Insights & TrendsMarket Trends

MX in the news: Security Week. The ‘harvest now, decrypt later problem’.

Michael Byrne
By Michael Byrne
March 30, 2023 7 Min Read
1.9K 0

Security Week highlighted a threat that sounds simple and behaves like a long-term trap: harvest now, decrypt later. The core idea is straightforward. Attackers do not always need to read your data today. They can copy encrypted archives now, store them quietly, and wait for better compute, better tooling, or future cryptographic breakthroughs to make those files readable later. For organisations handling long-life intellectual property, sensitive legal records, product designs, or regulated documentation, that changes the security question completely.

Table Of Content

It is no longer enough to ask whether a file is protected during this quarter or this year. The harder question is whether the file will still be defensible years from now, after it has crossed suppliers, partners, cloud services, and internal systems. That is the context in which My MX Data’s ASR model, described as a quantum secure patented methodology, becomes relevant. It tackles the problem at the architectural level, not only through stronger ciphers.

In plain language, MX does not treat a sensitive file as one complete object that travels intact from sender to recipient. It breaks content into anonymised shards, routes those shards separately, and restores them only for named recipients. If one shard is intercepted, it is not a readable file. It is noise without the rest of the structure, the context, and the approved restoration path.

Why harvest now, decrypt later is a different category of risk

This threat is different because time starts working for the attacker. In ordinary breach thinking, there is a strong focus on immediate access, immediate damage, and immediate containment. Harvest now, decrypt later shifts the timeline. A bad actor can steal first, disappear, and wait. That makes long-value data especially vulnerable because the useful life of the file can far outlast today’s encryption assumptions.

  • Time works against defenders: a file that is unreadable today may become readable later if it has already been collected and stored.
  • Long-value data carries the most risk: product designs, clinical research, legal archives, engineering models, and proprietary methods often remain valuable for years.
  • Quiet theft is enough: attackers do not need to use the data immediately. Silent collection can be the entire objective.
  • Distributed supply chains widen the exposure surface: the more systems and counterparties that touch a file, the more chances there are to collect it unnoticed.

This is why the threat deserves a more serious treatment than generic future-proofing language. The issue is not theoretical for organisations whose sensitive files move often and stay valuable for a long time. It is operational. If your most important data is copied today and held for later decryption, your exposure may be invisible until it is too late to do anything about the collection itself.

Why early adoption matters

Post-quantum controls are still rare in practice. Your source material cites a datapoint near 0.029 percent in some OpenSSH contexts. That is exactly why firms with long-life sensitive data are starting to look beyond conventional encryption on its own.

MX ASR in one minute

MX combines sharding with anonymisation and restore on demand. Each shard travels a separate route, stripped of context and identifying metadata, then recombines only for the authorised person. Add end to end audit trails, strict recipient control, expiry, and governed collaboration, and you get a workflow designed to reduce the value of interception while keeping teams productive.

That matters because file sharing is not a niche activity sitting at the edge of business. It is central to how work gets done. Your source pack notes that 39 percent of cloud business data is used for file sharing. Put that beside the extremely early adoption of post-quantum transport controls and the picture becomes clear. Sharing is everywhere. Future-ready protection is not.

39%
Cloud data
is used for file sharing Source
0.029%
Observed adoption
of post-quantum transport in some measures Source
57
Services
used by the average enterprise Source

Those figures tell the real story. Sensitive data is moving constantly, often across too many systems, while the protections designed for future decryption risk are still uncommon. That longer cryptographic horizon is exactly what sits behind quantum-ready protection.

Why architecture matters more than slogans

The phrase harvest now, decrypt later creates the impression that the whole answer must sit inside cryptography. That is only part of the picture. Strong encryption remains essential, but if the file still moves as one recognisable unit, through broad links, weak access control, scattered approvals, and partial visibility, the organisation is still relying on a fragile operating model.

That is why ASR matters as an architectural response. It reduces exposure by changing what an attacker can meaningfully collect during transit. Instead of stealing one complete object and waiting for future decryption, the attacker faces fragmented content, missing context, separate paths, named restoration rules, and a governed audit trail. The point is not magic. The point is to make capture less useful, correlation harder, and recovery more dependent on pieces the attacker does not have.

