Interview

Digital Trust in the Age of Zero Trust

Sarabjeet Khurana, Country Manager, India & SAARC, DigiCert

Implementing a zero-trust policy is one way of achieving digital trust. A digital trust is what enables us to build, participate in and grow this connected world that we now live in.  

The Pandemic triggered an unprecedented digitalization drive.  So establishing digital trust became more than ever the need of the hour. In a special interaction with SME Channels, Sarabjeet Khurana, Country Manager, India & SAARC, DigiCert

[quote font=”tahoma” font_size=”13″ font_style=”italic” color=”#262626″ bgcolor=”#f9f9f9″]

If zero trust is the environment of never trust, always-verify, then digital trust is the result when every connection is authenticated and can be trusted.

Sarabjeet Khurana,
Country Manager,
India & SAARC, DigiCert

[/quote]

reveals the role played by DigiCert in enabling Digital Trust; where does DigiCert factor in to ensure secure connected operations; how is DigiCert ensuring compliance with Matter for businesses being serviced; and How can businesses in India benefit from a strong Digital Trust strategy in the Zero Trust environment and much more. Edited excerpts…

What role is DigiCert playing in enabling Digital Trust for its customers in India?

As the world’s leading provider of digital trust, DigiCert provides the building blocks for any company to succeed. Working with our authorized partners in India, we offer our customers a complete solution that includes local customer support and understanding.

The building blocks include the following: 

Standards: DigiCert participates in and frequently chairs industry groups and consortiums that develop standards for digital trust. These standards apply to website security, email security, smart home and other IoT device manufacturing and implementation, healthcare delivery systems, digital signing for government-sanctioned and other forms of contracts and legal documents and much more. Being at the center of this work, DigiCert  ensures the standards are developed to meet the highest level of digital trust. We then make it easy for our customers to meet the requirements.

Compliance & operations: Compliance and operations are the set of activities that establish trust. Compliance is the set of policies and audits that verify that operations are being conducted according to the standards set by a governing body. DigiCert ensures compliance with regulatory and other requirements so that its customers can be at peace.

Trust management: Companies are increasingly relying on certificate lifecycle management and other types of software to manage trust. This software reduces business disruption from certificate outages, reduces rogue activity by driving adherence to corporate security policy, and reduces the administrative burden of managing certificate lifecycles and other enterprise identities through business process automation. DigiCert provides a highly scalable and robust platform that addresses global, regional and local needs.

Connected trust: Companies also need ways to extend trust into more complex supply chains or ecosystems. Examples are ensuring continuity of trust throughout a device lifecycle, across a software supply chain or in the establishment of digital rights provenance in a content community. DigiCert for Connected Devices and its technology for secure software supply chains are just two of the ways that the company extends trust for its customers where they need to be.

The Matter Protocol ensures that all devices, apps and platforms work seamlessly together. Where does DigiCert factor in to ensure secure connected operations?

First of all, Matter-compliant devices will carry the Matter logo as an important signal of trust to consumers. DigiCert has been involved with this important industry effort for several years and has played a key role in developing the standard for how smart home manufacturers can achieve device attestation. This standard helps authenticate the device’s legitimate identity, protects data transmitted to and from the device, and ensures the integrity of data during firmware updates throughout the device lifecycle.

To gain device attestation, each device must contain a unique digital certificate. DigiCert achieves this for manufacturers by issuing digital certificates from its root Certificate Authority that is trusted by Matter. This requires several investments in technology and compliance with Matter. This in turn takes the burden off of companies, so they do not need to be PKI experts and invest heavily in the technology themselves. DigiCert can host this for them for full device lifecycle security through our DigiCert ONE platform.

How is DigiCert ensuring compliance with Matter for businesses being serviced?

DigiCert has been deeply involved with developing the device attestation aspects of Matter. We understand the requirements and have been preparing for years to be able to support smart home manufacturers adopting Matter. We can make it much easier for manufacturers to comply and can help them get their Matter devices to market much sooner than if they tried to do device attestation themselves. We can accommodate any scale.

Additionally, there will be rigorous requirements for a root Certificate Authority to be trusted by Matter. At DigiCert, we are prepared to meet those requirements and expect to be one of the first to be approved in the Matter trusted root store.

How can businesses in India benefit from a strong Digital Trust strategy in the Zero Trust environment?

Implementing a zero-trust policy is one way of achieving digital trust. After all, digital trust is what enables us to build, participate in and grow this connected world that we now live in. It is the thing that enables us all to have confidence that the things we are doing online — whether these are interactions, transactions or business processes — are secure.

If zero trust is the environment of never trust, always-verify, then digital trust is the result when every connection is authenticated and can be trusted.

An all-encompassing approach to digital trust requires that companies make it a strategic imperative to understand what needs to be protected and to use the pillars of authentication, encryption and integrity throughout their digital footprint. When implementing a zero-trust environment, companies need to authenticate each connection point (device or user), encrypt all data and ensure the integrity of data. Having a unified way of managing digital trust to provision trust, manage it throughout the lifecycle and respond to changes in industry standards, regulations or your environment, are all critical to success. DigiCert provides all of the technology and understanding to help companies comply, reduce outages and vulnerabilities, and rest easier.
[quote font=”tahoma” font_size=”13″ font_style=”italic” color=”#262626″ bgcolor=”#f9f9f9″ bcolor=”#e50000″]

What is Digital Trust?

Society is now digitally connected in a pervasive way, with online interactions foundational to individual and business communication, transactions, and processes. Digital transformation has continued to accelerate in recent years, with remote processes replacing face-to-face interactions; devices, systems, and facilities becoming Internet- or network-connected; and new deployment methods changing the landscape of IT architectures. In this environment, digital trust is an essential requirement of online operations. Digital trust is what enables individuals and businesses to engage online with confidence that their footprint in a digital world is secure.

In the early days of the Internet, digital trust centered on interactions and transactions between users and websites, secured with a public key infrastructure (PKI), a technology that delivers authentication, encryption, and integrity to a digital interaction. With digital transformation expanding the use cases for PKI, trust has now become the backbone for security in the connected world: for securing users, software, servers, devices, digital content, documents, digital rights, identity, and more.

The delivery of digital trust in our connected world hinges on four key elements:

  • Industry and technology standards that define what constitutes trust
  • Compliance and operations that govern delivery of trust
  • Software that provides management of public/and or private trust within an organization, with centralized visibility and control over digital certificate lifecycles
  • Extension of trust through ecosystems, such as across device lifecycles, software supply chains, consortiums, and more.

[/quote]

Related posts

Nipping Insider Threats in the Bud

adminsmec

TRANSFORMATION AT HAND!

adminsmec

Adaption of Cloud-based Technology Helping the Insurance Industry 

adminsmec
x