A recent survey conducted by DigiCert provides insights into the state of digital trust among global enterprises. Effective digital trust management ensures the security, privacy, and reliability of digital processes, systems, and interactions. Establishing and maintaining digital trust has become a significant differentiator for organizational success.
The survey targeted 300 senior IT, information security, and software development and operations (DevOps) managers working in organizations with more than 1,000 employees across North America, Europe, and Asia-Pacific. The survey findings were published in the 2024 State of Digital Trust report, highlighting a stark contrast between top-performing companies (leaders) and lower-performing ones (laggards).
Higher Revenue and Increased Employee Productivity
The survey indicated that digital trust leaders, representing the top 33 percent of the respondents, have higher revenue, digital innovation, and increased employee productivity.
These leaders excel in responding to outages and incidents, show readiness for post-quantum computing, and effectively utilize the Internet of Things (IoT). They demonstrate a mature approach to administering digital trust through centralized certificate management and the use of email authentication and encryption (S/MIME) technology.
Conversely, the bottom 33 percent—the laggards—struggle in these areas, facing challenges in leveraging digital innovation and maintaining robust digital infrastructure and security practices. Notably, while leaders experienced few system outages, data breaches, and compliance issues, half of the laggards reported problems with IoT standards compliance, and many suffered from software trust mishaps.
Only one in 100 companies surveyed claimed to have highly developed digital trust practices, indicating a common problem in maintaining enterprise digital trust. Furthermore, 98 percent of reported outages and brownouts were attributed to digital trust issues like expired certificates or domain name system (DNS) problems. None of the respondents were confident in their ability to react promptly to such incidents.
The Challenge of Quantum Computing
The looming growth of quantum computing adds another layer of complexity. Quantum capabilities are rapidly accelerating, driven by tech advancements like generative artificial intelligence.
The report uncovers a gap in preparedness for quantum-resistant technologies and the need for strategic action in the face of this evolving threat. According to the data, 61 percent of organizations find themselves underprepared for the post-quantum transition.
Leaders estimate a two-year timeframe to fully respond to the quantum shift, whereas laggards project three years or more. This discrepancy highlights the urgency of developing actionable plans, especially given the current five-year window before quantum computing becomes a more pressing concern. Therefore, immediate and strategic action is necessary in the face of uncertainty, said Brian Trzupek, Senior VP of Product at DigiCert.
“This quantum thing is a big deal. People are starting to get the visibility that this is a looming challenge. It’s greater than just a digital certificate replacement because it’s fundamentally the algorithm that has been attacked. All the libraries for the dependent client software, for the web servers, for the app servers, for the databases—all those things will need updates, including a certificate, to make that work,” said Trzupek.
Concerns Around SSH Protocols
Survey respondents are concerned on the reliance on the secure shell (SSH) protocol based on the Rivest-Shamir-Adleman (RSA) public-key encryption, which is used ubiquitously across cloud services for secure communication and authentication.
Additionally, hardware implementations of RSA, such as secure sockets layer (SSL) offloading and accelerators, present a significant challenge. Trzupek shared an example of one cloud provider that reported having 200,000 such devices, all potentially rendered obsolete by the shift to quantum-resistant algorithms.
Another surprising finding is that 87 percent of the respondents reported that their IoT devices transmitted personally identifiable information (PII) over unencrypted channels. This security loophole in IoT devices poses a threat to user privacy. Fortunately, businesses are now recognizing the significance of upgrading their digital infrastructure to protect users.
Issues in Software Trust
There are major developments happening in the realm of software trust, mainly in implementing software bills of materials (SBOMs) or detailed inventories of software components.
In the previous report, approximately three percent of organizations were aware of or working on SBOMs. In this report, the number has increased monumentally to 99 percent. While organizations recognize the importance of SBOMs, the actual deployment and meaningful use of SBOMs may not be as widespread as the numbers suggest.
Electronic signatures (e-signatures) have also emerged as a key area of interest, with a low percentage of respondents saying their e-signature practices are extremely mature. The business teams, such as legal, human resources, and procurement, usually handle them, not the IT department.
Only about one in eight organizations understand the difference between simple e-signatures and the more secure ones that use certificates. Nearly half (48 percent) use electronic seals on their documents, and most (86 percent) use digital signatures with certificates issued by trusted third parties.
“There are business processes for how you apply those signatures. We see a lot of customers still struggling to make use of cryptographically secure signatures on content like mortgage documents and healthcare documents. They’re definitely looking at making those processes very easy to use. From our survey here, you can see that that’s something they’re still trying to work on,” said Trzupek.
Bottom Line: How to Enhance Digital Trust
To enhance digital trust, DigiCert recommends that organizations thoroughly inventory their digital assets, define clear policies, centralize public key infrastructure (PKI) management, and prioritize their efforts based on business impact.
This can help mitigate security issues, build confidence among customers and partners, and improve operations. Effective digital trust management enables organizations to navigate regulatory challenges, ensuring compliance while protecting sensitive data and adapting to cyber threats.