Quantum hardware is real, but enterprise-ready it is not. Here is what the IS field should be watching anyway.
Every few years a technology gets declared the next thing that will change everything. Quantum computing has been on that list for long enough that it is easy to dismiss it as permanently five years away. That would be a mistake. The hardware is real, it is advancing, and the IS implications are specific enough that researchers and practitioners should be paying attention now, even if enterprise deployment is still years out.
Let me start with what quantum computing actually is, because a lot of the hype collapses the distinction between "quantum computers exist" and "quantum computers can do useful things better than classical computers." IBM, Google, IonQ, and others have quantum hardware with tens to hundreds of qubits. IBM has publicly announced milestones like its Eagle, Osprey, and Condor processors, with qubit counts in the hundreds. Google famously claimed quantum supremacy in 2019 with its Sycamore processor on a specific synthetic problem. These are real achievements. They are also not enterprise IT. The systems require near-absolute-zero cooling, have high error rates, and are currently accessible primarily through cloud APIs for research and experimentation. The gap between "we have qubits" and "we can run your supply chain optimization on this" is wide.
What matters for IS is not whether quantum computing will transform everything next year. It is which specific problems quantum computing eventually addresses, and what organizations need to do in advance. There are three areas worth taking seriously.
The first is cryptography. This one is the most urgent from a governance standpoint. Shor's algorithm, developed in 1994, shows that a sufficiently powerful quantum computer could factor large integers exponentially faster than any known classical algorithm. RSA encryption, which underpins most of the internet's public-key infrastructure, relies on the computational difficulty of factoring large numbers. A quantum computer with enough stable qubits running Shor's algorithm would break RSA. The same logic applies to elliptic curve cryptography. This is not speculation. It is well-established theoretical result, and it has driven NIST to run a multi-year post-quantum cryptography standardization process. NIST finalized its first set of post-quantum cryptographic standards in 2024, including algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium. The IS governance question is when organizations should start migrating, not whether they should. The "harvest now, decrypt later" threat is already active: adversaries who can intercept and store encrypted traffic today can potentially decrypt it in a decade when quantum hardware matures. Data with long confidentiality requirements, government secrets, health records, financial data, is already at risk in the sense that its future confidentiality depends on the quantum transition happening before capable quantum hardware exists.
The second area is optimization. Quantum annealing and certain gate-based quantum algorithms offer potential advantages for specific optimization problems: logistics routing, portfolio optimization, scheduling. D-Wave has been selling quantum annealing systems for years, and some enterprises have run pilot experiments on supply chain problems. The results are mixed. For many practical problem sizes, classical heuristics like simulated annealing or genetic algorithms still compete well. The quantum advantage for real-world optimization is present in theory and starting to appear in narrow experimental contexts, but I would hedge any claim that enterprises are running operational optimization workloads on quantum hardware today with meaningful advantage over classical alternatives.
The third area is simulation. This is where physicists and chemists have been most excited for decades. Quantum computers can naturally simulate quantum systems, which means they could model molecular interactions at the quantum level in ways classical computers cannot. Drug discovery and materials science are the headline applications. Pharmaceutical companies and national labs are watching this closely. For IS researchers, this is interesting as a technology adoption and governance question: how do organizations that are not quantum physics labs incorporate quantum simulation outputs into their research and development workflows?
Gartner has tracked quantum computing on its Hype Cycle for Emerging Technologies for multiple years, and the Hype Cycle methodology is designed to capture exactly this dynamic where a technology generates enormous expectations, goes through a trough of disillusionment when it fails to deliver on inflated timelines, and then climbs toward a productivity plateau as actual enterprise use cases solidify. You can explore Gartner's Hype Cycle methodology and publicly available research at https://www.gartner.com/en/research/methodologies/gartner-hype-cycle. Based on publicly available Gartner commentary, quantum computing has remained in the early phases of the cycle for years, which is consistent with where I have described it. I would not cite specific Gartner percentages or rankings without a current subscription-level source in front of me.
The IS governance question I find most interesting is not "when will quantum be enterprise-ready" but "when should organizations start preparing for post-quantum cryptography." My answer is that most organizations should start now, at least at the inventory and planning level. Knowing which systems rely on RSA or elliptic curve cryptography, what their data sensitivity levels are, and what the migration path to post-quantum standards looks like is not a quantum computing problem. It is a risk management and systems governance problem that happens to have quantum computing as its threat model. NIST's published post-quantum standards give organizations a target to migrate toward. The migration itself is a significant IT project for any large organization, not unlike the TLS 1.0 deprecation cycles the industry has gone through before.
For IS researchers, quantum computing opens questions that are more sociological than technical. How do organizations make investment decisions about a technology whose timeline is genuinely uncertain? How do governance frameworks adapt to post-quantum cryptography transitions? How does quantum-as-a-cloud-service change the make-or-buy calculus for computationally intensive workloads? These are not questions about qubits. They are questions about organizational decision-making under uncertainty, IT governance, and technology strategy. They are solidly in the IS wheelhouse.
The other question worth raising is equity. Cloud-based quantum access through IBM Quantum, Amazon Braket, and Microsoft Azure Quantum means that organizations without the resources to build or buy quantum hardware can still experiment. But translating experimental access into operational capability requires deep expertise that is currently scarce and expensive. The quantum talent gap is real. If quantum advantage eventually materializes for specific business problems, the organizations best positioned to capture it will be those that started building quantum literacy early.
What makes me skeptical of dismissing quantum computing as perpetually hypothetical is the cryptographic risk, which is structural rather than dependent on quantum computing becoming generally capable. You do not need a universal quantum computer that solves arbitrary optimization problems to break RSA. You need a quantum computer that runs Shor's algorithm well enough on key sizes in current use. That bar is lower than general-purpose quantum supremacy, and it is the one that should be driving post-quantum migration conversations in organizations that handle sensitive long-lived data. Whether that threshold gets crossed in five years or fifteen is uncertain. Whether organizations should be preparing their cryptographic infrastructure for the transition is not.
About the author
Share
More notes
Related notes