Fortanix's PQC Central Preps for Post-quantum World

Cybersecure2

By: Craig Matsumoto
July 10, 2025


Fortanix is extending its Armor platform further into the world of post-quantum cryptography, putting emphasis on the preparatory steps that enterprises arguably need to start now. The announcement is part of a gathering wave as security vendors begin marketing post-quantum readiness in addition to actual encryption technologies.

The company provides post-quantum encryption algorithms too. But at the moment, Fortanix—a Futuriom 50 company—is emphasizing a humbler but difficult step: simply finding out what encryption keys a company is using and which ones most urgently need replacing.

Fortanix's PQC Central product, launched late in June, handles those steps and the ongoing key management that's required afterward. PQC Central is a new feature in Fortanix Key Insight, which itself is part of Fortanix's Armor cypersecurity platform. It's available in AWS, Microsoft Azure, and Google Cloud and can also be implemented on-premises.

Preparing for the "Q-Day"

The issue has been in the zeitgeist for a long time: Quantum computing can cut through traditional encryption, such as the RSA algorithm or elliptic curve cryptography, in timeframes that fit a practical human scale. For heavy-duty encryption, such as 2,048-bit RSA, that day hasn't arrived yet.

Still, "Q-Day" is close enough to start setting practical timelines for the post-quantum transition. The UK's National Cyber Security Centre, for example, has published guidelines recommending complete migration to post-quantum cryptography by 2035.

To do that, however, the NCSC says an organization, especially a large one, should start carrying out its highest-priority PQC migration activities by 2031. And to do that, the organization needs to have completed the discovery phase—ascertaining what keys are out there and which are most vulnerable—by 2028.

Fortanix and others argue that the discovery and preparation phase alone could take years (plural). In that light, 2028 isn't far away. Hence, post-quantum readiness is likely to become a cybersecurity hot button during the next year or two.

Inside PQC Central

Fortanix's PQC Central covers post-quantum readiness as a process, recognizing it isn't as simple as a software patch. That process includes the ongoing key management that's necessary after the post-quantum transition.

Part of what makes the process cumbersome is that most organizations don't know where all their cryptographic keys are nor how old they are, Fortanix officials said. Those keys have been sitting in place for years or decades, not needing anyone to check in on them.

That's where PQC Central starts: finding an organization's cryptographic assets and gauging their vulnerability. Age is certainly a factor here; older RSA implementations are inherently simpler and would be the first to fail. PQC Central then calculates a "quantum readiness" score and flags priorities for post-quantum migration. As noted, Fortanex can also provide the post-quantum keys that would fuel that migration.

All this information is presented on one dashboard, helping an organization track assets throughout the post-quantum transition. The visibility matters because an enterprise might spend years in a transition phase, with only some of its keys upgraded to post-quantum algorithms. During that time, the company must continue manage existing keys and also might need additional work on the new ones, adapting them as algorithms evolve or new post-quantum threats arrive.

PQC Central is designed to unify multiple elements of the post-quantum transition. That unified approach is part of Fortanix's overall philosophy. Earlier this year, the company introduced Armet AI, a platform that secures not only the LLM itself, but also the data, whether in-motion, in-use, or at rest. It's a turnkey pipeline that applies guardrails to data throughout the process.

Keyfactor, Fortanix, and F5

Keyfactor is another company targeting the post-quantum discovery phase. The company, a frequent Fortanix partner in other contexts, made a pair of acquisitions earlier this year that put it on a trajectory approaching that of PQC Central.

One acquisition, InfoSec Global, gives Keyfactor the tools for discovering cryptographic assets across an organization's footprint. CipherInsights, a product acquired from the company QuantumXchange, sits on the network to discover further cryptographic assets in use. For management of all these assets, Keyfactor has a product called Command, which already integrates with InfoSec Global.

It's part of an evolution that's seen Keyfactor, founded in 2014 as a public key infrastructure consultancy, moving into certificate lifecycle management and now deeper into managing cryptographic assets, including assessing post-quantum readiness.

F5 recently announced its post-quantum readiness program as well, integrating those features into the F5 Application Delivery and Security Platform. So far, the company is not attacking the discovery phase as strongly as Fortanix and KeyFactor are. Instead, F5 is emphasizing its abilities as an end-to-end platform with visibility across multiple environments—key factors to consider during the lengthy transition to post-quantum security.



Trending Articles