In a world looking at exponentially more digital interactions, connectivity and quantum computing, how should we approach digital threats and trust?
Digital interactions have increased tremendously since the pandemic. From accelerated digital transformation to the hybrid workforce that’s here to stay, the world today is internet- and network-connected in a consequential way.
With this exponential growth in connectivity, we’ve also seen an unprecedented rise in cyberthreats.
Navigating today’s threat landscape
Everyone with access to the news already knows that ransomware is bigger than ever before. A few recent studies have pointed to ransomware as the number one type of attack in the Asia Pacific.
For instance, 65% of Singaporean organizations were hit with ransomware in 2021, up from 25% in 2020. Enterprises are realizing that being the next target is not a matter of if but when.
Quantum computing is another threat that we can’t ignore, with experts estimating it will be here within the next five to 10 years. In recent years, we have seen many leaps in the advance of quantum computing, including IBM announcing they will have a quantum processor available by the end of 2023.
Preparing for current and future security threats like ransomware and quantum computers is critical for organizations that are trusted with private or sensitive information and personal data. By being prepared, organizations can increase the trust of their site visitors, customers and others who are sharing private information with their website. In addition, businesses can protect their own assets and reputation from being compromised or damaged and the potential financial impact of those scenarios.
It is against this backdrop that digital trust is essential. It is what enables us to build, participate in and grow this connected world that we now live in. It is the thing that enables us all to have confidence that the things we are doing online — whether these are interactions, transactions, or business processes — are secure.
Digital trust must now be embedded in IT architectures that are themselves more complex and more exposed to cyber risk. Companies must now be thinking about digital trust as an executive-level IT imperative. Companies are the stewards of digital trust, not only for their own internal employees and operations but also for their customers, partners and extended communities.
Where digital trust begins
The foundation of digital trust rests on three key elements. The first one is authentication of identity, whether it be for an individual, a business, a machine, a workload, a container or a service. The second is integrity, the assurance that an object has not been tampered with. And finally, encryption, which is essentially securing data.
These three elements are what enable us to know that a website is secure, that an email is authentic, that a document signature is valid, that software has not been compromised, that a cloud software image is authentic, that an individual is who they say they are.
Public key infrastructure (PKI), most often administered via digital certificates, offers a way of achieving digital trust to help organizations establish trusted identity, integrity and encryption between people, systems and things.
PKI, however, provides only the foundation. So, let’s explore the building blocks of digital trust to understand what it means to undertake a trust initiative in a more complete sense.
Ingredients for digital trust success
Digital trust is derived from four key building blocks: standards, compliance and operations, trust management and connected trust.
Standards: Standards are what define trust for a given technology or industry. The CA/Browser Forum, for example, was organized in 2005 to bring together a group of certification authorities (CAs), internet browser vendors and suppliers of other applications. The forum is an important catalyst defining the standards that certification authorities must adhere to be trusted to deliver trust. It is just one of well over a dozen key groups creating standards for different use cases requiring digital trust. For example, the Matter protocol is offered by the world’s leading manufacturers of smart home devices.
Compliance & operations: Compliance and operations are the set of activities that establish trust. Compliance is the set of policies and audits that verify that operations are being conducted according to the standards set by a governing body. Operations, with data centers at their core, verify certificate status through OCSP or other protocols.
Trust management: Companies are increasingly relying on certificate lifecycle management and other types of software to manage trust. This software reduces business disruption from certificate outages, reduces rogue activity by driving adherence to corporate security policy, and reduces the administrative burden of managing certificate lifecycles and other enterprise identities through business process automation.
Connected trust: Companies also need ways to extend trust into more complex supply chains or ecosystems. Examples are ensuring continuity of trust throughout a device lifecycle, across a software supply chain or in the establishment of digital rights provenance in a content community.
These four building blocks, with PKI at their foundation, deliver the fabric of trust that we all depend on to operate in the digital world.
Digital trust as an IT imperative
The strategic importance of digital trust is an integral part of the security and risk function, protecting the company from cybersecurity threats. It is a necessary component of digital transformation, enabling companies to transfer critical processes online and create new forms of inter-organization connection. And it is essential to our connected future. Companies that are strategically investing in digital trust are positioning themselves now as stewards of a secure, connected world.