Cloudflare says it has become the first Secure Access Service Edge (SASE) provider to support modern post-quantum encryption standards across its entire platform, marking what the company describes as a significant step toward preparing enterprise networks for the risks posed by future quantum computing.
The update extends post-quantum (PQ) cryptographic support across all major components of the Cloudflare One SASE platform, including Zero Trust access, Secure Web Gateway (SWG), IPsec and its WAN-as-a-Service capabilities. The company says the changes are available immediately and at no additional cost to customers.
The announcement comes amid growing concern that advances in quantum computing could eventually render widely used public-key cryptography algorithms obsolete. In response, the US National Institute of Standards and Technology (NIST) has urged organisations to transition to quantum-resistant algorithms before 2030, warning that sufficiently powerful quantum computers could break traditional encryption methods used to secure banking, healthcare and government data.
One of the key risks is known as “harvest now, decrypt later.” In this scenario, attackers intercept and store encrypted traffic today with the expectation that it can be decrypted in the future once quantum capabilities mature. For organisations handling long-lived sensitive data — including intellectual property, classified information and regulated personal data — the threat is not theoretical.
Cloudflare began integrating post-quantum TLS support into its global network several years ago. In 2025, it introduced what it described as the first cloud-native post-quantum Secure Web Gateway and Zero Trust solution, aimed at protecting traffic between end-user devices and public or private applications.
The latest announcement expands that protection to wide-area networking (WAN) configurations. By adding post-quantum support to IPsec tunnels and the Cloudflare One Appliance, the company says it now provides end-to-end quantum-resistant encryption across the full SASE stack.
From a technical perspective, IPsec is widely used to secure site-to-site and branch connectivity. Updating these tunnels to support post-quantum algorithms is considered a necessary step in protecting long-haul enterprise traffic and hybrid network architectures.
Cloudflare says its implementation adheres to emerging Internet standards to maintain interoperability across vendors — a critical factor in large enterprise and multi-cloud environments where organisations rely on heterogeneous infrastructure.
The company also emphasised operational resilience features, including automatic rerouting of IPsec traffic across its global network in the event of data centre disruption.
While quantum computers capable of breaking RSA or elliptic curve cryptography at scale do not yet exist, migration to new cryptographic standards is widely viewed as a multi-year process. For many organisations, the complexity lies not just in upgrading edge devices, but in inventorying cryptographic dependencies embedded across applications, appliances and legacy systems.
Cloudflare’s strategy appears aimed at reducing that friction by embedding post-quantum support directly into its network fabric, rather than requiring customers to deploy new hardware or manage complex configurations.
Whether enterprises accelerate quantum-safe transitions ahead of regulatory mandates remains to be seen. However, as standards bodies formalise post-quantum algorithms and governments sharpen compliance timelines, early adoption may shift from optional future-proofing to baseline expectation.
Cloudflare’s quantum-safe SASE platform is available globally from today.
