By Mike Fleck, Head of Product Marketing at DigiCert

Digital trust is at the core of what makes internet connected experiences valuable. Whether we’re making an e-commerce purchase, signing a legal document, or pairing our phone to a glucose monitor, we need to be certain that the people and devices we’re interacting with are legitimate. We also need peace of mind in knowing that those interactions remain secure.

Business decision-makers understand that digital trust is fundamental to today’s business processes. As new security threats and emerging technologies like AI and deepfakes threaten to undermine trust, it’s even more important that organizations work proactively to maintain trust across all their communications and supply chains.

To gain a deeper perspective into how well enterprise organizations are succeeding, DigiCert conducted a new State of Digital Trust survey in 2024. Eleven Research of Dallas, Texas, surveyed 300 senior decision makers in small to large enterprises throughout EMEA, North America, and APJ. The report explored some of the key drivers of interest in digital trust, asked organizations to evaluate their progress, and took a close look at the success and challenges of specific trust initiatives.

Digital trust remains top of mind

The State of Digital Trust survey sought to determine why enterprises remain so focused on digital trust. The most important drivers included:

  • The emergence of more remote workers as part of today’s increasingly hybrid workforce
  • More networks, including additional devices at the network edge connecting to partners and customers
  • Escalating customer expectations for digital trust

Survey participants also cited drivers like the increasing pace of business; increasing threat surface, escalating network and application complexity; and growing threats from bad actors and exploits.

Despite their understanding of the need for digital trust, organizations still contend with real challenges in achieving it. Many face a lack of staff expertise, since not all staff have the expertise needed to govern digital trust in a centralized, scalable way given the many stakeholders involved.

The scope of what enterprises need to protect is also daunting, as the number of connected users and digital assets grows. Organizations also cited a lack of management support, as the economic environment has become more challenging, and resources are more limited.

How well are organizations doing?

Although the new survey showed that most enterprises are fully engaged with the digital trust issue, their success varied, depending on certain areas of focus. To better understand the differences between digital trust “leaders” compared to “laggards,” the survey also tiered the results, and compared organizations based on their responses.

Enterprise trust practices

Enterprise digital trust is usually managed by IT, and includes initiatives like certificate management, identity and access management, and endpoint or email security. Most enterprises have had these initiatives in place for years, so it was surprising that only 1 in 100 enterprises describe their enterprise digital trust practices as “very mature.”

More than 90 percent reported outages, brownouts, and data breaches, while most reported limited agility to respond to outages and security incidents. However, organizations identified as digital trust leaders performed much better. These organizations exhibited fewer issues related to enterprise trust, with no outages, few data breaches, and no compliance or legal issues.

IoT and connected device trust practices

This category focused on companies that that sell or manufacture IoT devices such as factory sensors, home thermostats, and smart watches. Like enterprise organizations, most of these manufacturers were doing well, but not great.

Surprisingly, 87% reported that they exchange personal information from IoT and connected devices via non-encrypted channels. But once again, digital trust leaders performed better than laggards, reporting no compliance issues related to connected and IoT device trust.

Software trust

The survey also examined how well organizations were ensuring digital trust for the software that they sell or distribute to end customers. Nearly all (99%) reported that they were code signing software source code. However, only one third code-signed environments such as containers.

Although these practices are a great start, just one in 20 rated their enterprise trust practices as extremely mature. None reported that they would be able discover all applications for a specific code-signing private key, in the event it was compromised. Among digital trust leaders, fewer digital trust issues were reported. None of the top organizations reported experiencing compliance issues or software supply chain compromises.

ESignature trust

ESignature trust practices received the lowest rating out of the areas surveyed. Approximately half of participants used electronic seals for sales, procurement, payroll, and legal documents. This category also showed a high incidence of problems related to digital document trust issues, with 100% reporting issues with identity theft or impersonation, problems with paper-based contract processes, and bad actors misrepresenting a document as coming from their organization.

However, especially among digital trust leaders, eSignature trust practices have helped organizations with digital innovation, employee productivity, and brand reputation.

Taking a proactive approach to trust

As the importance of digital trust grows, the gap between organizations that are successful at managing, and those that are falling behind, is growing as well. Most digital trust leaders and laggards are already aware of where they stand. However, the risk comes into play when organizations may be unaware of their limitations.

What steps can you take to gain better self-awareness when it comes to digital trust, and put an effective strategy in place?

Take inventory

The first step in managing digital trust is gaining visibility and insight into the parts of your business that most depend on it. Take a close look at the processes that rely on digital trust, and understand how your organization protects, uses, and manages digital identities, cryptographic keys, and related assets. You can do the inventory manually, or save time by automating the processes, using technology tools to scan your systems and/or ingest data from your IT asset management systems and other resources.

Understand and define your processes

Once you’ve acquired a strong understanding of your digital trust processes, you can build or strengthen policies to support them more effectively and align them to your specific needs. A good place to start is with foundational policies for trust, covering areas like cryptography and public key infrastructure. Then you can zero in on processes and tools that need more specific attention.

Optimize PKI management

Achieving crypto-agility is key to a proactive approach to future threats. Centralizing policy enforcement and automating management of cryptographic assets can make it easier to update cryptographic assets at scale or mitigate issues more quickly. A centralized approach to managing digital assets and certificates can also help you gain visibility, ease administration, and bring risk down.

Next steps

We’ve already seen the need for digital trust across a variety of industries, and its importance will only grow. Regardless of where you are in your adoption of digital trust, it’s important to keep pace with new threats, new digital business processes—and new opportunities. With a forward-looking strategy, you can position your organization to meet today’s changing needs, as well as tomorrow’s.

About the Author

Is Your Organization a Laggard or a Leader in Digital Trust?Mike Fleck is Head of Product Marketing at DigiCert.  He has more than 25 years of cybersecurity industry experience across network security, data encryption, threat intelligence, malware analysis, identity protection and e-mail security, and holds a patent for transparent data encryption.

Mike can be reached online at https://www.linkedin.com/in/mfleckca/ and at our company website https://www.digicert.com/

Source: www.cyberdefensemagazine.com