Compliance Deadlines, Customer Reality, and the Case for (embedded) TLS1.3

Episode notes

Post-quantum cryptography often enters organizations as a headline problem, then quickly turns into an operational one. In this episode of Shielded: The Last Line of Cyber Defense, Jan Schaumann, Chief Information Security Architect at Akamai Technologies, approaches PQC from the perspective of someone who has spent decades operating real systems at internet scale. From his view, the challenge is not quantum theory, but sequencing change safely across infrastructure that cannot all move at once. Jan walks through how Akamai approached PQC over several years, starting before standards fully settled and aligning progress with customer demand, compliance timelines, and platform resilience. He explains why TLS 1.3 migration remains the most common blocker, especially on the origin side, where legacy stacks, embedded clients, and IoT devices stretch upgrade timelines far beyond expectations. Rather than pushing PQC everywhere at once, Akamai split the problem into distinct traffic paths: client-to-edge, edge-to-origin, and internal connections. Each path carries a different threat model and operational risk.