Notifications
Clear all
Topic starter
12/06/2026 9:36 pm
TL;DR: Quantum Tech World 2026 centers on cryptographic visibility, post-quantum readiness, and continuous trust management, with Keyfactor framing blind spots in keys, certificates, and algorithms as enterprise security risks rather than isolated technical problems. The key issue is that identity and access programmes cannot stay resilient if cryptographic control remains fragmented across AI, quantum, and workload change.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
Questions worth separating out
Q: How should teams manage cryptographic visibility across identity and workload systems?
A: Teams should treat cryptographic visibility as a governed inventory problem, not a one-time discovery exercise.
Q: Why does crypto-agility matter for IAM and NHI programmes?
A: Crypto-agility matters because identities depend on trust material that must change without breaking authentication, service communication, or policy enforcement.
Practitioner guidance
- Map cryptographic assets to business services Build an inventory that links keys, certificates, algorithms, and CA dependencies to the services and identities that depend on them.
- Measure certificate ownership and expiry coverage Assign accountable owners to all certificate and key classes, then track expiry, renewal, and orphaned assets in one control view.
- Test crypto-agility in change windows Run controlled replacement exercises for certificates and algorithm dependencies so teams can validate rollback, dependency discovery, and application tolerance before PQC migration pressure arrives.
What to expect at the briefing
Keyfactor's full event coverage covers the operational detail this post intentionally leaves for the source:
- Sponsored session context for Chris Hickman's board-level cryptographic risk discussion and the questions the roundtable is meant to answer
- Event-specific framing for how AI and quantum are changing executive priorities across digital trust programmes
- Booth-level conversation topics on cryptographic visibility, control, and post-quantum planning
- Practical event context for teams already working on crypto-agility and trust inventory
👉 Register for Keyfactor at Quantum Tech World 2026 on crypto-agility and cryptographic visibility →
Crypto-agility at Quantum Tech World 2026: what teams should do?
Explore further
12/06/2026 11:48 pm
Cryptographic blind spots are now identity blind spots. Keys and certificates are the trust layer for both human and non-human access, so unmanaged cryptography creates the same governance problem as unmanaged identities. When the location, ownership, or lifetime of cryptographic material is unknown, the organisation cannot prove who or what is trusted. Practitioners should treat cryptographic inventory as part of identity governance, not a separate infrastructure task.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, which is why cryptographic governance cannot remain an informal task.
A question worth separating out:
Q: Who should be accountable for cryptographic risk in the enterprise?
A: Accountability should sit with the teams that own the business services and identity dependencies that cryptography protects, with security providing oversight and standards. If cryptographic risk is treated as an infrastructure-only issue, remediation will stay fragmented and board reporting will miss the real exposure.
👉 Read our full editorial: Quantum Tech World 2026 puts crypto-agility on the board agenda
