Keeping classified information secret in a world of quantum computing – Bulletin of the Atomic Scientists

By the end of 1943, the US Navy had installed 120 electromechanical Bombe machines like the one above, which were used to decipher secret messages encrypted by German Enigma machines, including messages from German U-boats. Built for the Navy by the Dayton company National Cash Register, the US Bombe was an improved version of the British Bombe, which was itself based on a Polish design. Credit: National Security Agency

Quantum computing is a technology that promises to revolutionize computing by speeding up key computing tasks in areas such as machine learning and solving otherwise intractable problems. Some influential American policy makers, scholars, and analysts are extremely concerned about the effects quantum computing will have on national security. Similar to the way space technology was viewed in the context of the US-Soviet rivalry during the Cold War, scientific advancement in quantum computing is seen as a race with significant national security consequences, particularly in the emerging US-China rivalry. Analysts such as Elsa Kania have written that the winner of this race will be able to overcome all cryptographic efforts and gain access to the state secrets of the losing government. Additionally, the winner will be able to protect its own secrets with a higher level of security than contemporary cryptography guarantees.

These claims are considerably overstated. Instead of worrying about winning the quantum supremacy race against China, policy makers and scholars should shift their focus to a more urgent national security problem: How to maintain the long-term security of secret information secured by existing cryptographic protections, which will fail against an attack by a future quantum computer.

The race for quantum supremacy. Quantum supremacy is an artificial scientific goalone that Google claims to have recently achievedthat marks the moment a quantum computer computes an answer to a well-defined problem more efficiently than a classical computer. Quantum supremacy is possible because quantum computers replace classical bitsrepresenting either a 0 or a 1with qubits that use the quantum principles of superposition and entanglement to do some types of computations an order of magnitude more efficiently than a classical computer. While quantum supremacy is largely meant as a scientific benchmark, some analysts have co-opted the term and set it as a national-security goal for the United States.

These analysts draw a parallel between achieving quantum supremacy and the historical competition for supremacy in space and missile technology between the United States and the Soviet Union. As with the widely shared assessment in the 1950s and 1960s that the United States was playing catchup, Foreign Policy has reported on a quantum gap between the United States and China that gives China a first mover advantage. US policy experts such as Kania, John Costello, and Congressman Will Hurd (R-TX) fear that if China achieves quantum supremacy first, that will have a direct negative impact on US national security.

Some analysts who have reviewed technical literature have found that quantum computers will be able to run algorithms that allow for the decryption of encrypted messages without access to a decryption key. If encryption schemes can be broken, message senders will be exposed to significant strategic and security risks, and adversaries may be able to read US military communications, diplomatic cables, and other sensitive information. Some of the policy discussion around this issue is influenced by suggestions that the United States could itself become the victim of a fait accompli in code-breaking after quantum supremacy is achieved by an adversary such as China. Such an advantage would be similar to the Allies advantage in World War II when they were able to decrypt German radio traffic in near-real time using US and British Bombe machines (see photo above).

The analysts who have reviewed the technical literature have also found that quantum technologies will enable the use of cryptographic schemes that do not rely on mathematical assumptions, specifically a scheme called quantum key distribution. This has led to the notion in the policy community that quantum communications will be significantly more secure than classical cryptography. Computer scientist James Kurose of the National Science Foundation has presented this view before the US Congress, for example.

Inconsistencies between policy concerns and technical realities. It is true that quantum computing threatens the viability of current encryption systems, but that does not mean quantum computing will make the concept of encryption obsolete. There are solutions to this impending problem. In fact, there is an entire movement in the field to investigate post-quantum cryptography. The aims of this movement are to find efficient encryption schemes to replace current methods with new, quantum-secure encryption.

The National Institute of Standards and Technology is currently in the process of standardizing a quantum-safe public key encryption system that is expected to be completed by 2024 at the latest. The National Security Agency has followed suit by announcing its Commercial National Security Algorithm Encryption Suite. These new algorithms can run on a classical computera computer found in any home or office today. In the future, there will be encryption schemes that provide the same level of security against both quantum and classical computers as the level provided by current encryption schemes against classical computers only.

Because quantum key distribution enables senders and receivers to detect eavesdroppers, analysts have claimed that the ability of the recipient and sender [to] determine if the message has been intercepted is a major advantage over classical cryptography. While eavesdropper detection is an advancement in technology, it does not actually provide any significant advantage over classical cryptography, because eavesdropper detection is not a problem in secure communications in the first place.

When communicating parties use quantum key distribution, an eavesdropper cannot get ciphertext (encrypted text) and therefore cannot get any corresponding plaintext (unencrypted text). When the communicating parties use classical cryptography, the eavesdropper can get ciphertext but cannot decrypt it, so the level of security provided to the communicating parties is indistinguishable from quantum key distribution.

The more pressing national security problem. While the technical realities of quantum computing demonstrate that there are no permanent security implications of quantum computing, there is a notable longer-term national security problem: Classified information with long-term intelligence value that is secured by contemporary encryption schemes can be compromised in the future by a quantum computer.

The most important aspect of the executive order that gives the US government the power to classify information, as it relates to the discussion of quantum computing and cryptography, is that this order allows for the classification of all types of information for as long as 25 years. Similarly, the National Security Agency provides guidelines to its contractors that classified information has a potential intelligence life of up to 30 years. This means that classified information currently being secured by contemporary encryption schemes could be relevant to national security through at least 2049and will not be secure in the future against cryptanalysis enabled by a quantum computer.

