Quantum Threats Reshape Commvault's Vision For Data Security

Forbes

2 days ago

Commvault is incorporating post-quantum cryptography to address future data security risks.
Data protection provider Commvault announced earlier this month that it is adding more quantum-safe capabilities to its platform to build out defenses against post-quantum cryptography. This is important because, as quantum computing shifts from theoretical to practical use, it brings a new class of cybersecurity threats. To help organizations prepare, Commvault has incorporated NIST-recommended PQC algorithms into its data protection offerings, covering both cloud and on-premises environments. The goal is to ensure long-term data security by protecting backups made today from potential decryption by future quantum systems.
Over the past year, Commvault has introduced multiple post-quantum cryptography capabilities to safeguard data against future risks posed by quantum computing. PQC has important implications for customers, competitors and the broader industry, and all organizations should prepare for a quantum-driven — and quantum-safe — future.
(Note: Commvault is an advisory client of my firm, Moor Insights & Strategy.)
Understanding The Quantum Threat To Enterprise Data
First, a little background on why this is so important. Quantum computers apply principles of quantum mechanics to process information in fundamentally different ways from classical computers. While this could unlock incredible advances in medicine, materials science, finance, AI and more, it also introduces new security concerns. This is because current encryption methods such as RSA and elliptic curve cryptography depend on mathematical problems that are very hard to reverse — unless a powerful quantum computer is involved. Once quantum computers that powerful are launched, probably in the next few years, these algorithms can potentially be broken quickly, compromising these widely used encryption methods.
A crucial concern today is the 'harvest now, decrypt later' tactic, where bad actors can intercept and store encrypted data to decrypt it in the future once quantum capabilities mature. HNDL protection is especially critical for sectors with long-term data sensitivity, such as healthcare, finance and government. (Think of any setting in which sensitive information — names, dates of birth, government ID numbers, bank account numbers, medical histories and the like — remains unchanged for many years.) A survey by the Information Systems Audit and Control Association found that 63% of cybersecurity professionals believe quantum computing will shift or expand cyber risks, and half expect it to create compliance challenges.
This image shows how users can enable PQC within Commvault's CommCell environment by selecting a ... More checkbox in the group configuration settings.
Commvault's Post-Quantum Cryptography Response
Commvault has taken a practical, multi-stage approach to quantum-era risks. In August 2024, it introduced a cryptographic agility framework, which is meant to allow organizations to adopt new cryptographic standards for PQC without major system changes. The framework includes several NIST-recommended quantum-resistant algorithms — CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ and FALCON. (My colleague Paul Smith-Goodson, who has been covering quantum computing for years, went into more detail about these algorithms in the context of IBM's PQC efforts, also in August 2024.)
Commvault's announcement earlier this month builds on last year's release by adding support for the Hamming Quasi-Cyclic algorithm, which uses quantum error-correcting codes to resist quantum decryption. But rather than focusing only on algorithm support, Commvault also emphasizes operational integration. Its Risk Analysis tools help organizations identify sensitive data, allowing quantum-resistant encryption to be applied where it's most needed. The crypto-agility framework offered by Commvault allows organizations to shift between cryptographic methods via relatively simple configuration changes, without needing to overhaul their existing environments. This flexibility helps minimize disruptions and lowers the costs associated with adapting to new standards as they emerge.
Securing Critical Industries For The Quantum Era
Commvault's PQC features should be especially helpful to organizations in healthcare, finance and government as they address compliance needs, ensure continuity and — most importantly — protect data that is held for decades. As touched on above, these industries are especially at risk for deferred decryption attacks, so implementing PQC features now should help address the risk of HNDL exploits later. Besides the benefits already mentioned, this could help organizations using Commvault maintain trust among regulators, customers and partners for the long haul.
As data protection standards in these industries become stricter in anticipation of quantum threats, solutions that incorporate quantum-resistant encryption are increasingly necessary. Forward-looking IT organizations are already adopting these technologies. For instance, the Nevada Department of Transportation has adopted Commvault's PQC tools to meet government security requirements and protect sensitive information. The company also cited Peter Hands, CISO of the British Medical Association, who said, 'Commvault's rapid integration of NIST's quantum-resistant standards, particularly HQC, gives us great confidence that our critical information is protected now and well into the future.'
The adoption of PQC is accelerating as both technological developments and regulatory requirements create a framework for organizations to address emerging threats from quantum computing. In the United States, for instance, federal agencies have been instructed to integrate post-quantum standards into their procurement and operational practices. Similar regulatory efforts are taking place in the European Union and other jurisdictions, where updates to data protection frameworks increasingly include provisions for quantum-safe encryption.
To maintain security and compatibility during the transition, many organizations are implementing hybrid encryption methods that combine traditional and quantum-resistant algorithms. This approach allows for gradual migration to fully quantum-resistant systems while enabling protection against both current and future threats.
PQC Challenges And The Push For Wider Adoption
Commvault's phased introduction of PQC capabilities is a step forward, but current support is mostly limited to cloud-based customers using particular software versions. This creates a gap for organizations relying on hybrid or on-premises environments, which are still widely used in sensitive sectors like those already mentioned. To address this, Commvault would benefit from providing a clear roadmap for extending PQC support across all deployment models. Such a roadmap should outline which software versions will be supported, specify the technical requirements and offer a realistic timeline for implementation.
The broader data protection market is also shifting as major technology providers such as IBM and Microsoft integrate quantum-safe features into their platforms. Other data protection vendors, such as Cohesity, Veeam and Rubrik, are expected to follow suit as industry standards become more established. This means Commvault will likely face growing competition in offering robust PQC solutions. Keeping pace will require not only technical expansion but also practical guidance for customers on how to adopt and apply PQC in various enterprise scenarios. Flexibility and clear communication about available features and best practices will be important for supporting a wide range of customer environments and needs.
Aligning Data Security Strategies For A Quantum Future
Commvault's early efforts in post-quantum cryptography and crypto-agility demonstrate a commitment to long-term data security. However, maintaining progress will depend on expanding access to PQC features for all customers, providing transparent information about costs and continuing to work closely with regulatory bodies.
Quantum computing presents both new risks and opportunities. As traditional encryption methods become more vulnerable, the need for quantum-resistant security will grow. Commvault's PQC features offer a practical way for organizations to protect data that must remain secure for years. By focusing on adaptability, compliance and targeted encryption strategies, Commvault helps customers build stronger defenses for the future.
The timeline for quantum decryption could be shorter than many anticipate, making it important for organizations to start preparing now. For enterprises, taking early action is important to avoid exposure and regulatory issues. For vendors, ongoing improvements in accessibility, transparency and alignment with emerging standards will determine long-term success. Simplifying the path to quantum readiness will be a key factor in supporting customers through this transition.