NetScaler Blog

Application delivery and security blog

Application delivery and security blog

Leading the Quantum-Ready Transition: How NetScaler Helps Prevent a Silent Data Breach Decades in the Making

by

The Quantum Threat is No Longer Theoretical

Today, every sensitive piece of data you create, transmit, and store is encrypted. The algorithms that have underpinned modern encryption standards have generally been viewed as robust and “unbreakable” —- but that foundation is about to collapse.

Current encryption standards like RSA or ECDHE, which is infeasible to decrypt by brute force, can be cracked in a matter of hours with quantum computers. 

But what’s the real danger? Attackers don’t need quantum computers to start exploiting this. They’re already collecting encrypted data as you read this right now, knowing they can decrypt it later once quantum computers mature. 

This is the essence of the “Harvest Now, Decrypt Later” (HNDL) attack. HNDL represents a silent and irreversible threat to decades of sensitive communications and creates a fundamentally different threat model than traditional security breaches.

Consider the scope: every document, every encrypted database backup, every secure communication your organization has transmitted that has a lifespan of 5 or more years, is potentially sitting in a bad actor’s data warehouse, waiting for quantum decryption. When those quantum computers become available, decades of communications that were presumed secure become instantly readable. 

Large-scale quantum computers that can break current encryption standards could become practical in the next 5 to 10 years. This time horizon means that this isn’t a problem for tomorrow’s CISOs but a strategic imperative for today’s business leaders. And the scariest part is that no-one will know—-there’s no telltale signs such as ransom demands. It’s a silent timebomb, just waiting for quantum to arrive. 

Who is most at risk? 

The organizations most at risk are predominantly those that handle long-lived, sensitive data, especially governments, healthcare providers, financial institutions, and other regulated industries. Long term data that is relevant for 5 to 10 years is a prime target for a HNDL attack. This includes data such as:

  • Medical records and patient data
  • Financial statement and tax information
  • State secrets and classified communications
  • Intellectual property and valuable research
  • Even private conversations and encrypted backups

All of it is vulnerable to decryption, unless companies do something about it, now. 

What should you do about it? 

The transition to post-quantum cryptography (PQC) isn’t a future problem but rather a current infrastructure planning requirement. Concrete vendor timelines and immediate testing opportunities are already taking shape, and the economics strongly favor early planning to avoid the cost and disruption of reactive migrations.

Gartner claims proactive planning to avoid the “devastating and widespread” impact of quantum computers on asymmetric cryptography will reduce costs and improve operational efficiency.

Gartner, “Justify, Build and Launch a Postquantum Response”

Sarah Almond, Mark Horvath, Elizabeth Davis, November 2024 

If that all sounds daunting, you’re not alone. Only 5% of organizations have a roadmap to address quantum computing. But having a sense of urgency is key, as quantum computing continues accelerating with breakthrough announcements becoming routine. Google’s Willow chip and Microsoft’s recent Majorana 1 processor represent advances happening in months, not years.

Start Now While You Control the Timeline:

  • Q2 2025: Begin internal validation of quantum-safe encryption in non-production environments
  • Q3 2025: Identify and map all systems where data confidentiality is critical
  • Q4 2025: Begin phased rollout, starting with external-facing services

NIST Requires Migration to PQC Standards—Fast

  • By 2030, deprecated classical encryption (~112‑bit) must be phased out
  • By 2035, such encryption must be fully disallowed, and PQC fully implemented

Organizations that come out ahead will be those building modern, unified infrastructure capable of coordinated security updates across hybrid multicloud environments. 

How is Citrix helping the readiness to new standards? 

NetScaler is delivering on a long-term vision to help organizations prepare for the post-quantum era—while continuing to invest in practical, modern protections across the stack. This continues the path of innovation with our market leading modern networking and security platform, which deploys anywhere, cloud or on-premises, with a single control plane and API, reducing complexity, risk, and cost for enterprise organizations. Here’s a look at some of the critical milestones we’ve hit:

Post-Quantum Cryptography Milestones

  • April 2025: NetScaler became the first application delivery platform to offer NIST-aligned hybrid post-quantum cryptography (X25519 + ML-KEM768) through a Private Tech Preview, giving early access customers a head start on preparing for the quantum era.
  • August 2025: NetScaler makes its NIST-aligned hybrid PQC capabilities generally available, enabling all customers to deploy quantum-resistant encryption in production environments while maintaining compatibility with existing systems.

Additional Security Investment Highlights

  • DoDIN APL + FIPS: NetScaler is listed on the Department of Defense Information Network Approved Products List (DoDIN APL), reinforcing its readiness for highly regulated environments. Also NetScaler hardware appliances running version 13.1 are fully validated for FIPS 140-3 Level 2, while version 13.1 virtual appliances are currently in the Coordination phase with NIST. Version 12.1 remains FIPS 140-2 validated. 
  • HTTP/3 over QUIC: NetScaler now supports HTTP/3 over QUIC, helping organizations adopt modern protocols that deliver better performance and stronger security for real-time applications.
  • DNS Security Enhancements: Built-in DNS security features now provide defense against spoofing, cache poisoning, and other common threats to DNS infrastructure.
  • Security Advisory Dashboard: A new instance-level security advisory dashboard in NetScaler Console makes it easier to track vulnerabilities, prioritize updates, and stay in compliance.
  • reCAPTCHA v3 Support: NetScaler now supports reCAPTCHA v3 for advanced bot detection and low-friction user validation as part of multi-factor authentication flows.

These milestones reflect NetScaler’s commitment to continuous security innovation, helping organizations defend against today’s threats while preparing for those on the horizon. From encryption modernization and zero-trust enforcement to visibility and automation, NetScaler continues to invest across the full security lifecycle.

NetScaler’s quantum-resistant capabilities, a unified management architecture, and automated deployment options, provide organizations a stable foundation for proactive, well-planned transitions—rather than disruptive, last-minute responses.

More information:

  • For more detailed information of our work in PQC for the July release and details on how quantum computing will break these encryptions, check out our multi-part blog series.