Why Post-Quantum Cryptography and SSH NQX Are the Future of Secure Connectivity
DISCOVER | ANAYSE | SECURE | EVOLVE
Traditional SD-WAN has delivered meaningful improvements in cost optimisation, application performance, and network agility. However, its security model—largely dependent on classical cryptography and bolted-on protections—faces a looming challenge: the rise of quantum computing.
Post-Quantum Cryptography (PQC) introduces a new paradigm in secure communications, designed to withstand both current and future cryptographic threats. Solutions such as SSH Communications Security’s NQX go beyond SD-WAN by embedding quantum-safe encryption, identity-first access, and cryptographic agility into the core of network design.
For organisations operating in regulated, critical infrastructure, or long-lifecycle environments, PQC-based connectivity is not just an upgrade—it is a strategic necessity.
The Problem with Traditional SD-WAN Security
SD-WAN solutions from vendors such as Cisco, VMware, and Fortinet rely heavily on:
- IPsec tunnels secured with RSA/ECC cryptography
- Centralised orchestration with distributed edge enforcement
- Integration with SSE/SASE frameworks for security controls
While effective today, these models introduce several structural risks:
1. Harvest Now, Decrypt Later (HNDL)
Encrypted traffic captured today can be stored and decrypted in the future once quantum computers mature. This is particularly concerning for:
- Government and defence communications
- Financial transactions
- Intellectual property
Read about the “harvest now, decrypt later” strategy.
2. Overlay Complexity
SD-WAN introduces an overlay network that:
- Adds operational complexity
- Expands the attack surface
- Requires integration with multiple security layers
3. Security as an Add-On
In most SD-WAN deployments:
- Security is layered (firewalls, CASB, SWG)
- Identity is often secondary to network location
- Cryptography is static and difficult to upgrade
Enter Post-Quantum Cryptography (PQC)
PQC refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers.
Standards bodies like NIST are already finalising PQC algorithms (e.g., CRYSTALS-Kyber), and governments—including Australia’s ASD—are pushing toward quantum-safe readiness by ~2030.
Key Characteristics of PQC:
- Resistant to quantum attacks (e.g., Shor’s algorithm)
- Designed for long-term data confidentiality
- Enables cryptographic agility (rapid algorithm switching)
Why SSH NQX Changes the Game
NQX is not just a VPN—it is a quantum-safe connectivity platform built on modern security principles.
1. Built-In Quantum-Safe Encryption
Unlike SD-WAN overlays retrofitted with encryption:
- NQX uses hybrid cryptography (classical + PQC)
- Protects against both current and future threats
- Eliminates HNDL exposure
2. Identity-First, Not Network-First
Traditional SD-WAN:
- Trusts network location (IP-based trust)
NQX:
- Uses identity-based access control
- Aligns with Zero Trust principles
- Integrates tightly with modern IAM systems
3. Cryptographic Agility
SD-WAN:
- Static cryptographic stacks (slow to evolve)
NQX:
- Dynamically updates cryptographic algorithms
- Future-proofs deployments as standards evolve
- Supports seamless migration to new PQC standards
4. Simplified Architecture (No Overlay Bloat)
Instead of layering:
- SD-WAN + VPN + Firewall + SSE
NQX provides:
- Direct, secure connectivity between endpoints
- Reduced attack surface
- Lower operational overhead
5. Performance Without Compromise
A common myth is that stronger encryption = slower performance.
NQX:
- Designed for high-throughput environments
- Supports modern infrastructure (cloud, hybrid, on-prem)
- Maintains low latency with efficient crypto implementations
Commercial Reality: The Adoption Challenge of Quantum-Safe Networking
While the benefits of PQC and solutions like NQX are clear, most organisations are already deeply invested in SD-WAN—and that creates real-world friction.
1. Entrenched SD-WAN Investments
Organisations have typically:
- Signed 3–5 year contracts
- Standardised branch architectures globally
- Built operational processes around SD-WAN tooling
This makes rip-and-replace strategies commercially unrealistic.
2. “Good Enough” Security Mindset
From a business perspective:
- Current encryption is still trusted
- Quantum risk feels distant
- Budget focuses on immediate threats
This creates a timing mismatch between risk and investment.
3. Integration vs Disruption
While NQX offers a superior model:
- It shifts from network-centric to identity-centric security
- It reduces reliance on overlays
- It introduces new cryptographic frameworks
This can:
- Disrupt existing designs
- Require retraining
- Slow decision-making in conservative environments
Conclusion
SD-WAN solved yesterday’s networking challenges—but it does not fully address tomorrow’s security realities.
Quantum computing is not a hypothetical risk—it is a time-delayed certainty. The real threat lies in data being captured today and decrypted in the future.
At the same time, organisations must balance:
- Existing investments
- Operational complexity
- Commercial realities
This is why the future is not about replacing SD-WAN overnight—but strategically evolving beyond it.
Solutions like NQX represent that evolution:
- Quantum-safe by design
- Identity-driven
- Architecturally simplified
- Commercially adoptable through phased deployment
The organisations that succeed will not be those that react last—but those that start preparing now, in a controlled and practical way.
