The clock is ticking. By 2030, enterprises must implement post-quantum cryptography to meet NIST’s deadline—and the journey starts today.
While quantum computers powerful enough to crack current RSA and ECC encryption remain on the horizon, the threat is real enough that waiting means falling behind. Smart organizations are already laying the groundwork for quantum-safe encryption, building the crypto-agility they’ll need to pivot when the moment arrives.
AppViewX CEO Dino DiMarino recently outlined five critical trends shaping the post-quantum landscape in Forbes. Here we explore two of the five trends that demand immediate attention from IT security leaders:
Build Your Crypto-Agility Foundation Now
Forward-thinking enterprises aren’t waiting for the quantum threat to materialize—they’re investing in flexibility today. This proactive approach involves three key steps:
Discovering cryptographic assets across your entire infrastructure
Automating certificate management to handle the complexity ahead
Designing systems that can seamlessly adopt quantum-safe encryption when needed
By building these capabilities now, organizations position themselves to adopt PQC smoothly when the pressure intensifies.
Assess Your Post-Quantum Cryptography Implementation Readiness:“Before you can begin post-quantum cryptography implementation, you need to understand your current cryptographic landscape and crypto-agility maturity. Download our comprehensive Post-Quantum Cryptography Assessment to understand your quantum exposure and prioritize remediation efforts for a successful PQC migration.”
NIST’s post-quantum cryptography standards aren’t just guidelines—they’re becoming mandates. Federal requirements and sector-specific regulations are creating a complex web of compliance obligations that organizations must navigate.
The good news? Early alignment with these standards does double duty: it strengthens your security posture today while demonstrating strategic foresight to stakeholders and regulators. Organizations that move early avoid the compliance rush and build competitive advantage.
The Path Forward
These two trends represent just the beginning. DiMarino’s full Forbes article explores additional critical insights around quantum-safe encryption implementation, hybrid testing approaches, DevSecOps integration, and strategic alignment with NIST standards.
Organizations that act now—investing in the right tools, processes, and expertise—will emerge from the quantum transition stronger and more competitive. Those that wait risk being caught flat-footed when quantum computing moves from theoretical threat to practical reality.
Plan Your NIST PQC Standards Strategy:“Ready to move beyond assessment to post-quantum cryptography implementation? Schedule a 30-minute consultation with our crypto-agility experts to discuss your organization’s specific quantum-safe encryption challenges and create a customized NIST PQC standards roadmap.”
A lot of companies have gotten comfortable with the way their job scheduling has always worked. It ran in the background, executed batch jobs and didn’t cause a lot of noise — so why change it?
The problem is, “just working” isn’t the same as being ready for what’s coming next, especially if you care about SAP’s evolution and the massive role AI is playing. In a world where digital transformation now means becoming an intelligent enterprise built on real-time data, you can’t afford not to make use of the “best of the best” solutions.
Luckily, SAP gives us an easy way to determine which compatible solutions the company most strongly stands behind: SAP Endorsed App Premium certification.
SAP Endorsed App: More than just a badge
SAP Endorsed Apps aren’t ordinary partner solutions. This invitation-only program highlights solutions that help you with strategic business challenges not directly addressed by core SAP functionality.
SAP Endorsed App status is the highest level of certification SAP offers, and it isn’t handed out lightly. It signals to customers that the solution has been extensively tested and validated to meet SAP’s highest standards for performance, security and integration.
Being an Endorsed App means a solution has been rigorously evaluated and passed SAP’s most demanding Premium certification standards. Every angle is tested to ensure the solution truly stands up to real-world enterprise demands, even in the most complex hybrid environments. Only solutions that are widely used by SAP customers, future-aligned and proven to deliver outstanding customer value earn this highest level of SAP trust.
SAP Endorsed App for workload automation
Taking advantage of SAP’s next-generation capabilities is particularly important when it comes to workload automation, the backbone of your mission-critical processes. SAP CEO Christian Klein envisions a world in which ERP, automation, data and AI all work together in one cohesive ecosystem. Your processes should run end to end, intelligently orchestrated rather than stitched together. If your automation layer isn’t deeply integrated and future-ready, it becomes an anchor dragging you down. And if your workload automation partner isn’t deeply aligned with SAP, you’re going to hit bottlenecks sooner than you think.
