tools it needs to survive the 2029 milestone and whatever comes after.
