The countdown is on to Keyfactor Tech Days     | Secure your spot today!

Digital Trust Digest: This Week’s Must-Know News

Industry Trends

The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.

graphic illustration of digital clouds with streams of binary code raining
Icon Icon

Cloud adoption leads to increased software supply chain threats

The pandemic drove drastic digital transformation, integrating more business operations with the IT ecosystem. Now anything and everyone that touches the code in the software development lifecycle poses a potential point of failure. 

Events like SolarWinds show just how vulnerable the software supply chain can be. Organizations in Asia-Pacific (APAC) are taking steps to mitigate the compromise of that supply chain, through both legislation and secure-by-design software development methodologies.

To see what lessons your organization can borrow to safeguard your software supply chain, head over to ComputerWeekly

Icon Icon

Quantum creeps closer. Will you be ready?

Quantum computers may bring about the next great era of transformation, but the ease with which quantum computers can break common modes of cryptography poses a huge — and global — security concern. 

Tackling the challenges of quantum will take a joint effort by government, public, and private sectors. As governments put forth legislation seeking to bring standardization and modernization to our critical systems, businesses would do well to map out their own plans for the quantum transition. 

The World Economic Forum offers three approaches to that transition that organizations can start exploring right now. Check out the full piece to decide which one fits your organization.

close up photo of quantum computer
photo of woman working on a tablet
Icon Icon

Dutch government upgrades to new PKI standard

Standardization Forum in the Netherlands, a research and advising organization that serves the public sector on the use of open standards, announced that all communication devices (ICT) managed by the Dutch government must use the RPKI standard by 2024.

Networks that implement RPKI can be confident that internet traffic is routed only through authorized paths, thus eliminating the risks of man-in-the-middle or other data diversion and interception attacks.

While the adoption of RPKI is high in the Netherlands, adoption is going slower in other places. Bleeping Computer shows you how it’s playing out

 

 

Icon Icon

Why IAM systems are crucial for securing multi-cloud architecture

Cloud ecosystems are growing more and more complex, and each new connection expands the attack surface. Protecting data and managing risk in the cloud requires coordination across several platforms, no two of which are alike.

Identity can help mitigate risk by refocusing security around risk versus sensitivity, instead of network versus cloud. IAM strategies can enable the centralization and monitoring of multi-cloud systems, as well as improved tailoring of access permissions.

The automatic logging capabilities of IAM systems will become table stakes in the future, as more legislation emerges that requires the auditibility of systems. ComputerWeekly can show you how to incorporate IAM into your own security strategy.

graphic illustration of green circuitry with a digital fingerprint in the center
alternating white and black binary code that creates an image of a bug
Icon Icon

New reports find the vast majority of open-source components ‘inherently risky’

Today, software supply chain security management company Lineaje, released a new report titled “What’s in Your Open-Source Software?” that found 82% of open-source software components are “inherently risky” due to a mix of vulnerabilities, security issues, code quality, or maintainability concerns.

The report found that 70% of software in the enterprise is open source, just a week after CISA called for software vendors to implement practices that allow them to ship code that is secure “out of the box.” That includes being more proactive about managing open-source risk. 

Open source isn’t going anywhere. Can it be secured? Head to VentureBeat for the answer.