Many job scheduling solutions are certified to connect to SAP systems, even RISE with SAP. And that’s good, but it’s only the first step. Basic certification means a scheduler has been tested to connect and perform standard tasks, but it doesn’t tell you how it integrates, what extra infrastructure you need or whether it supports a clean core without workarounds and fragile custom code.
It’s kind of like giving your teenager a learner’s permit. Sure, they’re legally allowed to drive, but would you hand them the keys and say, “Go ahead, take your friends to the basketball game tonight … and use the freeway”? Probably not. You know that true readiness involves more than basic certification. It’s about trust, experience and minimizing risk — for the driver and everyone else on the road.
RunMyJobs is the experienced, fully licensed driver: the only workload automation solution that is an SAP Endorsed App, Premium certified. Thus, it’s optimized to run in complex SAP landscapes, including RISE with SAP, Business Technology Platform (BTP) and Business Data Cloud (BDC).
It’s not about whether your automation connects to SAP. It’s whether it truly unlocks SAP’s full value, without compromise.
True future-proofing: Not just a fancy marketing slogan
We all see “future-proof” plastered across marketing materials. But real future-proofing isn’t a tagline. It means what’s being offered is designed to evolve, not just function today.
With SAP Endorsed App status, RunMyJobs is verified to keep pace with SAP’s roadmap. There is a regular cadence for SAP and Redwood Software to collaborate and align product roadmaps. What you get from this: reduced risk, faster time-to-value and confidence that your automation engine won’t become the bottleneck when it’s time to embed AI into your core business processes. So when we talk about RunMyJobs being “future-proof,” we’re not throwing around empty words.
Don’t run your business on a learner’s permit. You need a solution that’s been trained, tested and trusted to navigate the entire journey confidently, even if the road ahead is uncertain.
Watch the video below to learn more about what RunMyJobs’ SAP Endorsed App status means for your business.
This isn’t a minor update. It’s a full-blown lifestyle shift for PKI and security teams. To put it in perspective, if you’re managing 5,000 certificates today, that’s 5,000 renewals a year. But by 2029, that number jumps to 60,000 renewals annually. That’s 12x more work, risk, and complexity.
And with shorter cycles, the stakes are higher. Even one missed renewal can lead to costly outages, security risks, and compliance failures. According to a recent Forrester survey, 57% of surveyed organizations reported incurring costs of at least $100,000 per outage.
For PKI admins and security teams already juggling high workloads, manual processes and semi-automated scripts won’t scale. They weren’t built for this pace or this level of complexity. What feels “manageable” today could quickly spiral into chaos—unless automation steps in.
So, what does real, scalable, full-spectrum TLS certificate lifecycle automation look like in a 47-day world? And how are the best teams getting it right?
Let’s break it down.
What Modern-Day TLS Certificate Automation Really Looks Like
Adapting to a 47-day TLS means leaning on automation, but not the kind that just sends you renewal reminders and handles a few renewals.
On the surface, certificate lifecycle management (CLM) might look straightforward—enroll, provision, install, renew, and done. But in practice, it’s a complex and layered process. There’s domain validation to complete, endpoints to bind, configurations to check, policies to enforce, and cryptographic hygiene to maintain. All of it needs to happen on time, in the correct order, and in sync.
That’s why full lifecycle automation is essential. You need complete orchestration across the certificate lifecycle—discovery, monitoring, issuance, renewal, provisioning, revocation, and reporting.
The CISO’s Guide to Certificate Lifecycle Management (CLM)
1. Continuous Discovery and Foundational Visibility
You can’t automate what you can’t see.
A best-in-class CLM solution continuously discovers certificates across your entire environment, including on-prem, cloud, DevOps pipelines, public and private CAs, and even those hiding in shadow IT. It builds a centralized inventory, mapping certificates back to owners, systems, expiration timelines, and compliance status, giving you complete visibility into your certificate landscape. Instead of juggling spreadsheets, you get clean, rich visual dashboards to monitor every certificate, flag risks early, and stay ahead of expirations. This visibility forms the foundation for automation.
