Maxim_Kazmin - Fotolia
Touting a full stack approach to security, Canonical Ltd. made its latest Ubuntu distribution -- Ubuntu 20.04 LTS -- generally available April 23.
Company officials said work on the latest version of the Linux-based operating system focused on security as a unifying theme. Toward that goal, the firm introduced several new features, including an integrated VPN product and an extended period of security updates.
"Many businesses now count on Ubuntu as their primary production platform," Canonical CEO Mark Shuttleworth said, adding that they rely on the OS for its security features. NetMarketShare reported that 1.8% of PCs are running Linux OS.
Eric Hanselman, chief analyst at 451 Research, said Ubuntu's approach, from an enterprise security perspective, was laudable.
"Any time there's this dense of a set of security-focused enhancements that get bundled into an OS, that's something that makes me really happy," he said. "It's the security aspects that really sort of dominate the 20.04 release."
A focus on security
Shuttleworth said many organizations approach security in a piecemeal fashion, considering such things as OS security, hardware security and application security separately, but a holistic approach is needed for true protection.
"For an enterprise to be secure, it requires more than cooking with secure ingredients," he said. "It's a layered cake."
A mistake or conflict at any layer of that cake, Shuttleworth said, is a vulnerability that can be exploited. As such, he said, Canonical took a full-stack approach to security, starting at the hardware level -- allowing, for example, full-disk encryption. Ubuntu 20.04 LTS also supports AMD's Secure Encrypted Virtualization and IBM Secure Execution -- technologies that encrypt cloud data.
At the operating system level, Shuttleworth said, Ubuntu 20.04 LTS's kernel self-protection measures guard against such things as "stack clash" attacks, which exploit conflicts in a system's memory. While attackers will eventually find vulnerabilities in any code, he said, the intent is to minimize the "blast radius" of such issues.
The VPN product WireGuard has been built into Ubuntu at the kernel level, Shuttleworth said. With this, Ubuntu has an out-of-the-box VPN option that includes the most modern cryptographic protocols.
Canonical is also providing the option of extended security updates for Ubuntu. Shuttleworth said, while the company has always offered five years' worth of security maintenance updates, those using Ubuntu Pro would receive 10 years of coverage.
Effect on the enterprise
Hanselman said, while features and new functionality are exciting, he found the extended support for Ubuntu 20.04 LTS to be one of the most meaningful takeaways for the enterprise.
"One of the challenges that we face perennially in security is managing aging infrastructure," he said. "The ability to support a specific code base for much longer periods of time, with security support to manage this, is one of the biggest operational security impacts that arrive with 20.04."
Canonical's unified approach to security, Hanselman said, may also be appealing to IT professionals.
"The fact that you now have a distro that has the ability to ensure there are no gaps in coverage ... [that] is a good piece of the overall story," he said.
Holger Mueller, vice president and principal analyst at Constellation Research, said Ubuntu has retained its ambition to be an alternative to Windows.
"Ambitions of operating systems manifest themselves in the advances that are required by their customers," he said, noting support for Microsoft's exFAT file system and the presence of a built-in VPN product.
Mueller said time would tell if the changes would be enough to spur widespread updates or adoption of the operating system.