Why Digital Trust is a Must (and how ‘Trust No One’ Makes it Happen)

Historically, trust was conveyed through in-person meetings; perhaps a handshake or someone delivering a handwritten note with a signature or seal. This provided a reliable message verified by someone trusted or a trusted identity. The advent of digitalization and the rapid movement in recent years to connect everything now means that trust often does not involve human interaction. The handshake or seal is virtual. This makes it more challenging for people to overcome perceptions of risk and uncertainty as we look for them to adopt the technology. Digital trust is now a strategic imperative, and zero-trust is one way to achieve digital trust. In this article, we’ll examine both digital trust and zero-trust, explain what they mean, and, most importantly, look at how the seemingly contradictory idea of trusting nothing actually underpins digital trust itself.

First, as anyone who’s spent time on the internet knows, traditional boundaries are out the window. As work and home lines have blurred and more business is done online, we all face increasing risks. Digital trust in an enterprise demands that the CISO worry not just about themselves as individuals but also every employee, customer, service and all the interconnected bits in between. That’s because the boundaryless, faceless and generally lightly regulated online space offers rich pickings for the miscreants. There’s money to be made, and it’s easy cash for attackers.

This is precisely where trust comes in. CISOs and the rest of the C-suite need confidence that data is safe and secure. When logging on to a bank, we trust it is the bank’s systems we’re accessing. We trust that the digital documents we sent arrived at the lawyer or the customer. That connected devices transmitting or receiving information are authentic and tied to the right identity. That every one of the multitudes of services running on the network is legitimate.

In short, digital trust is as essential to functioning in the digital world as good old-fashioned trust is in the real world. It is among the crucial pillars of an orderly digital society. It enables confidence in online systems and serves as the backbone of the connected world. And so it is that digital trust underpins the security of users, software, servers, devices, documents, digital content, identity and more.

From Digital Trust to Zero-Trust (and Right Back Again)

Creating and maintaining digital trust depends on providing safety, privacy, security and reliability. The building blocks include standards adherence, compliance with global regulations and best practices and the ability to manage trust life cycles across connected ecosystems. There are multiple aspects that combine technology and process, so when you access a service or connect with a person using the internet, both sides of the transaction are verifiable.

The very core of zero-trust requires verification of every access request with the notion of ‘never trust, always verify.’
In zero-trust, adaptive authentication methods are brought to bear rather than simply relying on the usual IP address, thus making things far harder for bad actors. It adds a further layer to access, which, if nothing else, makes you less of a target. These methods include public key infrastructure (PKI), multifactor authentication (MFA) and single sign-on (SSO).

Why PKI Makes Sense for Digital Trust and Zero-Trust

PKI is a great approach for zero-trust, enabling digital trust because it is mature and proven and its implementation doesn’t hamper access for authorized persons and services. PKI is what led to the rise of e-commerce, with the ability to implement trust in web entities. PKI is core infrastructure for nearly all digital technologies today, and provides authentication, integrity and identity for a zero-trust architecture. PKI delivers digital trust to people, systems and organizations by identifying every user or device on the network, encrypting communications and maintaining data and system integrity.

PKI is a tried-and-true method for proving identity needed in zero-trust–and, according to a 2021 report, 96% of IT security executives believe PKI is essential to building a zero-trust architecture.

By establishing and maintaining digital trust, companies can create a more secure and trusted experience for their internal or external users, along with their software, servers, devices, documents, digital content and identity.

Growing Trust in Zero-Trust

Zero-trust is on the rise for two good reasons. We’ve already traversed one of them: There’s no shortage of motivated bad actors. The second is that well-implemented zero-trust doesn’t significantly impact the most crucial aspect of being online: Convenience. The zero-trust principle of ‘trust, but verify’ builds upon digital trust to enhance security within your enterprise without impeding the pace of business.

And its introduction isn’t necessarily complex or overly costly. Often, it is more a case of adjusting approach and reconfiguring existing systems rather than investing in new and expensive equipment, software or services. In fact, in 2021, a U.S. executive order directed the federal government toward a zero-trust approach. You should consider it, too.

Avatar photo

Jason Sabin

Jason Sabin joined DigiCert in February 2012, and before being promoted to Chief Technology Officer in April 2020, he held roles including VP of Research and Development, Chief Security Officer and Chief Information Officer. As CIO, he led his team toward best-in-class technology across DigiCert’s platforms and systems, and also spearheaded the move to SaaS and cloud services over on-prem instances. Jason is a proud, self-proclaimed nerd, who discovered programming in fifth grade. He has more than 20 years of engineering and R&D experience working in the identity and security industry, with roles prior to DigiCert at NetIQ, Novell, and Volera. He’s an accomplished speaker at security, IoT and technology conferences. He has twice been named a Utah Genius for top inventor, with more than 50 patents issued.

jason-sabin has 1 posts and counting.See all posts by jason-sabin