In the past, the United States has intercepted and stored encrypted information for later cryptanalysis. Toward the end of World War II, for example, the United States became suspicious of Soviet intentions and began to intercept encrypted Soviet messages. Because of operator error, some of the messages were partially decryptable. When the United States realized this, the government began a program called the Venona Project to decrypt these messages.

It is likely that both the United States and its adversaries will have Venona-style projects in the future. A few scholars and individuals in the policy community have recognized this problem. Security experts Richard Clarke and Robert Knake have stated that governments have been rumored for years to be collecting and storing other nations encrypted messages that they now cannot crack, with the hope of cracking them in the future with a quantum computer.

As long as the United States continues to use encryption algorithms that are not quantum-resistant, sensitive information will be exposed to this long-term risk. The National Institute of Standards and Technologys quantum-resistant algorithm might not be completedand reflected in the National Security Agencys own standarduntil 2024. The National Security Agency has stated that algorithms often require 20 years to be fully deployed on NSS [National Security Systems]. Because of this, some parts of the US national security apparatus may be using encryption algorithms that are not quantum-resistant as late as 2044. Any information secured by these algorithms is at risk of long-term decryption by US adversaries.

Recommendations for securing information. While the United States cannot take back any encrypted data already in the possession of adversaries, short-term reforms can reduce the security impacts of this reality. Taking 20 years to fully deploy any cryptographic algorithm should be considered unacceptable in light of the threat to long-lived classified information. The amount of time to fully deploy a cryptographic algorithm should be lowered to the smallest time frame feasible. Even if this time period cannot be significantly reduced, the National Security Agency should take steps to triage modernization efforts and ensure that the most sensitive systems and information are updated first.

Luckily for the defenders of classified information, existing encryption isnt completely defenseless against quantum computing. While attackers with quantum computers could break a significant number of classical encryption schemes, it still may take an extremely large amount of time and resources to carry out such attacks. While the encryption schemes being used today can eventually be broken, risk mitigation efforts can increase the time it takes to decrypt information.

This can be done by setting up honeypotssystems disguised as vulnerable classified networks that contain useless encrypted dataand allowing them to be attacked by US adversaries. This would force adversaries to waste substantial amounts of time and valuable computer resources decrypting useless information. Such an operation is known as as defense by deception, a well-proven strategy to stymie hackers looking to steal sensitive information. This strategy is simply an application of an old risk mitigation strategy to deal with a new problem.

Quantum computing will have an impact on national security, just not in the way that some of the policy community claims that it will. Quantum computing will not significantly reduce or enhance the inherent utility of cryptography, and the outcome of the race for quantum supremacy will not fundamentally change the distribution of military and intelligence advantages between the great powers.

Still, the United States needs to be wary of long-term threats to the secrecy of sensitive information. These threats can be mitigated by reducing the deployment timeline for new encryption schemes to something significantly less than 20 years, triaging cryptographic updates to systems that communicate and store sensitive and classified information, and taking countermeasures that significantly increase the amount of time and resources it takes for adversaries to exploit stolen encrypted information. The threats of quantum computing are manageable, as long as the US government implements these common-sense reforms.

Editors Note: The author wrote a longer version of this essay under a Lawrence Livermore National Laboratory contract with the US Energy Department. Lawrence Livermore National Laboratory is operated by Lawrence Livermore National Security, LLC, for the US Department of Energy, National Nuclear Security Administration under Contract DE-AC52-07NA27344. The views and opinions of author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. LLNL-JRNL-799938.

Read the original here:
Keeping classified information secret in a world of quantum computing - Bulletin of the Atomic Scientists

Encryption Software Market research interpreted by a new report – WhaTech Technology and Markets News

The encryption software market is segmented on the basis of applications: disk encryption, file/folder encryption, database encryption, communication encryption, and cloud encryption. The disk encryption segment is expected to hold the largest market size during the forecast period. The importance of encrypting a disk is that even if the encrypted disk is lost or stolen, its encrypted state remains unchanged, and only an authorized user can access its contents. Currently, enormous amounts of data are being generated and stored across organizations. It has increased the cost of protecting critical data against thefts and breaches.

Get Research Insights @ http://www.adroitmarketresearch.com/contactample/1055

Recent developments in the mobile technology in terms of software and hardware, their distribution among businesses, and the increasing penetration of smartphones are further projected to offshoot the demand over the coming years. The increased number of enterprises moving toward cloud computing, combined with the Big data, demand the protection of sensitive data, thus raising the deployment for encryption software.

Key Encryption Software Market players

Major vendors in the global encryption software market include IBM (US), Microsoft (US), Symantec (US), Thales e-Security (France), Trend Micro (Japan), Sophos (UK), Check Point (Israel), Micro Focus (UK), McAfee (US), Dell (US), WinMagic (US), ESET (US), Cryptomathic (Denmark), Bitdefender (Romania), Stormshield (France), and CipherCloud (US). These vendors have adopted various organic and inorganic growth strategies, such as new product launches, partnerships and collaborations, and mergers and acquisitions, to further expand their presence in the global encryption software market.

