Keeper Security has rolled out quantum-resistant encryption across its platform, bringing post-quantum cryptography into the day-to-day operation of privileged access and secrets management. The update addresses a growing concern for organizations that store sensitive data for long periods: encrypted traffic captured today could be decrypted years later as quantum capabilities mature.
Why this matters
Current encryption methods still protect against present-day attacks, but the risk window has changed. Threat actors are already collecting encrypted data with the expectation that future technology will unlock it. For sectors such as healthcare, financial services, and government, where confidentiality must hold for decades, that turns encryption into a long-term liability if it is not upgraded.
NIST’s standardization of Kyber created a clear path for production use. By adopting a hybrid model that combines existing elliptic curve cryptography with quantum-resistant key exchange, Keeper is extending that protection to credential exchanges, sessions, and client-server communications.
Built into the platform, not a new product
For partners, the shift is more about positioning than packaging.
Eric Kalseth, SR. Director of Global MSP Sales at Keeper Security told MSSP Alert, “From a licensing standpoint, Keeper’s quantum-resistant encryption is included as part of the platform and is not a separate SKU. This is not positioned as an add-on, but as a foundational upgrade aligned with NIST’s finalized quantum-resistant standards. In regulated industries with long data-retention requirements, organizations are increasingly being asked how they are preparing for ‘harvest now, decrypt later’ risks. For partners, this does not create a standalone quantum services line. It strengthens existing identity and PAM deployments and supports broader security and compliance discussions, particularly in industries like healthcare, finance and government environments, where long-term confidentiality matters."
This keeps post-quantum readiness inside the identity and access conversations MSPs and MSSPs are already having, especially where compliance and data retention drive buying decisions.
Reinforcing existing zero-trust and PAM strategies
The introduction of hybrid post-quantum encryption does not change the core role of privileged access management. It extends the timeframe during which those controls are expected to protect.
“The addition of quantum-resistant encryption does not fundamentally change how MSSPs position PAM and zero-trust. It reinforces it. Privileged access management remains focused on preventing compromise, limiting lateral movement and enforcing least-privilege access. What hybrid post-quantum encryption adds is greater long-term resilience. For organizations that retain sensitive data for decades, the discussion expands beyond today’s breach prevention to ensuring encrypted sessions and credential exchanges remain secure over time,” Kalseth said.
For customers with long retention requirements, the conversation moves from stopping the next breach to protecting historical access data from future decryption.
Operational impact for service providers
The rollout is designed to work through normal upgrades, so customers do not have to reconfigure deployments or change workflows. That continuity is key for managed environments.
“Keeper’s approach maintains established encryption methods while incorporating quantum-resistant key exchange. This allows organizations to continue operating without disruption while incrementally strengthening protection against future decryption risks. For MSSPs, this supports a more durable security posture in regulated industries without introducing new operational complexity or changing the core deployment model,” Kalseth said.
For MSPs and MSSPs, the practical outcome is a longer security lifespan for the same identity and PAM services. Post-quantum support becomes part of compliance readiness, contract discussions, and platform selection, without adding a new tool or a separate service line.
