Orange Business and Cisco Advance Quantum-Proof Networking for Global Enterprise
Orange Business and Cisco Advance Quantum-Proof Networking Across Global Enterprise Infrastructure
Synopsis- Orange Business has introduced post-quantum cryptography-secured WAN services in partnership with Cisco.
- The rollout forms the first PQC component of Orange’s broader Quantum Defender portfolio.
- The initiative reflects growing urgency among enterprises to mitigate harvest-now, decrypt-later risks.
Orange Business is rolling out post-quantum cryptography-secured networking across its global infrastructure through a new partnership with Cisco, extending quantum-safe protections to enterprise wide-area networking services. The move marks a significant expansion of Orange’s Quantum Defender portfolio and positions post-quantum security as a core component of its managed network offerings.
The newly launched services enable PQC-secured WAN connectivity for Orange Business customers, with all core routing traffic protected using quantum-safe encryption. The implementation runs on Cisco 8000 Series Secure Routers and is delivered over a standard multiprotocol label switching architecture. While WAN services are already available, SD-WAN capabilities are expected to reach commercial availability later in the year as the next phase of the deployment.
According to reporting by SDxCentral, the Cisco deployment represents the first post-quantum cryptography service within Orange’s Quantum Defender suite. The broader portfolio also includes a Paris-exclusive quantum key distribution network built using QKD technology supplied by Toshiba. Orange executives described the Cisco partnership as a pragmatic starting point for operational PQC, citing both technical maturity and long-standing collaboration between the two companies.
In an interview referenced in the report, Frank de Jong, program director for quantum-safe networks at Orange, noted that Orange and Cisco have worked together for more than three decades, resulting in the deployment of roughly 400,000 Cisco routers across Orange’s infrastructure. Orange was also the first global telecommunications operator to deploy Cisco Catalyst SD-WAN, formerly known as Viptela, and currently supports more than 70 SD-WAN customers through Orange Business.
De Jong explained that Cisco’s readiness played a decisive role in its selection as the inaugural PQC partner. While Orange intends to extend post-quantum security across multiple suppliers over time, internal resource constraints required a phased approach. Cisco’s portfolio and development timelines were viewed as sufficiently mature to allow Orange to reach the market without delay.
Early field trials for the SD-WAN implementation are already underway, with Cisco’s production software expected to become available later in the year. De Jong indicated that PQC integration within Orange’s flexible VPN services may arrive sooner, but confirmed that post-quantum cryptography will be fully enabled across Orange’s SD-WAN offerings before year end. Core routing software is largely complete, with ongoing work focused on integrating PQC into SD-WAN functionality.
Beyond Cisco, Orange is actively engaging with additional vendors as part of its longer-term post-quantum roadmap. De Jong stated that Orange does not plan to wait for a single annual milestone before onboarding new partners. Once alternative suppliers deliver software deemed stable enough for live operational networks, Orange intends to begin parallel implementations.
That shortlist includes Palo Alto Networks, an existing Orange partner that has already introduced quantum-ready features within its PAN-OS firewall operating system. Orange has been conducting structured discussions with multiple vendors to assess readiness, stability, and projected launch timelines. While Orange could have delayed market entry by waiting for multiple vendors to align, the company opted to proceed first with Cisco in order to accelerate availability.
Orange believes the urgency of post-quantum security outweighs the benefits of a slower, multi-vendor launch. The company views rapid market access as critical given the growing threat of harvest-now, decrypt-later attacks, in which encrypted data intercepted today may be decrypted in the future once large-scale quantum computing becomes viable.
As part of the rollout, existing SD-WAN customers who are early in their contracts will be offered the option to migrate to PQC-enabled infrastructure ahead of renewal, while others may choose to transition later. Contract pricing is expected to increase modestly, reflecting the potential need for new hardware and the higher processing demands of post-quantum algorithms.
De Jong noted that PQC algorithms are significantly more processor-intensive than classical cryptography, which may necessitate hardware upgrades in some cases. Orange expects that most new network deployments will be PQC-enabled by default, arguing that there is little justification for launching new enterprise networks without quantum-safe protections.
Orange’s position aligns with broader industry concerns around Q-Day, the point at which quantum computers become capable of breaking widely used cryptographic standards. Similar motivations have driven PQC initiatives from vendors including Citrix, Nokia, and Fortinet, as enterprises seek to future-proof sensitive data against long-term exposure.
Cisco itself has been exploring quantum networking concepts beyond classical encryption, including prototype backbones for quantum-connected data centers. One such demonstration, known as Quantum Alert, uses entangled photons to detect eavesdropping attempts, leveraging the fragile nature of quantum states to make interception immediately visible.
Despite these advances, Cisco’s commercial approach combines classical and post-quantum cryptography in a hybrid model, reflecting prevailing industry practice. This stands in contrast to guidance from the U.S. National Security Agency, which has encouraged enterprises to adopt pure PQC for stronger protection. Meanwhile, the U.S. National Institute of Standards and Technology has mandated hybrid algorithms for federal agencies, with a compliance deadline set for the mid-2030s, broadly aligning with anticipated timelines for practical quantum threats.
When asked about potential confusion among European customers navigating competing standards such as QKD, PQC, and hybrid cryptographic models, de Jong acknowledged that the landscape remains complex. However, he observed that many customers ultimately defer to Orange to make informed technology selections on their behalf, trusting the operator to balance security, practicality, and readiness.
The report underscores how post-quantum security is shifting from theoretical planning to operational deployment, with Orange positioning itself among the first global operators to embed PQC directly into managed enterprise networks.
Source: SDxCentral – Have a Story? Address it to the Editor and submit it here
About Orange Business
Orange Business is the enterprise services division of Orange, providing global connectivity, cloud, cybersecurity, and digital transformation solutions to organizations across industries. Operating in more than 200 countries and territories, Orange Business supports multinational enterprises, public sector institutions, and digital-native companies with managed networks, SD-WAN, cloud integration, and advanced security services. The organization plays a central role in Orange’s innovation strategy, including the development of quantum-safe networking, 5G services, and secure digital infrastructure. Through initiatives such as the Quantum Defender portfolio, Orange Business aims to address emerging cybersecurity risks while maintaining operational resilience at global scale.
Featured image Source: Silicon Valley Magazine
Disclaimer
The information provided in this article is for general informational purposes only and from publicly available sources. While we strive for accuracy, we do not make any representations or warranties, express or implied, regarding the completeness, reliability, or validity of the content. This article does not make any direct claims about specific companies, individuals, or organizations. Any references to reports or external sources are for context and do not imply endorsement or verification of any specific allegations. Readers are encouraged to conduct their own research and seek professional advice before making business decisions. We disclaim any liability for any losses or damages incurred as a result of reliance on the information provided.