Thales e-Security (France) is among the leading vendors offering encryption solution and services across the globe. The companys encryption product offering includes data encryption, Vormetric application crypto suite, and key management.

Thales e-Security offers its customers best-in-class encryption solution to meet compliance. Moreover, the company provides best practice requirements for protecting data from external threats or malicious insiders with proven, high-performance, and scalable data encryption.

In 2018, the company invested about 6% of its annual revenue in R&D to develop new products with enhanced capabilities and gain a competitive edge.

Getthis Report @ http://www.adroitmarketresearch.com/contactcount/1055

Global Encryption Software Market 2019 research reports around the world provide in-depth analysis, including summaries, definitions, and market coverage. The Encryption Software industry is broken down by product, location and region.

This segmentation is intended to give the reader a detailed understanding of the market and the essential elements that make up the market. This allows you to better describe the driver, restraint, threats and opportunities.

The Encryption Software Market analysis report expresses about the growth rate of global market up to 2025 by revenue, chain structure, manufacturing process and market entry strategies. The Encryption Software Market report providing comprehensive syndicated market research reports with in-depth analysis of global trending markets and global sectors.

The research experts use exclusive mixture of primary and secondary research, different analytics, and industry research to give a holistic view of the market and business ecosystem.

Encryption Software Market Competitive Analysis:

Encryption Software market analysts involved in the study use their unique primary and secondary research techniques and tools to present the information and data most accurately. This report provides a comprehensive analysis of the competitive environment, including company profiling of top companies operating in the market.

Readers will be given detailed information on the market, including neatly calculated revenue and volume growth, CAGR and market share estimates. This report provides systematically prepared statistics showing a comparison of the above-mentioned estimates over the entire forecast period.

In addition, Encryption Software s offers various benefits such as preserving wealth through proactive management & suitable strategies, it assists with the allocation of wealth from one generation to next through strategic asset allocation and it mitigate risks by diversifying investments. The benefits of these Encryption Software s increase demand worldwide.

However, the limited availability of Encryption Software s is one of the major factors limiting the market growth of Encryption Software s around the world. As competition with hedge funds, investment banks, and other asset management companies intensifies, it is difficult to find merchants with the required level of expertise and keep advisors.

Global Encryption Software Market report outlines characteristics and growth, SWOT analysis, Porters five, pest analysis, segmentation, regional overview, competitive landscape, market share. The present market condition and future prospects of the segment has also been examined.

The report includes accurate analysis of data from players in the primary industry and their area of market through most analytical tools.

For Any Query on the Encryption Software Market @ http://www.adroitmarketresearch.com/contactuying/1055

Encryption Software Market Report Highlights:

Chapter 1. Executive Summary

Chapter 2. Research Methodology

Chapter 3. Market Outlook

Chapter 4. Global Encryption Software Market Overview, By Type

Chapter 5. Global Encryption Software Market Overview, By Application

Chapter 6. Global Encryption Software Market Overview, By Region

Chapter 7. Company Profiles

This email address is being protected from spambots. You need JavaScript enabled to view it.

Excerpt from:
Encryption Software Market research interpreted by a new report - WhaTech Technology and Markets News

SigmaDots is building decentralized IoT security for everything – Stacey on IoT

Essence Group, an Israeli smart home and medical device company, wanted to get serious about security, so it created a startup calledSigmaDotsthat is now spinning out to become its own venture. Itsik Harpaz, the CEO of SigmaDots, is taking a three-pronged approach to securing the IoT and believes it could work for everything from the smart home to industrial settings.

Harpaz says that many of the devices used in the internet of things are relatively low power and resource-constrained, which can make them hard to secure. Its both expensive to buy chips that can ensure good security with a secure enclave and encryption, and those security options can require more power or memory than a sensor really has. Add to the constraints on the device and there are also just so many of them, that securing them might be physically impossible.

Thus security at the outermost edge is difficult. But having security inside a data center or inside a gateway device on a factory floor has a different set of challenges. There, devices need ways to handle encrypted data, they need to handle security for the more powerful computers inside gateway devices, and they need to secure apps running on those devices.

Between the gateway and the edge devices, companies also need to think about data flowing across the network and what might happen if an attacker gains access to the network. This is a lot to worry about, which is why most businesses will rely on a mix of security services such as firewalls, encryption, network monitoring and software that runs on edge devices and checks back into a cloud for credentials.

SigmaDots tries to tackle all of the above with its product. For the edge, it has an agent that will run on all devices and enables devices that are in good standing to communicate their data back to a gateway using a proprietary communications protocol. This is a similar approach toMocana, which also communicates through a proprietary communication protocol.

In its marketing materials, SigmaDots says it uses the blockchain, but in reality, it is mimicking the blockchains decentralized architecture but isnt doing any tracking of changes or ledger functions associated with a blockchain. I found this confusing, so let me just say straight up that SigmaDots is not using blockchain.

Thats not a negative. The agent on each device is important, and so far SigmaDots is working with cellular chip makers to get its agent installed on their devices, which helps make it easier to find edge devices that will be secure using the SigmaDots system. It also handles the fears of network attacks and attacks on applications running on the gateway with a firewall and behavior monitoring. That way its tough for hackers to operate the network, and if they do, weird behavior will be flagged.

