While numerous AI advancements announced last week caught industry eyes, Google dropped one more bit of quantum news that turned heads: their all-new, ultra-powerful quantum chip. Willow.
In case you haven't seen the news, here’s a breakdown of why it matters and what you can do to prepare for the quantum-powered future.
Google introduces Willow, their new quantum chip
The Willow chip isn’t just another notch in Google’s quantum belt. It’s a massive “whoa” moment in computing. With unprecedented advancements in error correction and coherence—two major hurdles in ongoing quantum research—Willow can solve problems that’d take today’s most advanced supercomputers 10 septillion years to crack.
Yes, you read that right. Septillion.
10,000,000,000,000,000,000,000,000.
How quickly can Willow do it? Under five minutes.
To put that into perspective, if classical computers are running a marathon, Willow just teleported to the finish line, snatched the medal and is already doing its twelfth victory lap.
However, this development is more than a scientific flex; it’s the starting pistol for practical, real-world quantum applications. Think faster drug discoveries, faster AI training, better climate modeling. Impressive, right? But there’s a catch: quantum computers are also poised to be cryptographic wrecking balls. If your data is encrypted with RSA, ECC or other public-key encryption protocols, quantum doesn’t just crack these—it renders them obsolete with ease.
"While CRQCs (cryptographically relevant quantum computers) aren’t here yet, this milestone serves as a stark reminder for the cybersecurity community: Major strides in quantum computing mean the clock is ticking for enterprises to begin PQC migration." - Faisal Razzak, Group Manager, Post Quantum & Secure Software Supply Chain Initiatives at Venafi, a CyberArk Company
Why Willow should be on your radar
Still think you’ve got time to deal with quantum later? Our experts are already saying that 2025 will be the year teams move quantum to the top of their priority list. Especially now that Google’s Willow chip is demonstrating that quantum supremacy may no longer be decades away. It could come knocking a lot sooner than anticipated.
Here’s the kicker. Even before quantum computing reaches widespread attack capabilities, cybercriminals are collecting encrypted data. They’re hoarding what they grab now so that, when quantum is ready, they can decrypt it later in one fell swoop. And this “steal now, decrypt later” strategy isn’t something out of a Bond movie. It’s happening today.
For industries like banking, healthcare, government and retail—or anyone who’s handling sensitive data—this isn’t just a concern. It’s an existential threat.
And while researchers and regulatory agencies like NIST (the National Institute of Standards and Technology) are releasing new guidance, timelines and standards, transitioning isn’t something your team can do overnight. Just look at how complex and lengthy the process of migrating from SHA-1 to SHA-2 was.
But quantum requires an even bigger overhaul.
Why? Let me explain.
Why you can’t press snooze on quantum readiness
Take a second to think back to any cryptographic migration you’ve witnessed. SHA-1, Heartbleed, you name it. Now imagine doing that across every cryptographic system you depend on—systems that’ve been humming along happily for decades—and completing your migration in time to avoid encryption obsolescence or security breaches.
That’s the reality of how long these transitions take. And since the NIST countdown is already on with encryption like RSA and ECC slated for deprecation by 2035, those 10 years could blink by in what feels like 10 minutes.
But there are several challenges affecting organizations' abilities to migrate to quantum-resistant algorithms:
- Legacy infrastructure. You’re not working with shiny new systems everywhere. You're dealing with an array of both legacy and modern systems. And no two companies have the exact same infrastructure.
- Scale of machine identities. It’s not just about switching one algorithm. Organizations could be managing hundreds or thousands—sometimes millions—of certificates, SSH keys and other machine identities to secure machine-to-machine connections and communications.
- Training and coordination. Transitioning to post-quantum standards isn’t just flipping a technical switch. It’s overhauling workflows, educating teams and ensuring compatibility across partners. All of which takes time.
The takeaway here? The sooner you start, the better.
Prepare for the Future of Cybersecurity: InfoSec's Guide to Post-Quantum Readiness
“Responsibility for managing machine identities and patching software to make it quantum-proof will be central to [a company’s risk planning.] There is no better way to do this than via a control plane, which enables organizations to automatically revoke and update machine identities.” – Kevin Bocek, Chief Innovation Officer at Venafi, a CyberArk Company
How to prep like a pro
Fortunately, there’s already a clear roadmap for organizations who want to stay ahead, and it all hinges on taking charge of your machine identities.
- Get visibility into your cryptographic ecosystem
You can’t fix what you can’t see. Start by creating a full inventory of your machine identities like TLS certificates, SSH keys, code-signing credentials, all of it. Use automation tools to help identify those using at-risk cryptography. - Prioritize what to protect first
Every organization will have data or systems that are more critical than others. High-value targets with long shelf lives—those most vulnerable to "decrypt later" attacks—should move to the front of your to-do list. - Start evaluating post-quantum algorithms
NIST has already announced its first set of finalists for quantum-safe cryptographic standards, and many companies are already implementing them into their solutions. It’s important to start testing and evaluating which options make sense for your organization right now. - Adopt crypto-agility
Crypto-agility is the unsung hero of quantum preparedness. It’s about building the capacity to adapt quickly, swapping out algorithms as they’re tested, compromised or updated. (And you won't just be gearing up for quantum, either. You'll ensure you’re ready for any CA distrust events or enforcement of decreasing TLS certificate standards, such as those proposed by Google and Apple). - Secure your data now against future risks
Protect your most sensitive communications, especially anything that could outlast current encryption standards. Transition to quantum-resistant protocols before it becomes a necessity. - Get expert guidance
No need to go solo. Partner with experts who specialize in cryptographic transitions. From visibility tools to quantum-ready integrations, these solutions simplify what could otherwise feel like trying to unscramble an egg.
Start today to secure tomorrow
Google’s Willow chip isn’t just a jaw-dropper for science. It’s a thriller-level plot twist for cybersecurity teams. Quantum computing will redefine what's possible in everything from AI to security.
And here’s the bottom line: Quantum readiness can’t wait for “someday.” It’s essential to start now, before public-key encryption becomes nothing more than wind in the willows.