Will DevOps Be Prepared When Quantum Computers Arrive?
September 10, 2019

Tim Hollebeek
DigiCert

We have all witnessed, and benefited from, the numerous technology changes that have occurred in the past few years. In this age of virtualization, cloud, software-defined architectures, Internet of things, artificial intelligence, and machine learning, our world is ever-more connected, dynamic, and sophisticated.

These technology advances have caused software development and IT operations to coalesce and streamline communications and collaboration. To keep pace with these ever-changing digital transformations, DevOps is adding new levels of agility, reducing development lifecycles, and delivering new features, fixes, and updates faster to meet business objectives.

However, as impactful as these new advances are, DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now, by implementing crypto-agility solutions that are available today.

You will be ahead of the game, if you test quantum-resistant algorithms in your systems, and consult with your security providers. If you don't already work with a certificate authority (CA,) I recommend you do some research, and consider working with a trusted CA that has expertise in quantum-resistant technology.

Authentication and Encryption Readiness for a Post-Quantum World

There is no doubt that DevOps will need to adjust its cultural mindset, adopt best practices, and acquire technology that will enable them to support quantum cryptography.

DevOps must have a plan to transition existing cryptography to post-quantum algorithms without disrupting its regular cadence of deploying packages and software updates. One of the best ways to be protected when post-quantum computing (PQC) arrives is to build crypto-agility into the infrastructure. This can be accomplished by implementing an automated public key infrastructure (PKI) platform. This will ensure software updates are automatically protected with secure communications and code signing throughout the enterprise. A key benefit is the ability to support today's crypto algorithms, as well as future quantum crypto algorithms, and toolkits for encryption, such as OpenSSL.

Security providers that offer high-assurance digital certificates can simplify the integration of PKI into existing DevOps infrastructure. The integration and automation of PKI lifecycle management into DevOps systems, whether deployed on premises or as a cloud service, use APIs that tie into continuous integration systems.

Automated and flexible PKI solutions that support multiple crypto algorithms will future-proof your security posture. As the cycle of technology change becomes ever more rapid, automation and agility are the key to ensuring crypto libraries and digital certificates are always up to date.

Quantum development work has been going on for decades. There are working quantum computers with a small number of qubits that are relatively unstable. This presents no threat to today's cryptographic algorithms; however, large-scale quantum computer threats may be a few short years away. For DevOps, the time spent in preparation today will ensure an organization will be ready for the next big crypto evolution. This will ensure readiness when post-quantum crypto standards are available. And when development and IT operational systems comply with those standards, organizations will be better protected from quantum computer threats.

Tim Hollebeek is Industry and Standards Technical Strategist at DigiCert
Share this

Industry News

February 27, 2020

Datadog announced an integration with Nessus from Tenable.

February 27, 2020

Talend announced the Winter ‘20 release of Talend Data Fabric.

February 27, 2020

Alcide announced that the Alcide Kubernetes Security Platform now supports compliance scans for PCI and GDPR, enabling DevOps to deliver regulatory compliance checks rapidly and seamlessly alongside Alcide’s leading Kubernetes security capabilities.

February 26, 2020

Perforce Software released a free tool for organizations considering open source software - OpenLogic Stack Builder.

February 26, 2020

Applause announced a new partnership with Infosys to provide broader end-to-end digital experience testing services to clients.

February 26, 2020

RapidMiner announced the release of its platform enhancement, RapidMiner 9.6. This update prioritizes people – not technology – at the center of the enterprise AI journey, providing new, unique experiences to empower users of varying backgrounds and abilities.

February 25, 2020

JFrog announced the availability of the "JFrog Platform," a hybrid, multi-cloud, universal DevOps platform.

February 25, 2020

Nureva added new agile canvas templates to Span Workspace, including a heat map developed by Jeff Sutherland, the co-creator of Scrum and founder of Scrum Inc. and Scrum@Scale.

February 25, 2020

Agiloft announced the addition of its new Agiloft AI Engine, complete with prebuilt AI Capabilities for contract management and an open AI integration that allows customers to incorporate custom-built AI tools into the no-code platform.

February 24, 2020

Cloudify announced that its latest product update - Cloudify version 5 - features an Environment as a Service component, designed to achieve consistent delivery and management of hybrid-cloud services and network infrastructures across CI/CD pipelines - at scale.

February 24, 2020

Checkmarx announced new enhancements to its Software Security Platform to empower more seamless implementation and automation of application security testing (AST) in modern development and DevOps environments.

February 24, 2020

Rapid7 and Snyk announced a strategic partnership to deliver end-to-end application security to organizations developing cloud native applications.

February 20, 2020

The American Council for Technology and Industry Advisory Council (ACT-IAC), the premier public-private partnership dedicated to advancing government through the application of information technology, officially announced the release of the DevOps Primer.

It was produced through a collaborative, volunteer effort by a working group from government and industry, hosted by the ACT-IAC Emerging Technology Community of Interest (COI).

February 20, 2020

DLT Solutions, a subsidiary of Tech Data, launched the Secure Software Factory (SSF), a framework that provides the U.S. public sector with consistent development and deployment of high-quality, scalable, resilient and secure software throughout an application’s lifecycle.

February 20, 2020

Netography announced the general availability of the company’s Security Operations Platform.