DigiCert Purchases QuoVadis, Becomes a Qualified TSP
Utah-based DigiCert acquired Swiss company QuoVadis in January, with the intention of delivering Qualified digital certificates and e-signature platforms certified for ETSI standards.
QuoVadis is a qualified trust service provider (TSP) in the EU, a leading country in protecting the privacy of its citizens, starting decades ago with the 1995 Data Protection Directive. The framework presented by that directive has evolved into compliance regulations such as GDPR (General Data Protection Regulation) and other privacy rules and laws.
However, more changes are on the data protection horizon. Case in point: the forthcoming EU Payment Services Directive 2015/2366, which, when it goes into effect in June of 2019, will require banking and financial services companies doing business in the EU to use Qualified website certificates for stronger identity assurance.
Much like GDPR, the new directive will have an impact on businesses located outside of the EU, if they conduct business within the EU or with EU citizens. From a technical standpoint, much of the groundwork has been established via the EU’s Digital Single Market Policy, which establishes trust services and electronic identification, often referred to as eIDAS. The directive’s goal is to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
Simply put, that brings change to how secure transactions are processed, culminating in some new public key infrastructure (PKI) requirements, along with related changes to the procedures around creating, managing, distributing, storing and revoking digital certificates. So what exactly does all this mean to cybersecurity professionals?
It comes down to understanding how an organization does business in the EU and whether new certificates and PKI methodologies will need to be established. For businesses located outside the EU, accessing that new PKI technology could prove to be a challenge.
Currently, there are a few certificate authorities that can provide Qualified certificates, and one of the most notable is QuoVadis, an organization that offers qualified certificates for website authentication (QWAC), qualified personal certificates, qualified electronic time stamps and qualified electronic signatures and seals, including software and cloud signing options.
DigiCert’s purchase of QuoVadis gives it a path to solve what may have been a complicated situation come June. With the acquisition, QuoVadis Qualified digital certificates will be backed by DigiCert and the company will incorporate Qualified TLS certificates management, along with QuoVadis PrimoSign and other signing platforms into its bandoleer of services. That allows Digicert to offer data integrity management for electronic records, as well as other digital signature technologies as required by the EU, and potentially other governments and organizations.
In related news, Digicert announced CertCentral Enterprise, a certificate management platform for cloud and hosted environments, establishing a path toward creating a single pane of glass view for managing PKI.
