DigiCert Simplifies Implementing Digital Trust

This syndicated post originally appeared at Zeus Kerravala, Author at eWEEK.

An increasingly connected world requires companies to rethink their approach to digital trust.

The world is more interconnected than ever, which is blurring the lines between work and personal connectivity. For organizations, taking a strategic approach toward digital trust is necessary, including building standards, overseeing compliance/operations, and addressing growing security risks due to the massive number of connected devices.

DigiCert is one vendor that’s helping companies implement digital trust across various use cases in a scalable way. It’s more than just digital certificates. It’s about fundamental building blocks for establishing and managing trust, and extending it into connected ecosystems. DigiCert provides the foundation of digital trust.

DigiCert One Focuses on Managing Trust

The company’s DigiCert One modular solution helps companies manage trust and can be deployed individually or as part of a suite, either on-prem, in the cloud, or in a hybrid environment.

Using a modern containerized architecture, the solution provides specialized certificate management workflows and integrates with enterprise systems. DigiCert One allows companies to issue millions of certificates with digital identities attached to them across Internet of Things (IoT) devices, enterprise user and device access, digital document signing, secure software supply chains and more.

DigiCert recently outlined its vision for cybersecurity and introduced enhanced capabilities that include extending digital trust to connected devices. Although the vendor already provides digital trust in the enterprise, it’s now enabling interconnections in bigger environments.

DigiCert is building out its IoT network and recently acquired IoT cybersecurity provider Mocana. The acquisition has given DigiCert deeper integration with IoT devices, including documents, Jason Sabin, DigiCert’s CTO, told ZK Research in an interview.

Identity and Trust is Required to Secure IoT

Injecting identities and digital trust into IoT is imperative when it comes to managing both brownfield and greenfield devices. Greenfield devices like smart TVs already come with internet connectivity. Brownfield refers to devices that are later connected to the internet, such as buildings and medical equipment. Since these devices don’t have digital trust built in from the start, they require additional capabilities. DigiCert has addressed this need by being able to add identities and trust at any point in time for any brownfield device.

“Over the past decade, the need for digital trust has exploded. It’s now part of every single aspect of our personal and professional lives. We’re seeing a huge amount of interest in all aspects of digital business, and IoT device management is getting a lot of attention. Often in a customer’s network there are more IoT and operational technology (OT) devices than traditional laptops and desktops,” said Sabin.

Acceleration of Digital Transformation Increases Need for Digital Trust

As a result, IT administrators are seeing an increase in complexity and risk, including shrinking certificate validity periods and increasing data validation. In a 2020 survey conducted by Deloitte, 77% of CEOs said the COVID-19 pandemic accelerated their plans for digital transformation. On top of that, the pandemic has fast-tracked adoption of zero-trust networks for secure remote access, as working from home became the norm.

Now companies are seeing a rise in robust security requirements with the explosion of connected devices and cloud deployments, which has created a greater need for digital trust, said Sabin. As the attack surface broadens, trust is extending across connected devices, supply chains, and other ecosystems. In this digital environment, trust is a central requirement for online operations. That’s why every company should include digital trust in its IT strategy.

Digital trust is the backbone for security. It lets users know that a website is secure, a digital document signature is valid, and an e-mail is genuine. In addition to authenticating identity, companies can rest assured that their data is encrypted and secured in transit. A primary way this is delivered is through digital certificates and public key infrastructure (PKI). DigiCert will soon integrate with more certificate authorities, expanding its capabilities even further.

Digital Trust is More than PKI

PKI, however, only provides the foundation. Digital trust goes beyond handling digital certificates. According to DigiCert, there are four key building blocks of digital trust that companies must understand when including it in their IT strategy.

First, standards are what define trust for any technology and something certification authorities must adhere to in order to be trusted. Second, compliance and operations are a set of activities that establish trust. Third, public and private trust management is software that companies can use to oversee certificate lifecycles, usually through automation. Last but not least, there needs to be connected trust in more complex ecosystems, such as across software supply chains.

“All of these components that go into digital trust is what DigiCert provides. We’re going to continue to build on that, innovate, and bring new solutions to market,” said Sabin.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.