2. Zero-Touch Renewals at Scale
In a 47-day renewal cycle, manual renewals are a guaranteed bottleneck.
Best-in-class CLM solutions automate certificate renewals and provisioning end-to-end. From generating the key pair and CSR to submitting it to the appropriate Certificate Authority (CA), retrieving the renewed certificate, installing it, and even binding it to the correct endpoint or application, every step is seamlessly managed without human intervention.
These solutions integrate directly with public and private CAs, Cloud providers, DevOps toolchains, ITSM platforms, and endpoints, orchestrating certificate management across cross-functional teams. And instead of juggling CA-specific portals, you manage everything through a single, unified console with complete certificate visibility across the enterprise.
The result? No missed steps, no misconfigurations, no last-minute scrambles.
3. Built-In Policy Enforcement
Automation isn’t just about speed; it’s also about control.
Best-in-class CLM automation solutions enforce cryptographic and operational policies at every step. From key length and algorithms to CA trust, approval workflows, and expiration limits, policies are applied automatically, so every certificate issued meets your standards by default. Requests that don’t comply are blocked or flagged, reducing human error and tightening compliance even as certificate volumes grow.
Role-based access control (RBAC) adds another layer of governance, clearly defining who can request, approve, or issue certificates. That means fewer rogue certs, less sprawl, and tighter control across the board.
And with every action logged in detailed audit trails, both internal and external audits become faster and easier.
4. Real-Time Alerts and Reporting
When certificates only last 47 days, you need to know what’s at risk before it becomes a problem.
Best-in-class CLM automation solutions provide real-time alerts and reports for expiring, misconfigured, or non-compliant certificates. You receive proactive notifications well before a certificate expiry and detailed compliance reports to keep stakeholders informed. This transparency is essential for continuous monitoring when operating on monthly renewal cycles.
5. Crypto-Agility and Rapid Response
While 47-day certificates are the immediate challenge, cryptography is evolving fast.
Post-quantum cryptography, CA distrust events, and changing regulatory standards demand the ability to adapt quickly and at scale.
Best-in-class CLM platforms are built for crypto-agility. They support seamless algorithm changes, bulk certificate replacement, and CA migrations without downtime or disruption. So when the next big cryptographic shift hits, you’re ready, not racing to catch up.
The New Normal for CLM Starts Now
The 47-day mandate marks a turning point: TLS certificate management is no longer a set-it-and-forget-it task. It now demands visibility, automation, policy control, and crypto-agility.
This is your opportunity to move beyond manual workarounds, modernize CLM processes, and build future-ready crypto resilience.
Leading PKI teams aren’t struggling to modernize CLM processes on their own. Instead, they’re investing in purpose-built CLM platforms that scale with today’s demands.
AppViewX AVX ONE CLM is built for this new reality. It delivers the visibility, automation, and policy control that PKI and CLM teams need today to handle 47-day renewals and prepare for PQC.
Don’t wait for outages to force your hand. Learn how AVX ONE CLM can future-proof your certificate operations or request a demo to see it in action.
In conversations with finance teams navigating automation, a familiar pattern often emerges. Leaders know their accounting operations need to evolve, but the path forward isn’t always clear. The sheer scope of a transformation can be paralyzing.
You can get out of this state of shock and start making strides when you realize you don’t need to overhaul your entire accounting function overnight.
I recommend a more pragmatic approach: Begin with a narrow focus, apply agile methods and build momentum through small, structured wins. Agile, originally a software development methodology, works exceptionally well in finance when adapted thoughtfully. Applied to accounting, it can give you a structured way to modernize processes without sacrificing efficient daily operations.
When you get it right, the transformation can feel like magic — not because it’s effortless but because of how dramatically it simplifies the work.
Step 1: Define your project and assemble your team
Agile begins with a clear purpose. What part of your accounting cycle is ripe for change? It might be:
Reducing manual effort in preparing recurring journal entries
Standardizing reconciliations for high-risk balance sheet accounts
Improving visibility and control over intercompany eliminations
Once you’ve selected your initial focus, identify a small, cross-functional team. That might include one or two accountants who manage the process today, a member of your IT or automation team and a team lead or controller to serve as the product owner.
