Nothing ever goes completely according to plan. That being said, it’s both tempting and necessary at the beginning of the year to look ahead to where things are going. Here’s a short list of things to consider as we look at the road ahead for Linux, open source and the enterprise.
Security: The list of companies and organizations that suffered security breaches last year reads like a who’s who of the Internet. Not only were major social and retail destinations — Snapchat, Wendy’s, LinkedIn, Yahoo and more — targeted, the black hats also went after numerous government agencies and educational institutions. Even tech giants with skin in the security game — Verizon Enterprise Solutions, Oracle and others — were successfully breached. This is in addition to the U.S. presidential election-related hacks and other non-hacker security issues, such as a poorly designed Cisco employment website that leaked job seekers’ personal information.
Most troubling were breaches that weren’t discovered for years, such as the numerous break-ins at Yahoo, or hacks that were first discovered by outside researchers, such as the Oracle intrusion that was first discovered and made public by security researcher Brian Krebs in August.
Although there are already several specialized Linux distributions that are designed to be booted into “live” mode from removable drives to sniff out intrusions after the fact, and to find vulnerabilities on existing installations, expect these to improve, with added open source tools. Also don’t be surprised to see even more specialized security distributions developed.
Stronger security measures will also be built-into Linux and other open source projects as well. For example, the Linux distribution Debian, which is used as the base for Ubuntu, is considering making automatic updates the default for new installations — something that once would have been unthinkable in Linux circles.
Encryption: This year encryption will be such a key issue that it deserves a place on this list of its own, although it’s a subset of security.
The most worrisome problem revolves around law enforcement’s insistence that encryption technologies be required to include backdoors to allow law enforcement access to encrypted data. While the majority of people in IT recognize that any backdoor would, by definition, be a security vulnerability, lawmakers don’t seem to get it — a situation that’s not likely to get any better once Trump takes office. The good news is that in December the House Judiciary Committee’s Encryption Working Group came out against mandated back doors.
SSL encryption is certain to become a big issue very shortly, as the next major release of the Chrome browser, version 56.0, will issue warnings to users attempting to access websites that don’t offer secure “https” connections. In the past, this would have placed an unreasonable financial burden on non-ecommerce websites for small businesses and personal blogs, which is now somewhat mitigated by the availability of free and open source SSL certificates from Let’s Encrypt.
Although this does away with the expense of purchasing certificates, Let’s Encrypt’s certs are only valid for 90 days. There is free autorenewal software available, but it requires SSH access to install, which is usually not available on shared hosting plans. As SSL encryption becomes more of a necessity for all sites, expect to see hosting companies move to make the free installation of Let’s Encrypt certifications a part of their service.
The Cloud: It doesn’t take any clairvoyant abilities to predict that, whether open source or proprietary, the cloud will continue to dominate the news in the year ahead. In the private cloud, where open source projects such as CloudStack, OpenStack and ownCloud continue to grow market share, expect to see the line between open source and proprietary blur. Many open source cloud projects are released under Apache or other “permissive” licenses, which allow vendors to relicense them as proprietary. This might create a “buyer beware” situation, as some vendors replace open standards with their own closed formats, creating vendor lock-in.