The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
Cloud adoption leads to increased software supply chain threats
The pandemic drove drastic digital transformation, integrating more business operations with the IT ecosystem. Now anything and everyone that touches the code in the software development lifecycle poses a potential point of failure.
Events like SolarWinds show just how vulnerable the software supply chain can be. Organizations in Asia-Pacific (APAC) are taking steps to mitigate the compromise of that supply chain, through both legislation and secure-by-design software development methodologies.
To see what lessons your organization can borrow to safeguard your software supply chain, head over to ComputerWeekly.
Quantum creeps closer. Will you be ready?
Quantum computers may bring about the next great era of transformation, but the ease with which quantum computers can break common modes of cryptography poses a huge — and global — security concern.
Tackling the challenges of quantum will take a joint effort by government, public, and private sectors. As governments put forth legislation seeking to bring standardization and modernization to our critical systems, businesses would do well to map out their own plans for the quantum transition.
The World Economic Forum offers three approaches to that transition that organizations can start exploring right now. Check out the full piece to decide which one fits your organization.
Dutch government upgrades to new PKI standard
Standardization Forum in the Netherlands, a research and advising organization that serves the public sector on the use of open standards, announced that all communication devices (ICT) managed by the Dutch government must use the RPKI standard by 2024.
Networks that implement RPKI can be confident that internet traffic is routed only through authorized paths, thus eliminating the risks of man-in-the-middle or other data diversion and interception attacks.
While the adoption of RPKI is high in the Netherlands, adoption is going slower in other places. Bleeping Computer shows you how it’s playing out.
Why IAM systems are crucial for securing multi-cloud architecture
Cloud ecosystems are growing more and more complex, and each new connection expands the attack surface. Protecting data and managing risk in the cloud requires coordination across several platforms, no two of which are alike.
Identity can help mitigate risk by refocusing security around risk versus sensitivity, instead of network versus cloud. IAM strategies can enable the centralization and monitoring of multi-cloud systems, as well as improved tailoring of access permissions.
The automatic logging capabilities of IAM systems will become table stakes in the future, as more legislation emerges that requires the auditibility of systems. ComputerWeekly can show you how to incorporate IAM into your own security strategy.
New reports find the vast majority of open-source components ‘inherently risky’
Today, software supply chain security management company Lineaje, released a new report titled “What’s in Your Open-Source Software?” that found 82% of open-source software components are “inherently risky” due to a mix of vulnerabilities, security issues, code quality, or maintainability concerns.
The report found that 70% of software in the enterprise is open source, just a week after CISA called for software vendors to implement practices that allow them to ship code that is secure “out of the box.” That includes being more proactive about managing open-source risk.
Open source isn’t going anywhere. Can it be secured? Head to VentureBeat for the answer.