Your goal is to scope out a project small enough to deliver real progress in a few weeks, rather than trying to automate everything.
Step 2: Choose your sprint cadence
Agile teams work in time-boxed cycles called sprints. In software, sprints typically last two weeks. This same rough sprint cadence also works well for finance. In my experience, two staggered sprints per month allow you to maintain momentum without interfering with the month-end or quarterly close cycle.
The key is to make the sprint regular and predictable. Every two weeks, your team should:
Review what was completed
Set clear, achievable goals for the next sprint
Prioritize the next set of tasks
Assign ownership based on capacity
This rhythm helps you maintain forward progress even amid daily demands and the ebbs and flows of a typical fiscal year.
Step 3: Start with process selection and discovery
Your first sprint should focus on understanding the process you want to improve. Let’s say you choose to automate a journal entry for prepaid expenses. This first step isn’t writing scripts. You need to understand how the process works today (pain points included), what systems and data are involved, what artifacts exist and what volume and complexity you’re dealing with.
Say you’re working on a recurring entry to allocate depreciation. You need to uncover: how the entry is generated today, what triggers it and when in the accounting period, which accounts it impacts, what documentation and validations exist and who reviews or adjusts it before it’s posted to the general ledger. You might also need to gather artifacts like Excel templates, email approval flows or ERP screenshots. These are your starting points for making sure your automation reflects a real workflow rather than an ideal one.
Don’t underestimate the importance of the discovery phase in making sure your automation efforts are grounded in reality.
Step 4: Break down tasks and build your backlog
Once you’ve scoped your process and gathered what you need, it’s time to translate your findings into tasks. Some examples:
Map the current workflow in a flowchart and make sure you cover any places where the process could fail or have to start over
Identify fields and logic needed for journal entry automation, so you know the required data and calculations
Review automation platform capabilities (e.g., templates or connectors)
Write acceptance criteria for a successful automation — this is how you’ll prove your new automation is working
Prepare test data or validate entry logic, and be sure to include several examples of the different kinds of data you might see to cover the most probable cases
Tasks that can’t be finished in this sprint go into your backlog. You can reprioritize that backlog after each sprint based on what you’ve learned or what’s most urgent.
Some tasks may expose gaps in how the process works today, and that’s a good thing. Agile sprints are built for learning, not perfection.
Step 5: Communicate, adjust and demo progress
A key agile principle is transparency. Short, regular check-ins — say, 15 minutes twice a week — keep everyone aligned and aware of blockers. No need for slides or long updates. A quick “What’s done, what’s next and what’s in the way?” is usually enough.
At the end of the sprint, reconvene for a demo. Even if you didn’t automate the entire process, showing a prototype or workflow map can energize your team and stakeholders. Use what you learn to shape the next sprint.
Where to start? Go for high pain, low complexity
If you’re not sure where to begin, I often recommend focusing on account reconciliations. They’re a consistent source of friction and effort, especially for temporary account balances or frequently adjusted liabilities. But many can be standardized or automated with relatively little effort.
For example, bank reconciliations follow a predictable pattern. Accrual accounts only need simple threshold logic. And intercompany receivables/payables might just require timing alignment.
Journal entries are another good candidate, particularly if they’re recurring and related to depreciation, allocations or amortizations. Their fixed logic and regular intervals make them perfect for early wins.
The record-to-report (R2R) cycle contains many interconnected subprocesses that are ideal for incremental automation. Applying agile to this domain brings visibility and momentum to your transformation efforts while minimizing risk and burnout.
Agile is how finance gets things done
Finance doesn’t often borrow from the world of software development, but it should. The pressure is real today to modernize, optimize and transform while still closing the books on time — no small feat. Agile gives your accounting team a way to improve processes iteratively, without waiting for perfect conditions or massive budgets. They get a repeatable structure and still have space for experimentation. Once they see how agile can turn a painful process into a streamlined one, you’ll have the buy-in you need to scale your automation strategy across your finance organization.
You won’t need a wand, just the right structure, people and mindset. Those create the real magic.
