Kathy Kriese has two jobs. On the surface, they don’t seem to have much in common. By day, she's a senior principal product manager at ServiceNow who works on quantum security, a field concerned with threats that don’t yet fully exist. By night, she performs with a Victorian caroling ensemble, where period-accurate harmonies and precise timing are the only standards that count.
She'll tell you they're the same job. “It's a precision discipline," she says about caroling. "The harmonies, the timing, the period accuracy—it all has to land exactly right. You either get it right or you don't.”
It's the kind of work that rewards people who prepare long before the moment of performance. That instinct has turned out to be the core of her professional life and instrumental to her taking a quantum leap. For years, she's been getting ready for something most enterprises haven't started thinking about: the serious and emerging threats posed by quantum computing.
The encryption that protects enterprise data today has held up for decades because of one fundamental assumption: Breaking it requires solving math problems that would take even the most powerful computers millions of years to crack. That assumption has been good enough, until now.
Quantum computers pose a specific threat to asymmetric encryption—RSA and elliptic-curve cryptography—which secures virtually every enterprise system. These algorithms depend on math that quantum computers can solve.
"The infrastructure you need to survive that moment cannot be built in a crisis,” Kriese says.
The problem is that enterprises are built to respond to threats that have already materialized: The chief information security officer presents a postmortem, the board approves a remediation budget, and the cycle repeats. Quantum doesn't fit that model. It will arrive not as a visible breach, but as a capability shift. And by the time that shift registers, it will be too late to respond.
Meanwhile, security researchers have documented a strategy known as "harvest now, decrypt later.” Adversaries are already collecting encrypted enterprise data at scale. These threat actors will let the data sit until quantum computing reaches the threshold where the encryption protecting it can be broken.
Kriese and her team chose not to wait. Their work is embodied in a capability called External Key Management Service, released as part of the Field Encryption Enterprise offering in the ServiceNow AI Platform Australia release.
The principle is straightforward, even if the execution isn't. Encryption keys live entirely outside the ServiceNow cloud. Customers control access to their own keys, set time limits on how long they remain active, and can revoke them on their own terms without waiting for ServiceNow to act.
If a threat appears, or if quantum capabilities advance faster than expected, the most sensitive data is already protected by architecture that doesn't depend on the cloud provider holding the keys.
It's a model sometimes called Hold Your Own Key (HYOK). But the name undersells the strategic logic. What HYOK represents is a bet about where accountability should live in the quantum era: not with the platform or distributed across a chain of trust, but with the organization that owns the data. The businesses that emerge from the quantum transition intact will be those that never outsource accountability.
Kriese also serves on the board of AchieveKids, a school that supports students with autism and emotional disorders. Her work there requires the same kind of long-horizon thinking: progress that accumulates over years, measured in outcomes that don't announce themselves.
That's the hardest part about making a case for quantum readiness inside most organizations. Security teams are rewarded for incident response. The faster the reaction is, the better the metric looks.
Investing heavily in thwarting a threat that hasn't yet materialized, and measuring success by the absence of a breach, requires a different kind of institutional courage. As with Victorian caroling, the payoff isn’t something someone can see.
"The win in security isn't always visible," Kriese says. "For me, that's the whole point."
Find out how to be prepared for the quantum revolution.