Identity and privacy are essential for protecting digital transactions. Today they are even more critical. Brian Trzupek, Senior Vice President of Emerging Markets at DigiCert, shares how with the right strategy, organizations can face challenges while building a foundation for proper PKI technology implementation.
Today's enterprise organizations face a wave of new challenges in maintaining security and privacy. Conducting business electronically has long been the norm, but it can still result in sensitive information being compromised. To protect the data that drives their key business processes, organizations must restrict access to confidential information, classify documents and other information according to the user's authentication level.
Identity is also increasingly important for enabling the trust that digital transactions must drive. It is up to each organization to constantly authenticate the identity of users and IoT devices. They also need to verify the integrity of documents and communications passing through the organization.
These challenges take on new, unprecedented importance in our current environment. In just a few weeks, much of the global workforce has been forced to shift to remote work. A recent quick survey of Gartner indicated that 91% of human resources leaders have implemented work-from-home initiatives. As they rapidly transition more employees to this new model, corporations may lack available laptops to distribute, which drives the adoption of BYOD (bring your own device) where it may not have existed before. Supporting a remote workforce securely is increasingly complex because people remain operational using a wide range of devices, including mobile phones, laptops, and tablets.
PKI is the way
Passwords alone are not sufficient to mitigate current security challenges. For most organizations, a public key infrastructure (PKI) is fundamental to protecting digital transactions. In the enterprise, people routinely authenticate to access corporate resources. They can do so without revealing their identity or authenticating with a stolen password. Identity is as important as authentication and PKI can help enable solid identity practices necessary to maintain data integrity.
Organizations also need the ability to provision their secure devices at scale. They must enroll those devices on a management platform, providing a secure digital certificate to authenticate to the VPN or other computing resources.
For example, IBM scales its identity services in an environment spanning 500,000 users across 170 countries. PKI managed by the company allows only legitimate users to access the resources they require while supporting trusted transactions. Users can perform their daily activities seamlessly, with the assurance of knowing they meet required compliance, without major effort on their part.
For organizations that need to maintain business continuity even after transitioning to a largely remote workforce, PKI can also support document signing for remote workers. It allows organizations to securely demonstrate that documents have been signed and not modified before distributing them. For example, in the EU, qualified electronic signature certificates, enabled by qualified digital certificates, can support online or cross-border business. They are available to individuals and corporations and could enable a legally recognized scheme throughout the EU.
PKI available for the entire enterprise
What is needed to enable modern PKI in line with current challenges? First, organizations need the ability to support the connection of diverse devices remotely. In many complex organizations, an individual or team will be responsible for managing digital certificates remotely from various locations. These organizations need a platform to automatically track the certificate lifecycle and manage it. The solution must be automated to provide agility and support rapid deployment of additional users, enabling security or IT departments to provision certificates before an employee joins the organization or automatically at the time of onboarding.
To maximize adoption and ease of use, the solution must be completely transparent to users, while providing strong identity and authentication capabilities to the corporate VPN.
For today's increasingly dispersed global organizations, a modern PKI solution must support flexible implementations that are easy to maintain and can scale seamlessly. It must be able to meet in-country deployment requirements and also be ready to offer public, private, or hybrid cloud support.
The solution should also allow organizations to simplify complexity through a holistic management approach. According to a recent IDC survey, 37 percent of respondents mentioned security complexity as one of the three main challenges their organizations face in the coming two years. A centralized end-to-end management tool can free up limited security and IT resources to focus on other business priorities.
Identity and privacy have long been essential for protecting digital transactions. In today's uncertain environment, they have become even more critical. With the right strategy and solution, organizations can address their most urgent challenges now, while building a foundation for continued compliance and integrity in the future.
ABOUT THE AUTHOR
Brian Trzupek is Senior Vice President of Emerging Markets at DigiCert. Brian, a security and cryptography technician by day and by night, brings the team nearly two decades of experience across many security topics. He is constantly innovating use cases for enterprise PKI, which are enabled by the industry-leading DigiCert ONE platform.