Commvault has announced new enhancements to its post-quantum cryptography (PQC) capabilities, aimed at helping organisations protect sensitive, long-term data from emerging quantum threats. The move is part of Commvault’s broader push to support cyber resilience amid growing concerns over the future impact of quantum computing.
Quantum computers, which use quantum mechanics to solve problems far beyond the reach of today’s classical machines, present a significant cybersecurity risk. Experts warn that these machines could eventually break existing encryption methods, making it possible for bad actors to access sensitive data that was once considered secure. This risk includes so-called “harvest now, decrypt later” attacks, where encrypted data is stored now in anticipation of future decryption with quantum computing.
To address this, Commvault has expanded its support for encryption algorithms recommended by the US National Institute of Standards and Technology (NIST), adding the Hamming Quasi-Cyclic (HQC) algorithm to its cryptographic agility framework. The framework was first introduced in August 2024, when Commvault became one of the first data protection vendors to offer support for NIST’s post-quantum encryption standards such as CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ and FALCON.
Strengthening defence through crypto-agility
The updated framework allows Commvault Cloud customers to adapt to new encryption standards quickly and without major system changes. By integrating HQC, a code-based cryptographic algorithm designed to resist attacks from quantum computers, Commvault aims to offer another layer of protection for organisations managing data that must remain secure for decades.
“The quantum threat isn’t theoretical,” said Bill O’Connell, Chief Security Officer at Commvault. “We were among the first cyber resilience vendors to address post-quantum computing, and by integrating new algorithms like HQC and advancing our crypto-agility framework, we are providing our customers with the tools to navigate this complex landscape with confidence. Our goal is simple and clear: as quantum computing threats emerge, we intend to help our customers keep their data protected.”
Industries such as finance, government, and healthcare, where data sensitivity and longevity are paramount, stand to benefit most. Commvault also offers risk analysis capabilities that help identify where PQC can be applied, and its encryption options are designed to be simple to deploy, often requiring just a checkbox selection.
Urgency grows as quantum computing advances
The announcement comes as industry concern over quantum computing continues to grow. According to a recent poll by ISACA, 63% of cybersecurity professionals believe quantum computing will increase or shift cybersecurity risks, while 50% foresee compliance and regulatory challenges.
“Quantum readiness has become a business imperative, particularly for industries which handle data that remains sensitive for decades. The time when currently encrypted data can be decrypted using quantum technology is closer than many people think,” said Phil Goodwin, Research VP at IDC. “Commvault’s early adoption of quantum-resistant cryptography and commitment to crypto-agility positions it at the forefront among data protection software vendors in proactively addressing quantum threats.”
Commvault’s customers have welcomed the move. “Commvault has been an invaluable partner in our journey to enhance cyber resilience. Their leadership in adopting post-quantum cryptography, combined with their crypto-agility framework, is exactly what we need to meet stringent government security mandates and protect highly sensitive information from emerging quantum threats,” said Jeff Day, Deputy Chief Information Security Officer at the Nevada Department of Transportation.
Peter Hands, Chief Information Security Officer at the British Medical Association, added: “Safeguarding sensitive data is paramount, and the long-term threat of quantum decryption is a significant concern. Commvault’s rapid integration of NIST’s quantum-resistant standards, particularly HQC, gives us great confidence that our critical information is protected now and well into the future. Their commitment to crypto-agility is important for healthcare organisations like ours.”
Availability
Commvault’s post-quantum cryptography capabilities, including support for the HQC algorithm, are now available to all customers using Commvault Cloud software version CPR 2024 (11.36) and above.