Typically, firewalls and network monitoring come from two different vendors and must be cobbled together by IT staff. SigmaDots also offers encryption of data in motion and at rest as well as secure MQTT messaging. Finally, the license fee also includes continuous monitoring and patching, which makes sense because security threats are constantly evolving.

There are dozens of companies trying to tackle aspects of IoT security, although few are trying to tackle everything. I think SigmaDots may have to focus on one set of customers as opposed to trying to win business in industrial, enterprise and in the smart home, but there is plenty of interest in new IoT security options, and if it really can provide an all-in-one solution, SigmaDots would have a big advantage.

Related

Read more:
SigmaDots is building decentralized IoT security for everything - Stacey on IoT

Encryption Key Management Software Market to Witness Increased Incremental Dollar Opportunity During the Forecast Period 2020 2026 – Reporting 99

Global Encryption Key Management Software Market 2020 research will help you to decide how the market will evolve, to make confident decisions to capture new opportunities. Encryption Key Management Software Market Report also describes the supply and demand scenario, marketplace panorama, and aggressive scenario. The report covers the increase scenarios over the coming a long time & dialogue of the key carriers.

Global Encryption Key Management Software Market 2020 Report comprises of strong research of global business which empowers the consumer to look at the possible requirement as well as foresee the implementation. The restraints and drivers have been assembled following a deep study of the global Encryption Key Management Software Market proficiency. The development ratio thats requested from the viewpoint of the rational analysis offers detailed info of the global Encryption Key Management Software industry. Encryption Key Management Software Market Research report has analyzed all current trends and previous status of business under the supervision of business specialists. By which report supplies impending assessment of Encryption Key Management Software Market that includes market size in value and volume by region, manufacturers, kind and application.

Get Sample Report @ https://www.reportsintellect.com/sample-request/804597

Major Players in the Encryption Key Management Software Market Report:Netlib SecurityFortanixAvery OdenAWSMicrosoftOpenBSDHyTrustGnuPGHashicorpGemalto

Moreover, the report also focuses on global prominent manufacturers of Encryption Key Management Software market delivering information such as company profiles, production, price, cost, revenue, product picture and specification, capacity, and contact information. Upstream raw materials, equipment, and components, and downstream demand analysis are also carried out. The Global Encryption Key Management Software market growth trends and marketing channels are considered. As a very last factor, the feasibility of recent funding initiatives are evaluated and universal research conclusions presented.

Market Segment by Type, coversCloud BasedWeb Based

Market Segment by Applications, can be divided intoLarge EnterprisesSMEs

Get Discounted Report @ https://www.reportsintellect.com/discount-request/804597

The record can help to understand the marketplace and strategize for business growth as a consequence. In the strategy analysis, it gives insights from marketing channel and market positioning to potential growth strategies, providing in-depth analysis for new entrants or exists competitors in the Encryption Key Management Software industry.

Reasonsto Buythis Encryption Key Management Software Report:

About us:Reports Intellect is your one-stop solution for everythingassociated withmarketing researchand market insight. We understand the importance of market intelligence & its need in todays competitive world.

Our professional team works hard to fetchthe foremostauthentic research reports backed with spotless data figures which guarantee outstanding resultswheneverfor you.

So, whetheritsthe newestreport from the researchers or a custom requirement, our team is hereto assistyouwithin theabsolute bestway.

Contact Us:Sales@reportsintellect.comPH + 1-706-996-2486US Address:225 Peachtree Street NE,Suite 400,Atlanta, GA 30303

Follow this link:
Encryption Key Management Software Market to Witness Increased Incremental Dollar Opportunity During the Forecast Period 2020 2026 - Reporting 99

Encryption Software Market Increasing Demand with Leading Player, Comprehensive Analysis, Forecast 2026 – Jewish Life News

The Encryption Software Market report 2020-2026 provides a comprehensive analysis of the current market for Smart Camera. It determines the market size of Encryption Software and also determines the factors that control market growth. The report begins with a basic overview of the Encryption Software industry and then goes into the Details of the Encryption Software market.

Global Encryption Software Market was valued at USD 3.32 billion in 2016 and is projected to reach USD 30.54 billion by 2025, growing at a CAGR of 27.96% from 2017 to 2025.

The Encryption Software market report provides detailed information on key factors, Opportunities, Challenges, industry trends and their impact on the market. The market report Encryption Software also includes company data and its operation. This report also contains information about the pricing strategy, brand strategy and target customer of the Encryption Software market. It also provides the distributors/dealer list offered by the company. This research report also deals with the main competition, the market development with forecast of the expected years and the expected growth rates. The main factors that drive and influence growth market data and analysis come from a combination of primary and secondary sources.

Get | Download Sample Copy @https://www.verifiedmarketresearch.com/download-sample/?rid=1826&utm_source=JLN&utm_medium=002

[Note: our free sample report provides a brief introduction to the table of contents, table of contents, list of tables and figures, competitive landscape and geographic segmentation, as well as innovations and future developments based on research methods.]

The top Manufacturer with company profile, sales volume, and product specifications, revenue (Million/Billion USD) and market share

Global Encryption Software Market Competitive Insights

The competitive analysis serves as a bridge between manufacturers and other participants that are available on the Encryption Software Market. The report includes a comparative study of Top market players with company profiles of competitive companies, Encryption Software Market product innovations and cost structure, production sites and processes, sales details of past years and technologies used by them. The Encryption Software Market report also explains the main strategies of competitors, their SWOT analysis and how the competition will react to changes in marketing techniques. In this report, the best market research techniques were used to provide the latest knowledge about Encryption Software Market to competitors in the market.

