Certes has released v7 of its Data Protection and Risk Mitigation (DPRM) platform, extending post-quantum cryptography (PQC) protection to the edge and positioning the update as a direct response to the growing “harvest now, decrypt later” threat facing enterprise security teams.
The release addresses a specific attack pattern that has been gaining traction among nation-state and advanced persistent threat actors: the bulk exfiltration of currently encrypted data, stockpiled in anticipation of commercially viable quantum computing, often referred to in the industry as “Q-Day.” Certes argues that organisations which haven’t already moved to quantum-resistant encryption are accumulating cryptographic debt that may prove catastrophic once that threshold is crossed.
“For too long, cybersecurity has focused on protecting infrastructure and identities, yet attackers continue to bypass those controls. The reality is that organisations must now assume breaches will occur and focus on protecting the data itself.” – Paul German, CEO, Certes
The v7 update introduces per-flow quantum-safe encryption and cryptographic segmentation enforced across on-premises, hybrid cloud, and edge environments. Certes says the platform can be deployed in days rather than months, with no application refactoring required, a significant claim given that legacy application modernisation is frequently cited by CISOs as one of the primary blockers to adopting newer cryptographic standards.
Critically, v7 maintains customer-owned post-quantum keys that are never exposed to cloud providers, including AWS, Azure, GCP, or Oracle, a feature the company frames as addressing data sovereignty requirements increasingly demanded by regulators across financial services, healthcare, and critical national infrastructure sectors.
CTO Simon Pamplin described the core architectural shift: traditional controls focus on network perimeter defence, while v7 brings encryption and segmentation to the endpoint level. The effect, he argued, is that even a successful breach does not translate into usable stolen data, because attackers cannot decrypt what they have exfiltrated.
The platform also extends protection to AI workloads, securing training data, prompts, and model interactions as they traverse hybrid cloud environments, an increasingly relevant consideration as organisations integrate third-party AI infrastructure into sensitive operational pipelines.
On the operational side, Certes claims v7 reduces the “blast radius” of a breach through cryptographic micro-segmentation, containing lateral movement and limiting the regulatory fallout that typically follows a data exfiltration incident under GDPR, NIS2, and sector-specific frameworks.
v7 is available immediately as part of the Certes DPRM platform.
