Cloudflare, Inc. (NYSE: NET), a connectivity cloud company, has announced that its Cloudflare One Secure Access Service Edge (SASE) platform now supports modern post-quantum (PQ) encryption standards across all major network configurations. This integration aims to provide a secure bridge between corporate environments and Cloudflare’s global network, protecting sensitive data against future cyber threats and facilitating a transition to new cryptographic standards.

The development addresses the increasing threat posed by the potential advent of quantum computing, which could render current encryption methods obsolete. The National Institute of Standards and Technology (NIST) has advised organizations to upgrade cryptographic algorithms by 2030 to mitigate risks from powerful quantum computers. Threat actors are already engaged in “harvest now, decrypt later” attacks, collecting encrypted data in anticipation of future decryption capabilities.

In 2025, Cloudflare introduced a cloud-native post-quantum Secure Web Gateway (SWG) and Zero Trust solution. The current announcement expands on this by adding PQ support for wide-area networking (WAN) use cases, including Cloudflare IPsec and the Cloudflare One Appliance. This ensures that all components of the Cloudflare One ecosystem, such as Zero Trust access and WAN-as-a-Service, are protected by current cryptographic standards. The SASE solution leverages post-quantum TLS protocols and applies them to IPsec, aiming for improved speed, stability, and future-proof network traffic.

Matthew Prince, CEO and co-founder of Cloudflare, stated that securing the Internet against future threats should not be complicated or fragment the web. He added that Cloudflare has been integrating post-quantum standards into its network since 2017, making post-quantum security a default feature for its SASE platform without requiring hardware upgrades, complex configurations, or additional costs, to ensure long-term secure connections.

Cloudflare’s enhanced IPsec capabilities include high-availability routing, which automatically reroutes traffic to available data centers. It also provides protection against “harvest now, decrypt later” attacks by securing network flows with post-quantum encryption. Additionally, the IPsec implementation adheres to Internet standards, supporting cross-vendor collaboration and scalable security. Cloudflare’s quantum-safe SASE platform is currently available.