Who’s responsible for digital trust?

By Brian Trzupek, Senior Vice President, Product, DigiCert.

  • 5 months ago Posted in

Digital trust is the measure of confidence that we have in the digital products and services that we rely on every day. It’s built of the industry and technological standards, systems of operations and compliance, software that manages the delivery of that trust within an organisation and the efforts to extend trust across lifecycles, through software supply chains and everywhere else. 

As such, it is now an irrevocable business priority. As an idea which helps protect the baseline connections and technologies which we use every day - it is absolutely fundamental to police the complex web of transactions that define modern business. Businesses have begun to understand its importance, but, according to a new survey from DigiCert - these efforts are not without their own problems and inconsistencies.

In fact, digital trust efforts seem to be spread inconsistently across many organisations, resulting in silos which ultimately mitigate their broader value. 

Surveying companies around the world - DigiCert’s 2023 Digital Trust Survey found exactly this. Most organisations - 87% - believe that their digital trust efforts are too siloed. The typical enterprise has 5 or fewer departments that issue certificates and most believe that more departments should issue them. Drilling down further, over half of our respondents - 52% - told us that the IT department manages their certificates, while certificates are managed outside of IT in 37% of certificates and in 11% of organisations no one manages certificates at all. It’s an uneven, siloed arrangement which leaves digital trust efforts fractured and in turn, can lead to all manner of problems and risks. In fact, digital trust is only as good as its scope - and the minute data passes from a department which employs digital trust to a department that doesn’t, it loses that crucial quality. Ultimately, only 1% believe that their digital trust practices are “extremely mature.”

They’re not wrong - digital trust efforts need to address the whole enterprise. Not doing so risks mismanagement, certificate outages and data breaches. The consequences of that mismanagement in this case are clear - 98% of respondents reported outages and brownouts, 92% reported data breaches and 74% compliance issues all stemming from digital trust issues.

Digital trust is for the whole organisation

The reality is that digital trust is the responsibility of the whole organisation. Perhaps the defining thing one can say about modern business is that it is digitally driven and connected. Technologies and IT assets touch most - if not all - parts of the business. Digital trust is all about securing those basic technical connections which allow us to do our jobs and live our lives. As such, it needs to be everywhere those connections lead.

There are three foundational elements to digital trust. The first is identity, required for individuals, workloads, services, devices, or technology. The second is integrity - the assurance that an object remains whole and has not been tampered with. The final is encryption, which secures data in transit. These three steps are increasingly a fundamental layer of security, protecting the dense webs of transactions that define modern business.

Digital trust is heavily associated with Public Key Infrastructures (PKI) and certificates - and rightly so - but must be viewed as a more holistic concept for a business. Principally, digital trust needs to be made a strategic imperative from the top down. This means that organisational leaders and executives need to take responsibility and put digital trust at the centre of their management concerns. Similarly, it also means adopting digital trust as a designing principle for an entire business, which involves the wide deployment of PKIs (Public Key Infrastructures) and certificates but has also found expression in things like Zero Trust architectures. From there, those digital trust efforts must maintain compliance with policies and be updated to adapt to changing threats, architectural shifts, and regulatory concerns. Looking ahead, businesses will need to find ways to enable connected trust, expanding trust into complex supply chains and ecosystems such as across software supply chains or to establish digital rights provenance in a content community.

Digital Trust Officers

To make digital trust a driving concept in business strategy, some organisations are introducing Digital Trust Officers (DTO). These positions intend to oversee all digital trust efforts across the organisation, changing digital trust from a narrow tactic to an overall business strategy. Within that position, these trust officers will create, and oversee the policies and processes that centrally govern the digital trust and risk issues that are so crucial in modern business. But digital trust efforts can become complex, at least as complex as the dense networks of connections, devices, and data that they protect, and what a DTO does is offer a single centralised point of accountability and oversight for that whole complex operation. 

Digital trust as a baseline for digital expansion

There are myriad reasons that digital trust is becoming a key driving force behind technical change in the enterprise. A mature digital trust infrastructure is not merely a reactive, defensive asset to have but one that sets the path for innovation. DigiCert’s 2023 State of Digital Trust survey found that high levels of digital trust maturity often led to better outcomes in terms of revenue, security, and innovation. 

In fact, 96% of those trust-mature organisations reported that digital trust helped them to digitally innovate, 93% said it helped with brand reputation, another 93% reported higher revenues, 74% reported high employee productivity and 56% reported higher profits.

The difference between those who used digital trust to their advantage against those who didn’t are clear: 100% reported more mature trust practices, 97% reported more centralised management of trust services and 57% were more likely to manage certificates in IT. 

In a 2022 Keynote, Forrester’s VP and Principal Analyst simply announced that “Technology trust equals brand trust.” DigiCert’s 2022 State of Digital Trust survey showed that two thirds of companies have switched vendors after they lost trust in their previous vendor. Similarly, research from Deloitte has shown the potential for trust-led growth. According to one Deloitte survey, 88% of consumers who trust a brand become repeat customers and as such, trustworthy companies beat out competitors by four-fold.

Digital trust isn’t merely a defence against the ever-present problems of privacy infringement, cybersecurity threats and technology failures - but a way to innovate and expand safely. But it cannot do that when constricted to silos and needs to have a wide scope, expanding holistically across organisations to fulfill those grand promises.

By Andy Mills, VP of EMEA, Cequence Security.
By Paul Birkett, VP Strategic Portfolio Management at Ricoh Europe.
By Liz Centoni, Chief Customer Experience Officer, Cisco.
By Lars Rensing, CEO of Protokol, DPP Solution Provider .
The IT world is moving faster than it has ever been. As a manufacturer, the only way to compete and...