• During Security Week 2025, we launched the industryâs first cloud-native post-quantum Secure Web Gateway (SWG) and Zero Trust solution, a major step towards securing enterprise network traffic sent from end user devices to public and private networks. • But this is only part of the equation. • To truly secure the future of enterprise networking, you need a complete Secure Access Service Edge (SASE). Today, we complete the equation: Cloudflare One is the first SASE platform to support modern standards-compliant post-quantum (PQ) encryption in our Secure Web Gateway, and across Zero Trust and Wide Area Network (WAN) use cases. More specifically, Cloudflare One now offers post-quantum hybrid ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) across all major on-ramps and off-ramps. • To complete the equation, we added support for post-quantum encryption to our Cloudflare IPsec (our cloud-native WAN-as-a-Service) and Cloudflare One Appliance (our physical or virtual WAN appliance that establish Cloudflare IPsec connections). • Cloudflare IPsec uses the IPsec protocol to establish encrypted tunnels from a customerâs network to Cloudflareâs global network, while IP Anycast is used to automatically route that tunnel to the nearest Cloudflare data center. • Cloudflare IPsec simplifies configuration and provides high availability; if a specific data center becomes unavailable, traffic is automatically rerouted to the closest healthy data center.

Article Summaries:

  • Cloudflare announced that its Cloudflare One platform is the first Secure Access Service Edge (SASE) offering to support modern post‑quantum (PQ) encryption across the entire stack. The company added a cloud‑native PQ‑enabled Secure Web Gateway (SWG) and Zero‑Trust solution, and extended hybrid ML‑KEM encryption to its IPsec‑based WAN‑as‑a‑Service and physical/virtual Cloudflare One Appliances. The appliance upgrade (v2026.2.0) is generally available, while the IPsec upgrade remains in closed beta. Cloudflare cites the 2030 NIST deadline for retiring RSA/ECC, the need for crypto agility, and the “harvest‑now, decrypt‑later” threat as key drivers for the move.
  • Cloudflare announced that its Cloudflare One SASE platform now supports modern post‑quantum (PQ) encryption across all core services, including its Secure Web Gateway, Zero‑Trust controls, WAN‑as‑a‑Service IPsec, and the Cloudflare One appliance. The update introduces a hybrid ML‑KEM key‑encapsulation mechanism on all network entry and exit points, with the appliance upgrade available in version 2026.2.0 and the IPsec enhancement in closed beta. The move follows the National Institute of Standards and Technology’s 2030 deadline to retire RSA and ECC, addressing the growing risk of quantum‑enabled “harvest‑now, decrypt‑later” attacks.

Sources: