Will DevOps Be Prepared When Quantum Computers Arrive?
September 10, 2019

Tim Hollebeek
DigiCert

We have all witnessed, and benefited from, the numerous technology changes that have occurred in the past few years. In this age of virtualization, cloud, software-defined architectures, Internet of things, artificial intelligence, and machine learning, our world is ever-more connected, dynamic, and sophisticated.

These technology advances have caused software development and IT operations to coalesce and streamline communications and collaboration. To keep pace with these ever-changing digital transformations, DevOps is adding new levels of agility, reducing development lifecycles, and delivering new features, fixes, and updates faster to meet business objectives.

However, as impactful as these new advances are, DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now, by implementing crypto-agility solutions that are available today.

You will be ahead of the game, if you test quantum-resistant algorithms in your systems, and consult with your security providers. If you don't already work with a certificate authority (CA,) I recommend you do some research, and consider working with a trusted CA that has expertise in quantum-resistant technology.

Authentication and Encryption Readiness for a Post-Quantum World

There is no doubt that DevOps will need to adjust its cultural mindset, adopt best practices, and acquire technology that will enable them to support quantum cryptography.

DevOps must have a plan to transition existing cryptography to post-quantum algorithms without disrupting its regular cadence of deploying packages and software updates. One of the best ways to be protected when post-quantum computing (PQC) arrives is to build crypto-agility into the infrastructure. This can be accomplished by implementing an automated public key infrastructure (PKI) platform. This will ensure software updates are automatically protected with secure communications and code signing throughout the enterprise. A key benefit is the ability to support today's crypto algorithms, as well as future quantum crypto algorithms, and toolkits for encryption, such as OpenSSL.

Security providers that offer high-assurance digital certificates can simplify the integration of PKI into existing DevOps infrastructure. The integration and automation of PKI lifecycle management into DevOps systems, whether deployed on premises or as a cloud service, use APIs that tie into continuous integration systems.

Automated and flexible PKI solutions that support multiple crypto algorithms will future-proof your security posture. As the cycle of technology change becomes ever more rapid, automation and agility are the key to ensuring crypto libraries and digital certificates are always up to date.

Quantum development work has been going on for decades. There are working quantum computers with a small number of qubits that are relatively unstable. This presents no threat to today's cryptographic algorithms; however, large-scale quantum computer threats may be a few short years away. For DevOps, the time spent in preparation today will ensure an organization will be ready for the next big crypto evolution. This will ensure readiness when post-quantum crypto standards are available. And when development and IT operational systems comply with those standards, organizations will be better protected from quantum computer threats.

Tim Hollebeek is Industry and Standards Technical Strategist at DigiCert
Share this

Industry News

November 21, 2019

PASS, the global community of data professionals, has become one of the first major users of a new solution from Redgate that automatically discovers and classifies sensitive data in SQL Server.

November 21, 2019

OutSystems has embedded AI and machine learning in its software to make building applications even easier and faster for everyone.

November 21, 2019

Fugue announced Fugue Developer, a free tier that puts engineers in command of cloud security through the entire software development lifecycle (SDLC).

November 20, 2019

JFrog announced the launch of JFrog Container Registry - powered by JFrog Artifactory - as an advanced Docker container registry.

November 20, 2019

CloudBees introduced a graphical user interface (GUI) for Jenkins X.

November 20, 2019

Portworx announced an update to Portworx Enterprise, its container-native storage platform, to enable companies to run, scale, backup, and recover mission-critical applications on Kubernetes: PX-Backup and PX-Autopilot for Capacity Management.

November 19, 2019

Parasoft announced complete support for the newly updated 2019 Common Weakness Enumeration (CWE) Top 25 and "On the Cusp" (an additional 15 weaknesses) for C, C++, Java, and .NET languages.

November 19, 2019

Red Hat announced the release of Red Hat CodeReady Workspaces 2, a cloud-native development workflow for developers.

November 19, 2019

Postman has introduced Postman Visualizer, a two-fold feature that offers benefits for both API consumers and API developers.

November 18, 2019

Hewlett Packard Enterprise (HPE) announced the HPE Container Platform, an enterprise-grade Kubernetes-based container platform designed for both cloud-native applications and monolithic applications with persistent storage.

November 18, 2019

Lacework announced its integration with Datadog, a monitoring and analytics platform.

November 18, 2019

Codefresh is introducing a live CI/CD debugging tool.

November 14, 2019

Raytheon Company is collaborating with Red Hat to develop a new, security-focused software development solution, known as DevSecOps, for enterprise environments.

November 14, 2019

Fugue has open sourced the Fugue Rego Toolkit (Fregot) to enhance the experience working with the Rego policy language.

November 14, 2019

Sysdig announced Sysdig Secure 3.0 to provide enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP).