Subscribe Home Conversations On AI App Development CRM Enterprise IT Ethics & Governance Futures HR Industries ServiceNow on ServiceNow Platform Foundations Products & Solutions All topics For Leaders In IT & Dev Customer Experience Finance, Operations & Strategy Employee Experience Security & Risk News & Events People & Culture My List Explore All
LIGHTBULB MOMENTS July 10, 2026 2 min Taking a quantum leap Quantum computing hasn't broken enterprise encryption yet. Kathy Kriese is preparing for when it does. Ethics and Governance Thought Leadership
Evan Ramzipoor
Evan Ramzipoor Editorial Writer, ServiceNow
A translucent lightbulb with a lock in it against a mutlicolored background of squares

Kathy Kriese has two jobs. On the surface, they don’t seem to have much in common. By day, she's a senior principal product manager at ServiceNow who works on quantum security, a field concerned with threats that don’t yet fully exist. By night, she performs with a Victorian caroling ensemble, where period-accurate harmonies and precise timing are the only standards that count. 

She'll tell you they're the same job. “It's a precision discipline," she says about caroling. "The harmonies, the timing, the period accuracy—it all has to land exactly right. You either get it right or you don't.” 

It's the kind of work that rewards people who prepare long before the moment of performance. That instinct has turned out to be the core of her professional life and instrumental to her taking a quantum leap. For years, she's been getting ready for something most enterprises haven't started thinking about: the serious and emerging threats posed by quantum computing

A threat in slow motion 

The encryption that protects enterprise data today has held up for decades because of one fundamental assumption: Breaking it requires solving math problems that would take even the most powerful computers millions of years to crack. That assumption has been good enough, until now. 

Quantum computers pose a specific threat to asymmetric encryption—RSA and elliptic-curve cryptography—which secures virtually every enterprise system. These algorithms depend on math that quantum computers can solve.  

"The infrastructure you need to survive that moment cannot be built in a crisis,” Kriese says. 

The problem is that enterprises are built to respond to threats that have already materialized: The chief information security officer presents a postmortem, the board approves a remediation budget, and the cycle repeats. Quantum doesn't fit that model. It will arrive not as a visible breach, but as a capability shift. And by the time that shift registers, it will be too late to respond. 

Meanwhile, security researchers have documented a strategy known as "harvest now, decrypt later.” Adversaries are already collecting encrypted enterprise data at scale. These threat actors will let the data sit until quantum computing reaches the threshold where the encryption protecting it can be broken.  

Quantum computers pose a specific threat to asymmetric encryption, which secures virtually every enterprise system.

Building the key 

Kriese and her team chose not to wait. Their work is embodied in a capability called External Key Management Service, released as part of the Field Encryption Enterprise offering in the ServiceNow AI Platform Australia release

The principle is straightforward, even if the execution isn't. Encryption keys live entirely outside the ServiceNow cloud. Customers control access to their own keys, set time limits on how long they remain active, and can revoke them on their own terms without waiting for ServiceNow to act.  

If a threat appears, or if quantum capabilities advance faster than expected, the most sensitive data is already protected by architecture that doesn't depend on the cloud provider holding the keys. 

It's a model sometimes called Hold Your Own Key (HYOK). But the name undersells the strategic logic. What HYOK represents is a bet about where accountability should live in the quantum era: not with the platform or distributed across a chain of trust, but with the organization that owns the data. The businesses that emerge from the quantum transition intact will be those that never outsource accountability.  

The win you can't see 

Kriese also serves on the board of AchieveKids, a school that supports students with autism and emotional disorders. Her work there requires the same kind of long-horizon thinking: progress that accumulates over years, measured in outcomes that don't announce themselves. 

That's the hardest part about making a case for quantum readiness inside most organizations. Security teams are rewarded for incident response. The faster the reaction is, the better the metric looks.

Investing heavily in thwarting a threat that hasn't yet materialized, and measuring success by the absence of a breach, requires a different kind of institutional courage. As with Victorian caroling, the payoff isn’t something someone can see.

"The win in security isn't always visible," Kriese says. "For me, that's the whole point."

Find out how to be prepared for the quantum revolution.

The businesses that emerge from the quantum transition intact will be those that never outsource accountability.
Next up
Dive into more conversations AI App Development CRM Enterprise IT Ethics & Governance Human Resources Industries ServiceNow on ServiceNow Platform Foundations Products & Solutions All Topics
Stay in the know Join Us
stay in know image
Alt