Blog
Post-quantum ZTNA, explained carefully.
Engineering notes, compliance deep-dives, and honest comparisons. Every claim is sourced, every product feature is shipping today.
- Compliance
ANSSI PQC Transition Plan: France's Deadlines for Public Sector Networks
ANSSI, France's national cyber agency, has a three-phase plan for the post-quantum transition. This is what each phase requires, the agency's hybrid preference, and how to align a remote-access deployment with ANSSI qualification.
anssifrancepost-quantumqualification - Compliance
DORA Compliance for Financial Entities: Network Resilience in 10 Steps
DORA has applied to EU financial entities since January 2025. This is the network-and-remote-access reading of the regulation — Articles 5 through 27 translated into ten concrete implementation steps.
dorafinancial-regulationict-risk-managementeu-regulation - Compliance
BSI TR-02102-1 and Post-Quantum: Germany's 2026 Crypto Baseline
Germany's BSI TR-02102-1 sets the cryptographic baseline for federal and regulated entities. This explains the current recommendations, the BSI post-quantum transition position, and what it means for remote-access deployments.
bsitr-02102post-quantumgermany - Compliance
NIS2 Directive Remote Access Requirements: A Builder's Checklist
NIS2 applies to tens of thousands of EU organisations since October 2024. This is the remote-access-specific reading of the directive — what Article 21 requires in practice, with a concrete implementation checklist.
nis2eu-cybersecuritydirective-2022-2555remote-access - Post-quantum
Post-Quantum VPN: 6 Questions to Ask Your Current Vendor
Most VPN and ZTNA vendors claim post-quantum readiness. Six specific questions separate real implementations from marketing. Answers from OpenVPN, WireGuard, IPsec, and leading ZTNA vendors as of 2026.
post-quantum-vpnquantum-safevendor-evaluationztna - Compliance
NSA CNSA 2.0: Every Deadline DoD Contractors Need to Know
CNSA 2.0 is the NSA's post-quantum cryptographic suite for US National Security Systems. This is the approved algorithm list, the per-class transition deadlines, and what to do now if you sell into DoD.
cnsa-2-0nsapost-quantumdod - Post-quantum
Hybrid Key Exchange X25519 + ML-KEM-768: The Complete Guide
Hybrid post-quantum key exchange combines classical X25519 with ML-KEM-768 so a session stays secret if either primitive holds. This is the exact construction, failure modes, and code to implement it correctly.
hybrid-key-exchangex25519ml-kempost-quantum - Post-quantum
Harvest Now, Decrypt Later: Why Your VPN Traffic Is Already Compromised
Harvest now, decrypt later is not a hypothetical attack. Nation-state adversaries are recording encrypted traffic today to decrypt when a capable quantum computer exists. Here is the threat model in detail and what to do about it now.
harvest-now-decrypt-laterpost-quantumthreat-modelquantum-computing - Post-quantum
ML-KEM-768 Explained: The Quantum-Safe Algorithm in Every QuickZTNA Tunnel
ML-KEM-768 is the NIST-standardised post-quantum key encapsulation mechanism behind every QuickZTNA WireGuard tunnel. Here is how it works, how fast it is, and why we pair it with X25519 by default.
ml-kempost-quantumfips-203wireguard