The world today is internet — and network — connected in a consequential way. Devices are ubiquitous.1 The lines between personal and work connectivity are blurring.2 People are increasingly online … constantly.3 And, the pace of digital transformation has accelerated, increasing the surface area of how businesses, people and things are connected.4
It is against this backdrop that digital trust is essential. It is what enables us to build, participate in and grow this connected world that we now live in. It is the thing that enables us all to have confidence that the things we are doing online — whether these are interactions, transactions or business processes — are secure.
With this exponential growth in connectivity, digital trust must now be embedded in IT architectures that are themselves more complex. Cloud services, hybrid workloads and IT/OT convergence have changed the shape of what is connected and what is not. DevOps and CI/CD pipelines have blurred the boundaries between traditional IT operations and development. Remote work, fueled by the pandemic, has increased the method and manner of corporate access and provisioning. And zero trust network architectures have materially expanded the types of things that need to be authenticated and secured.
This expansion in connected surface area can also be described as the dissolution of the traditional corporate boundary. With this shift, companies must now be thinking about digital trust as an executive-level IT imperative. Companies are the stewards of digital trust not only for their own internal employees and operations, but also for their customers, partners and extended communities.
The foundation of digital trust rests on three key elements:
These three elements are what enable us to know that a website is secure, that an email is authentic, that a document signature is valid, that software has not been compromised, that a cloud software image is valid, that an individual is who they say they are. These three elements are delivered through digital certificates that bind cryptographic public-private key pairs to identity. This public key infrastructure (PKI) helps organizations establish trusted identity, integrity and encryption between people, systems and things.
PKI, however, provides only the foundation. Let’s take a look at the building blocks of digital trust to understand what it means to undertake a trust initiative in a more complete sense.
Digital trust is derived from four key building blocks: standards, compliance and operations, trust management and connected trust.
Standards: Standards are what define trust for a given technology or industry. The CA/Browser Forum, for example, was organized in 2005 to bring together a group of certification authorities (CAs), internet browser vendors and suppliers of other applications that use X.509 v.3 digital certificates for TLS/SSL, code signing, and S/MIME.5 This forum defines the standards that certification authorities must adhere to in order to be trusted to deliver trust. Other technology and industry forums and consortiums (e.g., NIST, IETF, CableLabs, CI+, Matter) similarly drive other industry and certificate requirements.
Compliance & operations: Compliance and operations are the set of activities that establish trust. Compliance is the set of policies and audits that verify that operations are being conducted according to the standards set by a governing body. Operations, with datacenters at their core, verify certificate status through OCSP or other protocols.
Trust management: Companies are increasingly relying on certificate lifecycle management and other types of software to manage trust. This software reduces business disruption from certificate outages, reduces rogue activity by driving adherence to corporate security policy, and reduces the administrative burden of managing certificate lifecycles and other enterprise identities through business process automation.
Connected trust: Companies also need ways to extend trust into more complex supply chains or ecosystems. Examples are ensuring continuity of trust throughout a device lifecycle, across a software supply chain or in the establishment of digital rights provenance in a content community.
These four building blocks, with PKI at their foundation, deliver the fabric of trust that we all depend on to operate in the digital world.
The strategic importance of digital trust extends beyond the creation and handling of digital certificates. It is an integral part of the security and risk function, protecting the company from cybersecurity threats. It is a necessary component of digital transformation, enabling companies to transfer critical processes online and create new forms of inter-organization connection. And it is essential to our connected future. Companies that are strategically investing in digital trust are positioning themselves now as stewards of a secure, connected world.
DigiCert is the digital trust partner to leading companies around the world.
About DigiCert, Inc.
DigiCert is the world's leading provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its award-winning software with its industry leadership in standards, support and operations, and is the digital trust provider of choice for leading companies around the world. For more information, visit digicert.com or follow @digicert.
The digital world is turning into a sprawling mesh of connection points. Learn more about how to unify and simplify your expanding security environment in our new webinar. Register now.