By Michael Horn, Executive: Technology, Altron Security
The 15th of March is etched in history as the day when Julius Caesar met his end at the hands of the senators of Rome, and it's about to become even more significant. "Beware the Ides of March," a soothsayer tells Caesar in Shakespeare's play, and since then, the phrase has come to mean a warning of misfortune. The 15th of March 2029, is a make-or-break day for the cybersecurity programmes of every organisation around the world, including South Africa. This is the deadline set for when Transport Layer Security (TLS) certificates will be reduced to a lifespan of 47 days – a dramatic decrease from the current 398 days.
The change will be introduced in phases. In March this year, the CA/Browser Forum voted to decrease TLS certificate lifespans to 200 days by 15 March 2026, and 100 days by 15 March 2027, before the final move to 47 days in 2029. This means that the first deadline for a reduction in certificate lifespans is just six months away.
The looming quantum threat
Every time you visit a website, make an online payment, or send a secure email, you're protected by digital certificates, which are sophisticated “locks” that encrypt your data using mathematical problems so complex that today's computers would need thousands of years to crack them.
Quantum computers however, play by different rules. Where your laptop processes information in binary bits, quantum computers use quantum bits that can exist in multiple states simultaneously. This gives them exponential power to solve exactly the type of mathematical problems that make current encryption secure. When quantum computers mature, and experts now say this will happen in years, not decades, they'll crack these encryption methods like a master locksmith opening a child's diary lock.
Here's the unsettling reality: cybercriminals aren't waiting. They're stealing encrypted data today, storing it, and planning to decrypt it once quantum capabilities mature. Security experts call this "harvest now, decrypt later." Your organisation's most sensitive information could already be sitting in a criminal's digital vault, waiting for the quantum key that will unlock it all.
The preparedness crisis
Despite these risks, businesses are not well unprepared. Utimaco's recent survey indicates that over half of organizations are actively preparing for post-quantum cryptography (PQC) migration. Specifically, 20% have already begun the process, 34% plan to start within 1-3 years, and 21% within 3-5 years, aligning with the anticipated timeline for quantum threats. However, 25% of organizations have no plans for PQC migration yet.
This isn't just about technology, it's about survival. The shift to post-quantum cryptography will affect cross-border data flows, supply chains, and compliance regimes. Organisations that underestimate this shift risk data breaches, regulatory fines and competitive disadvantage.
From crisis to opportunity
But here's where the story takes an unexpected turn. The 47-day certificate deadline isn't just a compliance headache – it's forcing the automation that makes quantum readiness possible.
Managing certificates manually every 47 days is impossible at scale. Organisations must automate certificate issuance and renewal, and that automation creates the foundation for crypto-agility: the ability to rapidly swap encryption methods when quantum-safe alternatives become available. The companies that master automated Certificate Lifecycle Management (CLM) today will be the ones ready to rapidly deploy quantum-safe encryption tomorrow.
Quantum computing is also a dual-edged sword. While it poses unprecedented security risks, it also offers transformative opportunities for organisations such as drug discovery through molecular simulation, supply chain optimisation via complex logistics modelling, advanced financial modelling, and AI acceleration. Being quantum-ready means not just defending against threats but also positioning to lead in innovation.
The four critical actions organisations need to take to become quantum-ready
Through our work with South African enterprises over more than two decades, we've identified what separates quantum-ready organisations from those still playing catch-up:
However, the biggest weakness we’ve identified in many organisations is the lack of a roadmap. A roadmap which should contain clear timelines and executive sponsorship of quantum readiness.
The local context challenge
South African organisations face unique complexities. They must balance POPIA compliance with GDPR requirements while preparing for emerging post-quantum cryptography guidelines from standards bodies. Governments and standards bodies like National Institute of Standards and Technology (NIST), National Security Agency (NSA), and European Union Agency for Cybersecurity (ENISA) are already finalising post-quantum cryptography standards, mandating crypto-agility in procurement, and funding quantum readiness initiatives. Businesses that lag behind government timelines may find themselves non-compliant or excluded from contracts.
This regulatory intersection means one-size-fits-all solutions often fall short.
What we've observed is that successful quantum transitions require solutions tailored to regional infrastructure and risk profiles while maintaining alignment with international standards. The organisations making progress treat identity as the foundation of their security architecture, integrating workforce, customer, machine, and citizen identities as comprehensive trust anchors.
Why partnerships matter more than products
What distinguishes successful quantum transformations isn't the technology alone but also the approach to implementation. In our work with South African organisations, we've found that the most critical factor is having a partner like Altron Security, which operates as an embedded strategic partner rather than a traditional vendor.
The quantum transition requires co-developing roadmaps, providing ongoing strategic advisory, and supporting organisational change management. This stands in stark contrast to the point-solution approach that many global players favour, where technology is delivered without the local on the ground support needed for successful transformation.
Building internal quantum readiness capability requires local expertise, training programmes, and collaboration with African tech communities – resources that global vendors often can't provide effectively remotely.
The future-ready enterprise
The cost of waiting is too high.
The deadlines have been set, and the first one is just six months away. South African organisations face a choice: begin the journey now and gain a competitive advantage through superior digital trust or wait and risk being left behind when quantum computing reshapes the rules of cybersecurity.