Enterprises’ progress in digital trust implementation is far from great – Help Net Security
A growing divide separates leaders with a firm grasp on digital trust from those at the bottom of the pool, according to DigiCert.
While digital trust overwhelmingly remains a critical focus for all enterprises, the latest report from DigiCert shines a light on the growing divide between the ‘leaders’ (those who are getting it right), and the ‘laggards’ (those who are struggling).
The difference between leaders and laggards
The difference between leaders and laggards revealed some clues and potential best practices when it comes to digital trust. The top 33% digital ‘trust leaders’ enjoyed higher revenue, better digital innovation and higher employee productivity.
They could respond more effectively to outages and incidents, were generally better prepared for Post Quantum Cryptography and were more readily taking advantage of the benefits of the IoT.
Meanwhile, the bottom 33% ‘laggards’ performed comparatively poorly in all those categories and found it harder to reap the benefits of digital innovation. In addition, the leaders were more likely to centrally manage their certificates, more likely to employ email authentication and encryption (S/MIME) technology, and generally employed more mature practices in digital trust management.
Leaders exhibit far fewer issues on core enterprise systems (no system outages, few data breaches, and no compliance or legal issues) and experienced no IoT compliance issues, whereas 50% of the laggards did so.
Leaders also have significantly fewer issues due to software trust mishaps–for example, none of the leaders experienced compliance issues or software supply chain compromises, compared to 23% and 77% of the laggards, respectively.
The growing complexity of networks and applications
Digital trust is still a relatively new discipline, and not all staff are up to speed on how to implement it in a centralized manner. Additionally, many private PKIs were established a decade ago and are perceived as brittle and prone to outages, further preventing teams from gaining much-needed expertise.
The enterprise technology fabric has become increasingly complex. On the network side, enterprises have moved beyond the traditional data center, remote offices, and cloud footing. Today’s networks now include edge networks, thousands of remote workers, and multiple clouds.
As digital transformation efforts progress, more and more digital assets have become mission critical. As this happens, the scope of what enterprises need to protect grows exponentially.
As the economy has become more challenging due to the pandemic and inflation, management has been forced to make difficult decisions. For example, layoffs claimed more than 240,000 workers from the technology sector in 2023 alone. It is not surprising to see management’s commitment to digital trust waver in such a challenging environment.
Efforts in digital trust yield notable benefits for companies
The rapid expansion of cryptographic assets is difficult to manage and time consuming. Whether in public or private trust, digital certificates remain fundamental to establishing trust efforts. But digital certs are challenging to manage at the vast scale enterprises are now dealing with.
Furthermore, applications have moved from monolithic applications to highly distributed microservice architectures, where many services are not under the direct control of the enterprise. It is brutally difficult to achieve digital trust in such a complex environment.
How are enterprises doing at implementing digital trust? The full answer to this question is deep, complex, and nuanced. But the short answer is that enterprises are doing “good, but not great.”
“As the threat landscape continues to expand, so does the gap between organizations who are leading the way in digital trust and those who are falling behind,” said Jason Sabin, CTO at DigiCert. “Those who fall within the ‘leaders’ group and those who are a ‘laggard’ are well aware of who they are. The danger, however, is those organizations who fall in the middle and are not taking action due to a false sense of security.”
“For organizations to be champions of digital trust, they must understand and actively implement the structure, processes, and activities that make it possible,” said Jennifer Glenn, Research Director, Security and Trust Group, IDC.
“This includes keeping up with changes to industry standards, maintaining compliance with regulatory requirements in each geography, managing the life cycle of digital trust technologies, and extending trust into digital ecosystems. Companies that focus their efforts on digital trust — and make it a strategic imperative for the business — the benefits are notable, including reliable uptime, reduced risk of data compromise, and improved user trust,” concluded Glenn.