Cloudflare says it has become the first Secure Access Service Edge platform to support modern post-quantum encryption standards across its entire network stack. This update extends quantum-resistant protection to all major configurations in its Cloudflare One platform, and at no additional cost for customers.
The announcement centers on Cloudflare One, the company’s SASE offering that connects corporate environments to its global network. It now integrates post-quantum cryptography across Zero Trust access, Secure Web Gateway, and wide-area networking components.
SEE ALSO: New partnership simplifies zero trust access for enterprises
Post-quantum encryption is intended to protect data against future quantum computers capable of breaking traditional cryptographic algorithms. Current encryption underpins sensitive healthcare, banking, and personal data systems worldwide.
The National Institute of Standards and Technology has urged organizations to transition to updated cryptographic algorithms by 2030. The concern is that powerful quantum systems could eventually decrypt data protected by today’s standards.
Security researchers have warned about so-called “harvest now, decrypt later” attacks. In these scenarios, attackers collect encrypted data today with the expectation that it could be decrypted in the future once quantum computing advances.
Cloudflare post-quantum cryptography
Cloudflare says it has been working on post-quantum cryptography across its network since 2017. In 2025, it introduced a cloud-native post-quantum Secure Web Gateway and Zero Trust solution to protect traffic moving between end user devices and public or private networks.
The latest update extends post-quantum support to IPsec and its Cloudflare One Appliance, covering WAN use cases. With this addition, the company says every core component of Cloudflare One, including Zero Trust access and WAN-as-a-Service, now supports modern post-quantum standards.
The content delivery and security network says it applied experience from deploying post-quantum TLS to IPsec tunnels. It adds that the integration maintains performance and stability while upgrading cryptographic protections.
“Securing the Internet against future threats shouldn’t be a complex burden, or a reason to fragment the web. Since 2017, we’ve been doing the heavy lifting to bake post-quantum standards directly into the fabric of our network,” said Matthew Prince, CEO and co-founder of Cloudflare. “By bringing this protection to our entire SASE platform, we’re making post-quantum security the default — no hardware upgrades, no complex configurations, and no added cost. We’re ensuring that the secure connections our customers rely on today stay secure for the long haul.”
The IPsec implementation includes high-availability routing across its global data center footprint. Traffic is automatically rerouted to another data center if one becomes unavailable.
Network flows are now secured with post-quantum encryption to reduce the risk posed by future decryption attempts and the implementation follows current internet standards and supports interoperability across vendors.
Cloudflare’s quantum-safe SASE platform is available to customers now as part of Cloudflare One.
What do you think about post-quantum encryption becoming the default across enterprise networks? Let us know in the comments.
