Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software
Documents & Signing
IoT & Connected Devices
Manage PKI and Certificate risk in one place
Streamlined Certificate
Management and Automation:
Delivering At-Scale Uptime and Availability
Secure, update, monitor and control connected devices at scale
DOWNLOAD NOW - Buy
-
Insights
Back
Digital Trust for the Real World
Explore these pages to discover how DigiCert is helping organizations establish, manage and extend digital trust to solve real-world problems.
Ponemon Institute Report
See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
LEARN MORE >
-
Partners
Back
- Support
- Contact us
- Language
Digital trust is what enables us to build, participate in and grow the connected world that we now live in. It allows us all to have confidence that the things we are doing online — whether interactions, transactions or business processes — are secure.
In Digital Trust as an IT Imperative, we talked about the four building blocks of digital trust:
- Industry and technology standards that define what constitutes trust
- Compliance and operations that govern delivery of trust, with a foundation in PKI
- Software that provides management of public/and or private trust within an organization, with centralized visibility and control over digital certificate lifecycles
- Extension of trust through ecosystems, such as across device lifecycles, software supply chains, consortiums and more
But what constitutes digital trust success? And how do you measure it?
Within IT departments, there can be multiple stewards of digital trust, among them: PKI administrators, identity and access managers, and information/product security architects. Each of these IT departments has metrics that measures success — or a path to success — of digital trust initiatives. And some of these metrics make it to the boardroom, underscoring the importance of digital trust to business objectives.
These metrics may fall in four core areas:
1. Outages
What is being measured: Outages caused by unintended certificate expiration are highly visible, particularly if they occur in mission-critical systems. Outages can have multiple causes. They can occur due to oversight, particularly if certificates are tracked manually. They can be caused by human error, due to incorrectly configured certificates. Or they can be caused by rogue activity, that is, ungoverned certificates purchased outside of the purview of IT management.
Metrics can include:
- the number of outages due to unintended certificate expiry (for many, this target number is zero),
- the financial impact of the outage, and/or
- time to resolution if such an outage occurs.
Who is measuring it: Outages affect multiple groups, but are meaningful to IT operations, site reliability engineering, and application engineering.
How to address: Methods to reduce the number of or potential for outages can include centralizing certificate management and automating certificate renewal.
2. Adoption/usability/security
What is being measured: Adoption is also a key metric. Are users installing certificates where they are needed? Are they calling tech support for configuration help? Are certificate issues keeping employees from being productive on onboarding or creating security gaps between employee departure and system access revocation?
Metrics can include:
- Adoption rate
- Tech support load
- Time to provision/revoke
Who is measuring it: These kinds of considerations are important to identity and access managers responsible for system access and provisioning of services such as VPN, wireless or email security. They may also be important metrics for centralized IT operations serving the needs of IT departments in other business units or subsidiaries.
How to address: IT professionals view automation as a key strategy for addressing adoption, usability and security concerns. Automation can make credential provisioning and management invisible to the end-user and seamless with onboarding and offboarding, improving adoption rates, reducing tech support load and eliminating provisioning gaps.
| Adoption | Usability | Time to provision/revoke | |
| Before automation | Low | High tech support load, errors | Delays |
| After automation | 100% | Invisible to the user | Immediate |
3. Agility/vulnerability
What is being measured: IT professionals tasked with vulnerability management may be concerned about crypto-agility — the ability to respond to threats or to prepare for changes in compliance or cryptographic standards. These professionals require a comprehensive view of cryptographic assets and their associated vulnerabilities or cryptographic profiles.
Metrics can include:
- A cryptographic asset inventory
- Algorithm profiles
- Keys and certificate profiles and status
Who is measuring it: Security operations, IT operations and information security professionals who need to respond quickly to threats can benefit from a centralized cryptographic asset inventory delivering visibility and control over their environment.
How to address: Discovery tools that inspect and inventory the cryptographic assets in a company’s environment can provide a centralized repository. Vulnerability assessment tools provide security ratings and identify out-of-date algorithms to prioritize remediation. Automation tools can help speed desired remediation or streamline response to compliance changes.
4. Risk/compliance
What is being measured: IT professionals concerned with risk may be concerned about compliance, privileged access, attack surfaces, threat intelligence and trust indicators.
Metrics can be defined as key risk indicators that track risk posture and tolerances in one or more of these areas.
Who is measuring it: IT departments focused on systems, application or network engineering; security operations; IT operations.
How to address: Tools governing authentication, privileged access, network inventories and monitoring can support the objectives of these teams. Strategies to prevent rogue certificate purchases can also play a role. Certification Authority Authorization (CAA) domain locking can prevent purchase of rogue certificates, which can play a role in man-in-the-middle attacks.
CT log monitoring can be an effective means of monitoring for the presence of rogue certificates in corporate networks.
Digital trust and the boardroom
Some IT professionals note that they are most successful when digital trust metrics are kept out of the board room — meaning there are no outages caused by unintended certificate expiration, credential provisioning is automated, Key Risk Indicators are within stated tolerances, and cryptographic vulnerabilities are addressed in a timely way. However, to achieve this objective, strategies that reduce outages, improve adoption, streamline operations, maintain compliance and reduce risk are paramount. Executive leaders may wish to review metrics that show progress towards these goals.
Bringing in a partner who is an expert in digital trust, such as DigiCert, can be a highly effective way to manage digital trust objectives. In addition to its robust digital trust portfolio and active engagement in standards bodies, DigiCert’s support provides companies with someone to lean on for emergency resolution, minimizing downtime and keeping metrics on track for success.
Ask DigiCert
Want to learn more about DigiCert’s platform for digital trust? Email us at pki_info@digicert.com for more information or to set up a sales consultation.
Get the IDC whitepaper Digital Trust: The Foundation for Digital Freedom | DigiCert to read more about digital trust—what it is, how it works, and why it must be a strategic initiative for any organization, including yours.
Featured Stories
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2024 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings