Will DevOps Be Prepared When Quantum Computers Arrive?
September 10, 2019

Tim Hollebeek
DigiCert

We have all witnessed, and benefited from, the numerous technology changes that have occurred in the past few years. In this age of virtualization, cloud, software-defined architectures, Internet of things, artificial intelligence, and machine learning, our world is ever-more connected, dynamic, and sophisticated.

These technology advances have caused software development and IT operations to coalesce and streamline communications and collaboration. To keep pace with these ever-changing digital transformations, DevOps is adding new levels of agility, reducing development lifecycles, and delivering new features, fixes, and updates faster to meet business objectives.

However, as impactful as these new advances are, DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now, by implementing crypto-agility solutions that are available today.

You will be ahead of the game, if you test quantum-resistant algorithms in your systems, and consult with your security providers. If you don't already work with a certificate authority (CA,) I recommend you do some research, and consider working with a trusted CA that has expertise in quantum-resistant technology.

Authentication and Encryption Readiness for a Post-Quantum World

There is no doubt that DevOps will need to adjust its cultural mindset, adopt best practices, and acquire technology that will enable them to support quantum cryptography.

DevOps must have a plan to transition existing cryptography to post-quantum algorithms without disrupting its regular cadence of deploying packages and software updates. One of the best ways to be protected when post-quantum computing (PQC) arrives is to build crypto-agility into the infrastructure. This can be accomplished by implementing an automated public key infrastructure (PKI) platform. This will ensure software updates are automatically protected with secure communications and code signing throughout the enterprise. A key benefit is the ability to support today's crypto algorithms, as well as future quantum crypto algorithms, and toolkits for encryption, such as OpenSSL.

Security providers that offer high-assurance digital certificates can simplify the integration of PKI into existing DevOps infrastructure. The integration and automation of PKI lifecycle management into DevOps systems, whether deployed on premises or as a cloud service, use APIs that tie into continuous integration systems.

Automated and flexible PKI solutions that support multiple crypto algorithms will future-proof your security posture. As the cycle of technology change becomes ever more rapid, automation and agility are the key to ensuring crypto libraries and digital certificates are always up to date.

Quantum development work has been going on for decades. There are working quantum computers with a small number of qubits that are relatively unstable. This presents no threat to today's cryptographic algorithms; however, large-scale quantum computer threats may be a few short years away. For DevOps, the time spent in preparation today will ensure an organization will be ready for the next big crypto evolution. This will ensure readiness when post-quantum crypto standards are available. And when development and IT operational systems comply with those standards, organizations will be better protected from quantum computer threats.

Tim Hollebeek is Industry and Standards Technical Strategist at DigiCert
Share this

Industry News

August 06, 2020

Push Technology announced the launch of a new Kafka Adapter for their Diffusion Intelligent Data Mesh.

August 06, 2020

Appvia announced the launch of its Cost Prediction and Visibility tool, integrated within the latest version of its Kore platform.

August 06, 2020

LogiGear announced the newest addition to the TestArchitect™ family, TestArchitect Gondola.

August 05, 2020

Logz.io announced a partnership with HashiCorp, a provider in multi-cloud infrastructure automation software.

August 05, 2020

Digitate, a software venture of Tata Consultancy Services, announced the release of ignio™ AI.Assurance, an autonomous assurance product that enables enterprises to deliver better software faster, enhancing their business performance.

August 05, 2020

Harness acquired self-service Continuous Integration firm Drone.io, the creator of the open-source project Drone.

August 04, 2020

Aqua Security announced that its Cloud Native Security Platform is available through Red Hat® Marketplace, an open cloud marketplace that makes it easier to discover and access certified software for container-based environments across the hybrid cloud.

August 04, 2020

Threat Stack announced the availability of Threat Stack Container Security Monitoring for AWS Fargate.

August 04, 2020

OpenLogic by Perforce now provides an enterprise-class alternative to Oracle Java by offering OpenJDK distributions backed by OpenLogic support.

August 03, 2020

MuseDev launched on Github Marketplace the Early Access version of its code analysis platform, Muse, to help developers find and fix critical security, performance, and reliability bugs, efficiently, before they reach QA or production.

August 03, 2020

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

August 03, 2020

Felicis Ventures has invested an additional $5M in Sourcegraph, bringing the total raised to over $46M, including a $23M Series B in March 2020 led by Craft Ventures.

July 30, 2020

New Relic delivered strategic updates to New Relic One.

July 30, 2020

IT Revolution announced the DevOps Enterprise Summit Las Vegas 2020 will be going virtual.

July 30, 2020

Adaptavist announced the acquisition of Go2Group, a US technology firm specializing in Agile and DevOps services and cloud solutions for the enterprise.