Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.
We have all witnessed, and benefited from, the numerous technology changes that have occurred in the past few years. In this age of virtualization, cloud, software-defined architectures, Internet of things, artificial intelligence, and machine learning, our world is ever-more connected, dynamic, and sophisticated.
These technology advances have caused software development and IT operations to coalesce and streamline communications and collaboration. To keep pace with these ever-changing digital transformations, DevOps is adding new levels of agility, reducing development lifecycles, and delivering new features, fixes, and updates faster to meet business objectives.
However, as impactful as these new advances are, DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now, by implementing crypto-agility solutions that are available today.
You will be ahead of the game, if you test quantum-resistant algorithms in your systems, and consult with your security providers. If you don't already work with a certificate authority (CA,) I recommend you do some research, and consider working with a trusted CA that has expertise in quantum-resistant technology.
Authentication and Encryption Readiness for a Post-Quantum World
There is no doubt that DevOps will need to adjust its cultural mindset, adopt best practices, and acquire technology that will enable them to support quantum cryptography.
DevOps must have a plan to transition existing cryptography to post-quantum algorithms without disrupting its regular cadence of deploying packages and software updates. One of the best ways to be protected when post-quantum computing (PQC) arrives is to build crypto-agility into the infrastructure. This can be accomplished by implementing an automated public key infrastructure (PKI) platform. This will ensure software updates are automatically protected with secure communications and code signing throughout the enterprise. A key benefit is the ability to support today's crypto algorithms, as well as future quantum crypto algorithms, and toolkits for encryption, such as OpenSSL.
Security providers that offer high-assurance digital certificates can simplify the integration of PKI into existing DevOps infrastructure. The integration and automation of PKI lifecycle management into DevOps systems, whether deployed on premises or as a cloud service, use APIs that tie into continuous integration systems.
Automated and flexible PKI solutions that support multiple crypto algorithms will future-proof your security posture. As the cycle of technology change becomes ever more rapid, automation and agility are the key to ensuring crypto libraries and digital certificates are always up to date.
Quantum development work has been going on for decades. There are working quantum computers with a small number of qubits that are relatively unstable. This presents no threat to today's cryptographic algorithms; however, large-scale quantum computer threats may be a few short years away. For DevOps, the time spent in preparation today will ensure an organization will be ready for the next big crypto evolution. This will ensure readiness when post-quantum crypto standards are available. And when development and IT operational systems comply with those standards, organizations will be better protected from quantum computer threats.
Industry News
Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.
SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.
Venafi introduced TLS Protect for Kubernetes.
Tricentis announced the general availability of Tricentis Test Automation, a cloud-based test automation solution that simplifies test creation, orchestration, and scalable test execution for easier collaboration among QA teams and their business stakeholders and faster, higher-quality, and more durable releases of web-based applications and business processes.
Couchbase announced its Couchbase Capella Database-as-a-Service (DBaaS) offering on Azure.
Mendix and Software Improvement Group (SIG) have announced the release of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to immediately address risks and vulnerabilities.
Panaya announced a new Partnership Program in response to ongoing growth within its partner network over the past year.
Cloudian closed $60 million in new funding, bringing the company’s total funding to $233 million.
Progress announced the R1 2023 release of Progress Telerik and Progress Kendo UI.
Wallarm announced the early release of the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.
ThreatModeler launched Threat Model Marketplace, a cybersecurity asset marketplace offering pre-built, field-tested threat models to be downloaded — free for a limited time — and incorporated into new and ongoing threat modeling initiatives.
Software AG has launched new updates to its webMethods platform that will simplify the process by which developers can find, work on and deploy new APIs and integration tools or capabilities.