Microsoft Majorana 1: Prepare for post-quantum computing

Microsoft's newly announced Majorana 1 chip has made headlines about quantum breakthroughs and what matters for organizations now is that there are straightforward steps available today to keep data and customer trust safe.

What is Majorana 1?

Majorana 1 is a Microsoft quantum processor that experiments with topological qubits. Its core idea is to make qubits more stable so that future quantum computers can be practical. Independent experts say that the idea is promising, but there is also skepticism as well as demand for more proof. For business leaders, the key takeaway is that quantum hardware has advanced enough to start planning today.

How it affects business

The quantum leap does not break encryption today, but it increases the urgency for improving how long‑term data is secured, especially in systems that rely on public‑key cryptography. The National Institute of Standards and Technology (NIST) has already finalized the first three post-quantum cryptography (PQC) standards (FIPS 203, 204, and 205), giving organizations a head start on modernizing their security before quantum computers become a threat.

How early action reduces disruption

Organizations can take either a proactive or a reactive approach to PQC adoption. The proactive path starts with controlled pilot programs in critical systems, then scales gradually as vendor support matures. This results in the reduction of both costs and business risks. In contrast, waiting until the last minute forces rushed implementations that drive up expenses and create avoidable disruptions for customers. With standards now finalized and vendor tools emerging, staged adoption offers the safest route for protecting both operations and brand reputation.

What to do now

• Build a simple cryptography inventory through security code review and system audits, identifying where public-key crypto shows up in websites, apps, devices, integrations, and vendor products.
• Prioritize long‑lived data at risk of "harvest‑now‑decrypt‑later" (e.g. patient records, financial histories, and sensitive contracts).
• Pilot NIST‑approved PQC (FIPS 203) for key establishment and ML‑DSA (FIPS 204) or SLH‑DSA (FIPS 205) for signatures in a contained environment.
• Ask vendors for PQC roadmaps, timelines, and test builds and include PQC in procurement criteria.
• Plan for hybrid rollouts and crypto‑agility so that systems can be updated again as standards evolve.

The risks and realities

Organizations face the "harvest-now-decrypt-later" threat, where attackers store encrypted data today with the intent to decrypt it once quantum computers become available. Prioritizing long-lived data such as patient records, financial histories, and sensitive contracts reduces this business impact. Waiting to implement PQC creates supply-chain bottlenecks, as vendors and integrators face increasing difficulty aligning schedules and resources as deadlines approach. The transition to post-quantum cryptography is not a "rip-and-replace" operation. Government agencies and security experts recommend starting with low-risk pilot programs and scaling gradually, which allows organizations to validate performance, identify integration challenges, and build internal expertise before committing to full-scale deployment. Security assessments and penetration testing help identify cryptographic dependencies before migration begins."

Pressing questions

1. Does Majorana 1 break RSA/ECC today?

   There is no public machine that can do this yet. Experts are still reviewing the scientific claims, but progress is real enough to start planing now.

2. What should be protected first?

   Start with the most sensitive, long‑lived data (e.g. customer records, healthcare, financial, legal) and critical systems (e.g. identity, VPNs, code‑signing, secure email).

3. Which PQC standards are available?

   NIST has approved FIPS 203 (ML‑KEM) for key establishment and FIPS 204 (ML‑DSA) and FIPS 205 (SLH‑DSA) for digital signatures.

4. What to demand from vendors?

   Request PQC roadmaps and test builds, support for crypto‑agility and hybrid modes, and plans to certify against FIPS PQC standards as they appear.

Why this matters now

Recent quantum hardware developments and finalized NIST post-quantum cryptography standards give organizations clear justification and practical guidance to start their transition. Organizations that move early gain three strategic advantages: reduced operational disruption, protection for data with long shelf-lives, and enhanced credibility with customers and partners who value proactive security.

Disclaimer

This content is intended for informational purposes only. Organizations must independently assess any actions against their internal security policies, regulatory obligations, and industry standards. Consult qualified cybersecurity and legal professionals before making any implementation decisions.