Criterion Link sharing Encryption only MX ASR model
Harvest later risk High, copies are easy to collect Lower today, but future exposure remains if a full copy is captured Shards lack full context and require controlled restoration
Access control Open or forwarded links Key based protection Named users with expiry and tighter permissions
Audit evidence Limited Fragmented End to end logs
Large package handling Often unreliable Depends on the workflow Built for large transfers with governance intact
Operational discipline Users improvise around the tool Protection may sit apart from the workflow Security, accountability, and collaboration stay in one lane

What this means in real projects

The organisations most exposed to harvest now, decrypt later are usually the ones handling files with both long shelf life and frequent movement. Engineering teams, legal functions, research groups, regulated industries, and distributed supplier environments all fit that pattern. Their problem is not only that the file must be protected. It is that the file must keep moving while staying governable.

This is why a strong transport model needs more than a secure send button. It needs named recipient discipline, clear permissioning, searchable evidence, location controls, and collaboration that stays attached to the transfer instead of fragmenting across inboxes and chat threads. That broader operating model is the same one reflected in B2B secure file exchange, The Insider’s Guide to Advanced Features, and robust security features.

Short FAQs

These are the questions that usually come up first when teams start thinking beyond conventional encrypted transfer.

No. Think of ASR as an additional layer that changes the transport model around the encrypted payload. MX uses encryption and ASR together, then restricts restoration to named users, which strengthens control over what is collected and what can actually be reconstructed.

Every action is captured in a searchable audit trailA chronological record of who accessed what, when, and from where, used to demonstrate delivery, permissioning, and activity history.. That helps teams show delivery, prove access scope, and reduce ambiguity when disputes turn on who saw what and when they saw it.

Yes. Data sovereignty options let teams choose where shards live, which supports stronger control over jurisdiction, contractual handling, and GDPR aligned practice.

Because future decryption risk is only one part of the problem. Broad links, unclear recipients, and uncontrolled forwarding still create exposure today. Named access makes the sharing scope tighter from the start and gives teams a better basis for revocation, monitoring, and accountability.

Five actions to start this month

These are practical moves that improve resilience without requiring a full programme reset.

Identify long-value data first

List the archives and working files that will still matter five years from now, then move those workflows to end to end encrypted sharing with ASR where appropriate.

Retire public links for sensitive transfers

Enforce named recipients, expiry, and download limits for external movement of valuable or regulated files.

Pin approvals to the transfer

Use MX Conversations so decisions, clarifications, and approvals stay attached to the file rather than disappearing into inbox sprawl. That same workflow discipline is what gives secure collaboration essentials their real value in practice.

Set region rules deliberately

Apply data sovereignty defaults by project, contract, or data class, then document those choices in policy so teams do not improvise them case by case.

Measure the workflow, then tighten it

Review the audit trail monthly, tune expiry windows, remove unused access, and check whether the approved process is fast enough that people will actually use it.

Practical reminder

Tools do not guarantee compliance. MX provides controls that support GDPR and ISO programmes, including named access, audit logs, and data location choices. Policies, legal review, and training still complete the protection.

What matters most about the Security Week angle

The most useful thing about the Security Week framing is that it pulls attention away from present-moment breach thinking and toward long-horizon exposure. That is where many organisations are still underprepared. They are set up to ask whether a transfer is safe today, but not whether today’s copied archive becomes tomorrow’s readable asset.

MX ASR matters in that conversation because it changes the shape of what gets captured during movement. By combining anonymisation, sharding, named restoration, and full activity evidence, it gives teams a more disciplined way to move long-life sensitive files without treating future decryption risk as somebody else’s problem. That same transport logic is what sits behind Balancing speed and security, robust security features, and The Insider’s Guide to Advanced Features.

Here is what counts

Harvest now, decrypt later rewards anyone who can copy your data today and wait patiently. MX’s ASR method answers that by splitting and anonymising content, binding access to named users, and recording every meaningful action.

For organisations protecting long-value data, that creates a stronger transport model than relying on conventional encryption alone while keeping delivery practical for real teams.

Start Your Free 7 Day Trial View Demo

Share Article

Michael Byrne
Author

Michael Byrne

I'm a dynamic professional with extensive experience in project and business management across automotive, construction, and aerospace sectors. Currently, as Head of Digital at Majenta, I lead transformative projects, focusing on maintaining and enhancing MX as a high-performance file sharing platform. My role involves strategic project delivery and aligning digital initiatives with core business values. I excel in stakeholder management, problem-solving, and fostering strategic partnerships. Passionate about continuous learning, I thrive in high-pressure environments and enjoy contributing to MX's market presence through innovative solutions and robust project execution.

Follow Me
Other Articles