Global Encryption Software Market Segmentation information

The report provides important insights into the various market segments presented to simplify the assessment of the global Encryption Software Market. These market segments are based on several relevant factors, including Encryption Software Market product type or services, end users or applications and regions. The report also includes a detailed analysis of the regional potential of the Encryption Software Market, which includes the difference between production values and demand volumes, as well as the presence of market participants and the growth of each Region over the given forecast period

Ask For Discount (Exclusive Offer) @ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=1826&utm_source=JLN&utm_medium=002

Encryption Software Market: Regional Analysis :

As part of regional analysis, important regions such as North America, Europe, the MEA, Latin America, and Asia Pacific have been studied. The regional Encryption Software markets are analyzed based on share, growth rate, size, production, consumption, revenue, sales, and other crucial factors. The report also provides country-level analysis of the Encryption Software industry.

Table of Contents

Introduction: The report starts off with an executive summary, including top highlights of the research study on the Encryption Software industry.

Market Segmentation: This section provides detailed analysis of type and application segments of the Encryption Software industry and shows the progress of each segment with the help of easy-to-understand statistics and graphical presentations.

Regional Analysis: All major regions and countries are covered in the report on the Encryption Software industry.

Market Dynamics: The report offers deep insights into the dynamics of the Encryption Software industry, including challenges, restraints, trends, opportunities, and drivers.

Competition: Here, the report provides company profiling of leading players competing in the Encryption Software industry.

Forecasts: This section is filled with global and regional forecasts, CAGR and size estimations for the Encryption Software industry and its segments, and production, revenue, consumption, sales, and other forecasts.

Recommendations: The authors of the report have provided practical suggestions and reliable recommendations to help players to achieve a position of strength in the Encryption Software industry.

Research Methodology: The report provides clear information on the research approach, tools, and methodology and data sources used for the research study on the Encryption Software industry.

What will you find out from the global Encryption Software Market Report?

The report contains statistical analyses of the current and future Status of the global Encryption Software Market with a forecast to 2026.The report contains detailed information on manufacturers, Encryption Software Market raw material suppliers and buyers with their trade outlook for 2020-2026.The report informs you about the most important drivers, technologies and Trends that will shape the global Encryption Software Market in the near future.The report added an exclusive market segmentation, broken down by Product Type, Encryption Software Market end user and Region.The strategic perspectives on Encryption Software Market Dynamics, current production process and applications.

Complete Report is Available @ https://www.verifiedmarketresearch.com/product/global-encryption-software-market-size-and-forecast-to-2025/?utm_source=JLN&utm_medium=002

About Us:

Verified market research partners with clients to provide insight into strategic and growth analytics; data that help achieve business goals and targets. Our core values include trust, integrity, and authenticity for our clients.

Our research studies help our clients to make superior data-driven decisions, capitalize on future opportunities, optimize efficiency and keeping them competitive by working as their partner to deliver the right information without compromise.

Contact Us:

Mr. Edwyne FernandesCall: +1 (650) 781 4080Email:[emailprotected]

See the article here:
Encryption Software Market Increasing Demand with Leading Player, Comprehensive Analysis, Forecast 2026 - Jewish Life News

What to Do When You Need AppSec Right Now – Security Boulevard

Its 2020. If youre developing applications, you need application security. Period.

This is an important message with high stakes. Yet, because we live in a world where things move fast, teams are stretched, budgets are tight and the pressure is on to deliver, its no surprise many organizations dont have the type of bulletproof AppSec program they need in place. Whether youre starting from scratch or are in the process of building out a security program, a single vulnerability in the software development lifecycle (SDLC) can jeopardize the security of an entire application.

The modern software development lifecycle is complex. Continuous integration and continuous delivery mean you need to be continuously scanning for vulnerabilities. You need to close the security chasm and avoid potential risk to critical business applications, including the overall impact on business. But theres cost, time and complexity associated with onboarding your first vulnerability discovery tools. So, you need a variety of resources to successfully execute consistent, comprehensive security scans. All this can lead to serious security paralysis when trying to institutionalize an implementation policy.

Youd think this calls for careful planning and meticulous implementation of a comprehensive program for risk-based vulnerability orchestration across applications and infrastructure. Youre not wrong, but you cant wait. So, whats a Dev or Ops team to do?

Heres some good news. Companies with an emerging or growing AppSec and vulnerability management program can bootstrap their efforts with open source software (OSS). No commercial offerings required. Companies can use a wide range of OSS scanning tools to quickly integrate across all phases of the SDLC and immediately reduce business risk. There are software composition analysis (SCA) tools to automate visibility into open source components. Static application security testing (SAST) tools analyze developers code, and dynamic application security testing (DAST) looks for vulnerabilities in deployed software. And open source cloud management scanning can validate the security of applications deployed across AWS environments.

Using open source tooling for rapid AppSec enables you to jumpstart and accelerate critical security initiatives without taking a big bite out of your two scarcest resources: money and time. The scanning tools are freeit doesnt get any more cost-effective than that. And without the complex onboarding typically associated with commercial toolsets, you can deploy application security programs rapidly.

