Headline: âYou Canât Protect What You Canât Seeâ: Cryptographic Inventory for the Quantum Era đ§đ
Date: 17 November 2025
In a new blog post, TelefĂłnica Tech argues that the real bottleneck in moving to post-quantum cryptography isnât just mathâitâs visibility. The author describes a PQC project where a simple questionââDo we know where all our cryptography is?ââwas met with silence, spreadsheets and partial answers.Â
That moment led to a key insight:
Most organisations talk about âencryptionâ as if it were a single shield, but in reality itâs a patchwork of algorithms, keys, certificates, tokens and protocols scattered across systems, vendors and clouds.Â
What is a cryptographic inventory?
The article defines cryptographic inventory as a dynamic, organisation-wide map of:Â
-
Which algorithms are in use (RSA, ECC, AES, PQC, etc.)
-
Where keys, certificates and tokens live
-
Which systems depend on which cryptographic components
-
How all of this ties into governance, risk and compliance
In this view, cryptography isnât just a technical controlâitâs part of the âanatomy of digital trustâ, with each key and certificate acting like a heartbeat in the system.Â
Why itâs crucial for post-quantum
-
đ§ No inventory, no migration: You canât perform a safe, staged migration to PQC if you donât know what needs migrating.
-
đ Risk-based prioritisation: An inventory lets you triage: which crypto protects long-lived data? Which systems are mission-critical?
-
𧊠Beyond confidentiality: The article stresses that cryptography supports integrity, authentication, availability, non-repudiation and validation, not just secrecy.