Abstract

The emergence of quantum computing is a serious threat to traditional cryptographic algorithms, making it critical to transition to post-quantum cryptography (PQC). This work proposes a holistic conceptual and analytical framework for deploying PQC in multi-cloud environments where the complexity of different infrastructure, workloads and key management schemes pose significant security and efficiency problems. The proposed framework for crypto-agility follows a layered approach, with a cryptographic abstraction layer, a policy-based orchestration engine, a centralized hardware security module (HSM) management plane, and an ongoing monitoring module to facilitate a smooth transition from classical to hybrid and fully quantum-resistant cryptographic systems. He researches identifies and critically analyzes major challenges in deploying PQC technologies in multi-cloud environments, such as inter-cloud interoperability, computational complexity, latency, key management, and regulatory and compliance considerations. The framework tackles these challenges by incorporating hybrid cryptographic protocols that blend classic cryptographic algorithms with NIST-approved PQC algorithms, namely ML-KEM (FIPS 203) and ML-DSA (FIPS 204), to maintain backward compatibility and increase security against quantum-powered adversaries. Moreover, the framework proposes dynamic policy-driven algorithm selection to implement context-sensitive cryptographic enforcement based on sensitivity labels, security threats, and regulatory considerations. An experimental framework is proposed to assess the efficiency and scalability of PQC algorithms deployed in a multi-cloud environment, including metrics such as CPU usage, memory usage, latency and throughput with different workloads. Although this research is conceptual, it draws on previous benchmarking to discuss the securityperformance trade-offs associated with PQC. The results highlight the need for centralized trust anchors, crypto-agility and hybrid deployment models to address risks from cryptographic diversity and ensure the sustainability of security operations. This study advances the research on quantum-safe cloud security by offering a systematic, scalable and policy-oriented framework for PQC deployment. It provides practical guidance for businesses, cloud architects, and security professionals on how to safeguard against quantum vulnerabilities and ensure efficient operations in distributed systems by implementing quantum-safe cryptographic infrastructures.