Of course, this is just the first step in building a robust, closed-loop discovery and remediation process across your organization, but it is a big first step. Immediately plugging your AppSec gaps gives you a head start on integrating application scanning across the SDLC to ensure business risk is managed effectively. From there, you can focus on building out your program to better manage overall business risk and drive security into DevOps with capabilities such as compression and ingestion to prioritize units of development work, target discovery and application mapping, security governance through policy configuration and more.

ZeroNorths solution for Rapid AppSec delivers a set of out-of-the-box OSS scanning tools to help address security through all phases of the SDLC, including both developer and third-party components. By embedding these tools directly within the platform, you can get started even fasterand youll use a central platform to manage all those AppSec scan tools and to help prioritize areas of risk across the SDLC.

Visit the ZeroNorth booth (#5360 in Expo Hall North) to get a demo of our risk-based vulnerability orchestration platform around Rapid AppSec and Open Source Tooling. Youll see first-hand how you can reduce business risk by quickly integrating security scanning across the SDLC and how, with open source scan tools embedded directly within the platform, you can jumpstart critical initiatives without the need for commercial offerings. If youd like to schedule a time to meet at the show, weve got an easy meeting request form available now.

Not going to RSA? No problem. You can request a demo of the Rapid AppSec solution at any time.

More:
What to Do When You Need AppSec Right Now - Security Boulevard

Transforming the traditional classroom with Open Education – Moodle

The Tamarind Tree school in Dahanu, India, encourages self-learning through open educational resources and open technology

At Tamarind Tree, the traditional classroom and traditional teacher role do not exist. Using open source software and open educational resources, the school has developed an entire digital ecosystem, with their LMS built on Moodle My Big Campus in the centre.

Each day, students access the learning content and go through activities independently, nurturing their curiosity and self-assurance. In this setting, the role of the teacher is not as someone who delivers content, but more like a facilitator who mentors the children during their learning journey. As well as guiding the children through what theyre learning, when a teacher detects that a student is having difficulties with a topic or concept, or requires help, they will schedule one-on-one meetings where they both research and learn together.

Because our system is technologically run its extremely easy to pinpoint exactly in which concept [] the learner is facing a problem, says Tamarind Tree team member Ayushi.

Facilitators are then ready to provide the most suitable intervention to support the learners understanding.

Learn more about the open education framework at Tamarind Tree in the Project Nomad video below:

Visit link:
Transforming the traditional classroom with Open Education - Moodle

White House Earmarks New Money for A.I. and Quantum Computing – The New York Times

SAN FRANCISCO White House officials on Monday unveiled plans to increase federal funding for the development of artificial intelligence and quantum computing, two cutting-edge technologies that defense officials say will play a key role in national security.

The funding, part of the Trump administrations $4.8 trillion budget proposal, would direct more money for A.I. research to the Defense Department and the National Science Foundation. The administration also wants to spend $25 million on what it calls a national quantum internet, a network of machines designed to make it much harder to intercept digital communication.

For several years, technologists have urged the Trump administration to back research on artificial intelligence which could affect things as diverse as weapons and transportation and quantum computing, a new way to build super-powerful computers. Chinas government, in particular, has made building these machines a priority, and some national security experts worry that the United States is at risk of falling behind.

The proposed spending follows earlier administration moves. In 2018, President Trump signed a law that earmarked $1.2 billion for quantum research. The Energy Department recently began distributing its portion of that money about $625 million to research labs in industry, academia and government.

The dollars we have put into quantum information science have increased by about fivefold over the last three years, said Paul Dabbar, under secretary for science at the Energy Department, in an interview.

Last year, Mr. Trump signed an executive order that made A.I. research and development a national priority.

The new budget proposal would increase funding for artificial intelligence research at the Defense Advanced Research Projects Agency, a research arm of the Defense Department, to $249 million from $50 million, and at the National Science Foundation to $850 million from about $500 million. The administration also vowed to double funding for A.I. and quantum computing research outside the Defense Department by 2022.

Big tech companies have invested heavily in A.I. research over the last decade. But many experts have worried that universities and government labs have lost much of their talent to businesses. Under the new funding plan, the National Science Foundation would apply $50 million to help train A.I. experts.

The worlds biggest technology companies, from Google in the United States to Alibaba in China, are also racing to build a quantum computer, a new kind of machine that could be used to break the encryption that protects digital information. Researchers are using the same scientific principles to create new technology that could withstand such an attack.

In 2017, after four years of planning and construction, China unveiled a dedicated quantum communication network between Beijing and Shanghai. Two Chinese provinces invested $80 million in the project. It has also tested quantum encryption techniques via satellite.

With the $25 million, the Energy Department would build a network connecting its 17 national research labs, which include Los Alamos in New Mexico and Argonne outside Chicago. Using this test network, researchers would explore quantum encryption technologies with an eye toward creating a secure network across the country.

This is a test bed for new technologies, said David Awschalom, a professor at the University of Chicago who oversees much of the universitys quantum research and would play a role in the effort at the national labs. We are using the power of the national labs to fuel the country.

Here is the original post:
White House Earmarks New Money for A.I. and Quantum Computing - The New York Times

Opinion | Prepare for a world of quantum haves and have-nots – Livemint

Buried within the 13,000-odd words of the Union Budget speech on Saturday was a paragraph that set aside 8,000 crore over five years for the National Mission on Quantum Technologies and Applications. Most commentators seem to have either missed or overlooked this budgetary allocation, but in terms of significance, the implications are well worth considering.

