As we prepare to step into 2025, the cybersecurity landscape is shifting rapidly, driven by advances in quantum computing, the proliferation of IoT and OT devices, and a wave of stringent new regulations.
These forces are reshaping the very fabric of digital security. For businesses and governments alike, the key to thriving in this evolving landscape is proactive preparation. Experts across the industry are already charting a path forward to address these emerging challenges.
I recently spoke with experts from Keyfactor and Thales about emerging trends and thinks to watch for in 2025—touching on the growing importance of post-quantum cryptography, the imperative for IoT/OT security, new regulatory dynamics, the rise of short-lived certificates, and how certificate and identity management will be critical in safeguarding the future.
Post-Quantum Cryptography Moves to the Forefront
Quantum computing is poised to shift from an abstract concept to an urgent topic of action in 2025. Unlike traditional computers, quantum systems use quantum bits, allowing them to solve complex mathematical problems exponentially faster—posing a potential existential risk to current encryption techniques that protect much of today’s digital communications.
Historically, the discussion around post-quantum cryptography was often speculative, akin to a distant Y2K. But the urgency is growing. Chris Hickman, Chief Security Officer at Keyfactor highlighted that quantum computing timelines are becoming clearer, with real impacts possible as early as 2029. This means organizations can no longer afford to wait; instead, they must prepare today for a quantum-safe tomorrow by investing in crypto-agility—being ready to adapt to quantum-resistant standards as soon as they are needed.
Todd Moore, Vice President of Encryption Products at Thales, echoes this sentiment by emphasizing the importance of crypto-agility. “Crypto-agility is key for ensuring that as soon as quantum threats become real, organizations can pivot to new cryptographic standards without major disruptions,” Moore noted. This proactive approach will be essential as quantum computing continues to develop, bringing both opportunities and threats to the forefront of cybersecurity.
IoT and OT Security Reach Critical Maturity
The complexity of IoT and OT devices introduces unique security challenges. These devices are now ubiquitous—used everywhere from factories to hospitals—and often lack user interfaces that make traditional security practices applicable. As a result, managing certificates for these environments presents distinct hurdles, especially in highly regulated industries.
In 2025, IoT and OT security will take center stage. Particularly in critical sectors like industry and government, a high degree of assurance is required for device security. Solutions that focus on automated certificate lifecycle management and tailored public key infrastructure deployments are crucial for ensuring resilience. Customization and consultation are key, and partnerships that bring industry expertise are driving secure, scalable solutions for these environments.
The Compliance Wave: Regulatory Requirements as a Catalyst for Security
Another significant driver of change in 2025 will be regulatory pressure. The European Union’s Cyber Resilience Act, for instance, is anticipated to significantly impact cybersecurity practices, potentially surpassing even GDPR in terms of its scope. It emphasizes improving product security throughout their entire lifecycle—requiring businesses to take accountability for cybersecurity from the outset.
Jordan Rackie, CEO of Keyfactor, highlights that compliance isn’t just about avoiding penalties; it’s about embedding security deeply enough that organizations can confidently operate in this changing landscape. The CRA and similar regulations make it clear that proactive, identity-centric security measures are needed. This includes focusing on public key infrastructure and certificate lifecycle management to ensure that all digital assets are covered.
For companies looking to stay ahead of compliance requirements, consolidating their PKI infrastructure and automating renewals are effective ways to manage security efficiently and meet emerging standards. This proactive stance will help organizations not only stay compliant but also protect their assets against increasingly sophisticated cyber threats.
Short-Lived Certificates and Crypto-Agility as the New Normal
Long gone are the days when certificates were renewed every few years. As we approach 2025, short-lived certificates will become a new norm, driven by companies like Google and Apple pushing for tighter security through shorter certificate validity—90 days or even as low as 45 days.
Short-lived certificates mean increased agility is essential. “The days of setting it and forgetting it are over,” Chris Hickman mentioned, underscoring the need for automated, streamlined certificate lifecycle management to keep pace with these changes. By investing in crypto-agility—both in infrastructure and in processes—organizations can minimize risks associated with certificate compromise and expiration, thereby reducing the chances of breaches and system outages.
The future will favor organizations that can securely automate and adapt. Solutions that allow for rapid deployment, validation, and renewal of certificates will be crucial in minimizing exposure to cyber threats. In this way, companies not only meet new security standards but also enhance their ability to respond to evolving cyber risks.
Safeguarding Critical Infrastructure with Identity Management
Securing critical infrastructure is set to be one of the most pressing challenges in 2025. The digitalization of critical services—ranging from power grids to defense systems—brings enhanced efficiency and real-time monitoring but also new vulnerabilities. According to the 2024 Thales Data Threat Report, a staggering 93% of critical infrastructure respondents reported an increase in attacks over the past year. Moore noted that “Identity and Access Management is increasingly the backbone of critical infrastructure cybersecurity, ensuring that only authorized individuals have access to sensitive systems.”
With threats on the rise, identity and certificate management are no longer optional—they’re foundational elements for ensuring that only trusted entities interact with sensitive systems. As infrastructure grows more connected, solutions such as centralized encryption key lifecycle management become essential. IAM, combined with effective encryption management, will play a critical role in securing the essential services on which societies depend.
The convergence of different PKI infrastructures—bringing together multiple solutions under one management platform—will also be a priority for many organizations. This convergence will allow for greater security coverage and a unified approach, which is vital for protecting critical systems while maintaining efficiency.
Looking Ahead: Setting the Standard for Cybersecurity
The cybersecurity challenges facing organizations in 2025 are considerable, but they also present an opportunity to establish stronger, more proactive security measures. From preparing for quantum threats to embracing IoT/OT security and meeting new regulatory requirements, the emphasis is shifting from reactive measures to building an inherently secure infrastructure.
Keyfactor’s Rackie stressed that preparing for the quantum age and ensuring compliance with new regulations are tasks that require immediate attention. By investing in crypto-agility, automated lifecycle management, and identity-first security practices, organizations are not just reacting to change—they’re leading it. Proactive engagement with cybersecurity isn’t just about defending against threats; it’s about setting the standard for security excellence and being ready for what’s next.
As the landscape evolves, those who anticipate and prepare for these changes will not only protect their assets but also thrive in an increasingly digital world. Embracing a secure tomorrow begins with action today. To learn more about how to prepare for these shifts and connect with industry leaders, attend Keyfactor’s Tech Days 2025. Register now and be part of the conversation shaping the future of cybersecurity.
