“Compliance actually instills discipline within the design and architecting of systems. If you know that you have to meet specific compliance requirements, you tend to pay more attention to the way that you’re implementing things.” – Dr. Richard Searle
As the clock toward post-quantum cryptography (PQC) tightens, enterprises are realizing that quantum readiness isn’t just about adopting new algorithms but about building measurable control, visibility, and compliance into the very fabric of system design. In the latest episode of Shielded: The Last Line of Cyber Defense, Dr. Richard Searle, Chief AI Officer at Fortanix, joins host Jo Lintzen to explain why confidential computing and crypto agility form the foundation of that discipline.
Searle brings over two decades of experience in secure systems engineering to a subject that’s rapidly becoming board-level conversation: how to transition cryptography at enterprise scale without losing operational assurance. His framework is rooted in a simple idea: compliance is an accelerator of good design, not a burden.
Compliance as Architecture, Not Audit
Most organizations see compliance as a checklist. Searle challenges that. For him, regulatory frameworks like GDPR, DORA, and CNSA 2.0 define the parameters of disciplined engineering. When security teams design systems to produce evidence, through attestation, geo-location, and immutable logs, they move from reactive reporting to proactive assurance.
He illustrates how confidential computing allows enterprises to prove where workloads are running, how data is processed, and who approved access. The goal is no longer to say “we’re compliant,” but to show it, in real time, with verifiable data. This shift from compliance as obligation to compliance as architecture is what separates resilient organizations from exposed ones.
Confidential Computing: Protecting Data in Use
Traditional security models protect data at rest and in transit, but “data in use” has remained the weak point. Fortanix’s confidential computing platform addresses this by running workloads inside trusted execution environments, shielding memory even during processing.
Searle describes this as a “confidential computing base,” the foundation upon which quantum-safe strategies are built. With it, enterprises can integrate PQC algorithms, manage key rotation, and enforce policies across multi-cloud environments without sacrificing performance or control. It’s software-led, scalable, and designed for continuous verification, the three attributes every post-quantum migration will need.
Crypto Agility: Designing for Change
For Searle, the next evolution in security is not static protection but dynamic adaptability. Algorithms evolve, standards shift, and performance trade-offs emerge. “Crypto agility,” he explains, means building systems that can rotate algorithms, refresh keys, and update parameters without rebuilding everything from scratch. This design philosophy is what ensures longevity. Instead of one big migration, organizations can evolve incrementally, testing, verifying, and improving as standards mature. Agility turns cryptography from a fixed component into a living capability, responsive to both innovation and threat.
Turning Proof into Policy
Visibility without governance is just data. Searle emphasizes the importance of linking every proof point, attestation logs, geo-location records, and workload identities to policy. Through Fortanix’s architecture, these proofs are embedded into workflows, turning security evidence into enforceable control. He calls this machine-executed governance: humans define the rules, machines execute them with precision. Sensitive actions still require human quorum approval, but day-to-day encryption, key management, and code signing happen autonomously under verified policy. This human-in-the-loop design balances assurance with efficiency, an essential structure for quantum-era compliance.
Quantum Migration as Risk Management
Every enterprise now faces the same challenge: enormous volumes of cryptographic material, limited visibility, and finite time. Searle recommends treating quantum transition not as a technical sprint but as a risk management journey. Inventory first, evaluate exposure, and migrate by priority.
Internet-facing and revenue-critical systems should move first, not because they’re easier, but because they carry the greatest external dependency and reputational weight. Measured sequencing builds both resilience and credibility, which is a posture that regulators, partners, and customers can verify.
The Takeaway: Build for Proof, Not Promise
The message from Fortanix’s Chief AI Officer is straightforward: readiness is about evidence. The organizations that will thrive in the quantum era are those that can prove, not just claim that their systems are secure, compliant, and adaptable.
By embedding confidential computing, crypto agility, and measurable compliance into design, enterprises turn security from a project into a posture. As Searle puts it, compliance is not about limitation, it’s about clarity and discipline. And that’s the foundation of every resilient system built for the quantum age.
You can hear the full conversation with Dr. Richard Searle on Shielded: The Last Line of Cyber Defense, available now on Apple Podcasts, Spotify, and YouTube Podcasts.
About Richard Searle
Dr. Richard Searle is the Chief AI Officer at Fortanix, a global leader in confidential computing and data security. He leads Fortanix’s strategy at the intersection of cryptography, AI security, and post-quantum readiness, helping enterprises protect data across hybrid multi-cloud environments. With a background in systems engineering and safety-critical design, Richard brings more than two decades of experience in building secure, compliant, and resilient systems for both private and public sectors. Before becoming Chief AI Officer, Richard served as Fortanix’s Vice President of Confidential Computing and played a pivotal role in advancing the company’s confidential computing platform, which secures data in use through trusted execution environments. He has also served as the Chair of the End-User Advisory Council and General Members’ Representative to the Governing Board of the Confidential Computing Consortium under the Linux Foundation.