More than two years ago, the department of science and technology launched the Quantum-Enabled Science and Technology (QuEST) programme with an aim to develop technical capacity within the country to build quantum computers and communications systems comparable with the best in the world. The first phase of the project was to build the infrastructure and acquire human resources to develop physical and computation structures for improving precision in quantum measurement. The eventual goal is to build quantum computers domestically.

Though the allocation in this years budget is clearly part of a long-term national strategy, I cannot help wonder whether it is, at least in some small measure, a response to Googles recent announcement that it had achieved quantum supremacy"the ability to perform a calculation on a quantum computer that is impossible on a conventional computer. And the fear that we might, once again, be falling behind.

As much as I enjoy science, quantum mechanics gives me a headache. Quantum computing is an order of magnitude more perplexing. Ordinary computers function using binary logic gates that can be either off or on. This is why classical computers store information in bitseither as a 0 or 1. On the other hand, quantum computers can store information as both a 0 and a 1 at the same time using a quantum property called superposition. This means that with two quantum bits (or qubits), information can be stored in four possible states of superposition, and as more qubits are added, the computational power grows exponentially.

While this gives us more computing power, quantum computers are error-prone. The quantum state is delicate. It lasts for a fraction of a second and is easily disrupted by tiniest of vibrations or variations in temperature. This noise" in calculations causes mistakes to occur, and unless we can make them sufficiently error-free, quantum computing will not be commercially viable. Googles breakthrough was to achieve sufficient control over the process to allow its experimental computer to outperform a traditional computer. As a result, its computer could solve in 200 seconds what would take the worlds fastest supercomputer 10,000 years.

We still have a long way to go before quantum computing becomes commercially viable, but there is reason for urgency. As soon as quantum computing becomes commercially viable, much of what we take for granted today will become irrelevant.

Take encryption, for example. Almost all digital security today is based on the RSA algorithm that encrypts messages by relying on the factorization of two large prime numbers. While it is easy to multiply two prime numbers, it is very difficult to factorize them. RSA encryption exploits this feature, making it impossible for even governments and private actors with near infinite computational resources to decrypt messages. This is why we have the confidence to store valuable information in encrypted archives on the cloud, secure in the knowledge that even the largest corporations and most technologically advanced governments dont have the computational capability to decrypt these databases and access the information stored inside.

Once quantum computers are capable of being used for decryption, the computational hurdles of prime number factorization that we now rely on will become trivial to overcome. Shors algorithm already describes a process by which quantum computers could be used find the prime factors of any integer. In 2001, IBM proved that this algorithm works by using a 7 qubit computer to factorize the number 15 into 5 and 3. Googles Sycamore processor harnessed 53 qubits in its latest experiment, demonstrating that much higher computational capabilities are already within our grasp. Once our quantum computers have reached a sufficiently advanced level of stability, even the highest encryption known to man will be easy to defeat.

When that happens, cyber security as we know it will be a thing of the past. All the secure data services that we rely on will be thrown wide open, allowing anyone with a quantum computer to easily access the information within. Given the imminence of major breakthroughs in quantum computing, it is rumoured that there is already an underground market for encrypted data in anticipation of a time when all this information can be decrypted and the secrets of famous personalities can be exposed.

In the war for quantum supremacy, it is those who can understand and use the fundamental technologies behind quantum computing who will emerge dominant. In the not-so-distant future, the world will be divided into the quantum haves and have-nots. It is imperative that India makes every effort to stay in the game if it is to have any hope of remaining relevant. If we are to retain any measure of technological independence, we will need to ramp up our research in quantum computing and actively invest in the development of indigenous quantum computational capabilities.

Rahul Matthan is a partner at Trilegal and author of Privacy 3.0: Unlocking Our Data Driven Future

See original here:
Opinion | Prepare for a world of quantum haves and have-nots - Livemint

Enterprise hits and misses – quantum gets real, Koch buys Infor, and Shadow’s failed app gets lit up – Diginomica

Lead story - Quantum computing - risks, opportunities and use cases - by Chris Middleton

MyPOV: Master-of-the-edgy-think-piece Chris Middleton unfurled a meaty two-parter on the realities of quantum computing. As a quantum computing fan boy and a proud quantum-changes-everything association member curmudgeon, I was glad to see Chris take this on.

In Quantum tech - big opportunities from (very, very) little things, he reminds us that pigeonholing quantum as "computing" is a mistake:

Quantum technology embraces a host of different systems, each of which could form a fast-expanding sector of its own if investors shift their focus away from computing. These include quantum timing, metrology, and navigation, such as the development of hyper-accurate, portable atomic clocks.

Each use case carries its own risks/opportunities, and need for transparency, particularly when you combine quantum and "AI." However, based on the recent sessions he attended, Chris says we should think of quantum as enhancing our tool kit rather than replacing classic computing outright. He concludes:

In business and technology, we see a world of big objects and quantifiable opportunities, and it is far from clear how the quantum realm relates to it though it is clear that it does. In short, investors, policymakers, and business leaders need something tangible and relatable before they reach for their credit cards.

Translation quantum computing is so 2021 (or maybe 2025). But I find middle ground with the hypesters: we'd better start talking about the implications now. Quantum computing has a far greater inevitability than say, enterprise blockchains.

