Cybersecurity

The challenge? Managing the transition by turning risks into a manageable process

Sopra Steria, which operates in 30 countries, supports companies through a multi-stage process leading to the migration roadmap

by Antonio Larizza

17 June 2026

3' min read

Translated by AI

Versione italiana

Key points

The steps involved
The trials

3' min read

Translated by AI

Versione italiana

The transition to post-quantum cryptography begins with a roadmap that businesses and organisations do not yet possess. This assessment is difficult to carry out because the cryptographic systems that protect data are not located in a single place. Rather, they are embedded in distributed IT infrastructures, layered over years of updates, managed by different suppliers and operating on individual applications or specific processes, which often involve separate functions.

The necessary steps

“Today,” explains Stefano Cazzella, CTO of Sopra Steria Italia, “no organisation has a centralised inventory listing all the cryptographic assets it uses. The first step, therefore, is to draw up this map, which is essential for carrying out a risk analysis and planning the transition in good time.”

Sopra Steria – a European group with 51,000 employees across 30 countries and revenue of 5.6 billion in 2025 – is working precisely in this area: transforming the post-quantum threat into a manageable challenge. The point is not merely to replace some of the current public-key encryption algorithms, such as RSA, with solutions resistant to quantum attacks, but, first and foremost, to understand in which business processes these algorithms are used, which certificates they protect, which data flows they involve, where the most sensitive communications pass through, and which data must remain confidential for the longest period. We need tools to analyse code, network scanners to detect protocols and traffic, and server audits to identify certificates and their level of protection.

Whilst the objective is clear, the path to achieving it is not always the shortest. The process is divided into several stages: it begins with defining the scope of the analysis, moves on to risk assessment, and then involves drawing up a migration roadmap. “Only at this stage can the first steps be taken, starting with priority services or individual applications and testing the implementation of the new algorithms and their compatibility with existing systems,” adds Cazzella.

There is also a second level at which the transition towards quantum-safe organisations is taking place. In addition to the field of post-quantum cryptography – which is based on quantum-resistant encryption algorithms that can be run on traditional infrastructure – there is the field of quantum communications, and in particular quantum key distribution (QKD): a secure communication method that exploits the laws of quantum physics to exchange a cryptographic key between two users in such a way that it is impossible to intercept without being detected.

“Quantum key distribution enables two parties to detect whether the key they have exchanged has been intercepted. In that case, they do not use it and proceed to organise a new exchange,” explains Cazzella. This is a different field from that of post-quantum cryptography, but one that will become complementary, particularly in high-stakes communications within the space sector, with applications ranging from secure and sovereign digital services to the protection of critical infrastructure. Precisely to strengthen the group’s presence in this field, Sopra Steria has recently acquired Nexova and Starion. The latter, in particular, is a company with strong expertise in quantum-safe communications, with applications that combine post-quantum cryptography with quantum key distribution in scenarios involving key exchange via satellite. In this case, quantum technology is no longer a threat, but becomes a tool for protecting critical communications in space.

The trials

After all, to design infrastructure that is ready for the quantum era, it is necessary to understand how quantum computing works. This includes using and applying it to optimise or solve industrial problems in real-world environments. With this in mind, in late 2025 Sopra Steria tested quantum computing on a rail network problem in collaboration with SNCF, the state-owned company that operates the railways in France. The aim was to optimise the journeys of 38 trains whilst managing capacity constraints, passenger flows and operating costs. “The trials carried out demonstrate the potential to improve operating margins by between 2 and 11 per cent, whilst maintaining the same level of service coverage,” explains Cazzella.

In the field of telecommunications, the company then used quantum computing to develop, in collaboration with Telefónica and Azure Quantum, a digital twin to optimise mobile network planning in Germany. Even more cutting-edge is the project developed with the French Space Agency (CNES) on satellite launchers: in this case, a hybrid classical-quantum algorithm was tested to optimise a rocket’s trajectory. The software was first compared with a classical solution, then tested on an emulator and finally run on a 127-qubit IBM quantum computer.

The aim of these experiments is twofold: on the one hand, to develop the expertise needed to understand the tasks for which quantum computers may be useful; on the other, to understand how to prepare the infrastructure that will need to withstand their attacks.

Antonio Larizzagiornalista
- LinkedIn
- Email
Luogo: Milano
Lingue parlate: inglese
Argomenti: ricerca, innovazione, automotive, robotica, industria 4.0
Premi: Moebius 2011, The Lovie Awards 2011, iTunes Rewind 2011
Scheda autore
Trust project