Diginomica picks - my top stories on diginomica this week

Vendor analysis, diginomica style. Bears might be hibernating, but enterprise software vendors sure aren't napping:

Koch buys Infor: When Infor's CFO Kevin Samuelson took over the CEO role from Charles Phillips, many felt that the pending Infor IPO was in play. Well, many were wrong. Derek was on the case:

Infor to be acquired by Koch Industries - whats the likely impact? and the follow-on: Infor answers questions on Koch acquisition. The big question here, to me, isn't why Koch versus IPO. It's CloudSuite SaaS adoption. And which industries can Infor address via SaaS industry ERP? Derek's pieces give us important clues - and we'll we watching.

Google breaks out cloud earnings: ordinarily, earning reports are not watershed moments. But this was the first time "Alphabet" broke out Google Cloud (and YouTube) numbers. Google is obviously wary of the AWS and Azure comparisons. But it's not easy to break it all out anyhow (Google added GSuite revenues in also). Stuart parses it out inGoogle's 'challenger' cloud business hits $10 billion annual run rate as Alphabet breaks out the numbers for the first time.

SAP extends Business Suite maintenance to 2030 (with caveats): Arguably the biggest SAP story since the leadership change. Den had some questions stuck in his craw things to say, so he unfurled a two-parter:

MyPOV: a smart move - though an expected one - for the SAP new leadership team, with the user groups heavily involved in pushing the case. However, the next smart moves will be a lot tougher.

More vendor analysis:

And if that's not enough, Brian's got a Zoho review, I filed an Acumatica use case on SaaS best-of-breed, and Stuart crunched a landmark Zendesk earnings report.

Jon's grab bag - My annual productivity post is up and out; plus I took gratuitous shots at linkbaity Slack-has-ruined-work headlines (Personal productivity 2020 - Slack and Microsoft Teams didn't ruin work - but they didn't fix work either).

Neil explains the inexplicable in The problem of AI explainability - can we overcome it? Finally, I'm glad Jerry addressed the Clearview AI bottom-feeders in Clearview AI - super crime fighter or the death of privacy as we know it? There's a special place in my personal Hades for greedy entrepreneurs who steal faces, drape their motives in totally bogus 1st amendment claims, and plan to sell said data to authoritarian regimes. These bozos make robocallers look like human rights activists.

Lead story - analyzing the wreckage of the Iowa caucus tech fail

MyPOV: This could probably just be the whiffs section. The Iowa caucus app failure is very much like this: if you and I wrote down a step-by-step plan on how to screw up a mission-critical app launch, with everything from poor user engagement to technical failure to lack of contingencies to hacking vulnerabilities (which fortunately were not exploited), we've have this mess.

Hits/misses reader Clive reckons this is the best post-mortem: Shadow Inc. CEO Iowa Interview: 'We Feel Really Terrible' . First off, don't feel terrible, just go away. Shovel snow, or get involved in a local recycling initiative. Make a pinball app. Just stay away from the future of democracy from now on. Then there's this doozy: An 'Off-the-Shelf, Skeleton Project': Experts Analyze the App That Broke Iowa. Tell me if this sounds like something that would go smoothly:

To properly login and submit results, caucus chairs had to enter a precinct ID number, a PIN code, and a two-factor identification code, each of which were six-digits long.

Then there's the IDP, which was warned not to use the app by at least one party, and went headlong into their own abyss. Fortunately, there are a few lessons we can extract. Such as this one from Greg Miller, co-founder of the Open Source Election Technology Institute, which warned the IDP not to use the app weeks ago:

Our message is that apps like this should be developed in the sunlight and part of an open bug bounty.

An ironic message for an app developer named Shadow...

Honorable mention

I got a terrifying college flashback when I saw this one: Note targeting 'selfish' bongo player at Glastonbury Tor demands he stops playing. This prankster brought us back to the future though: Berlin artist uses 99 phones to trick Google into traffic jam alert.

In my line of work, we joke about PR hacks over-achievers pogo sticks pros "circling back", as if a second blast will somehow polish the turd of a crummy pitch as it slinkers by - well, this takes the noxious act of circling back to another level: Family Gets 55,000 Duplicate Letters from Loan Company. But hey, it's not all crash-and-burn here:

I can't let this slide another week:

I think we all realize by now that "free" services are all about data hucksters gorging themselves on the sweet nectar of our personal lives selling us out to the highest bidder. But when an anti-virus company gets it on the action, surely the Idiocracy has been achieved: "To make matters worse, Avast seems to maintain a lukewarm stance on the issue."

I'd like to invite the Avast team to step into my fiery cauldron. The only thing that's lukewarm is your grasping business model and your mediocre adware, err, I mean, anti-virus protection. Just one question: who protects us from you? As for Liz:

I'm with ya, Ms. Miller. Hopefully this is the next best thing....

If you find an #ensw piece that qualifies for hits and misses - in a good or bad way - let me know in the comments as Clive (almost) always does. Most Enterprise hits and misses articles are selected from my curated @jonerpnewsfeed. 'myPOV' is borrowed with reluctant permission from the ubiquitous Ray Wang.

Read the original here:
Enterprise hits and misses - quantum gets real, Koch buys Infor, and Shadow's failed app gets lit up - Diginomica