The year’s wrapping up but the cybersecurity predictions are hitting high gear. Today we have Flavio Martins, VP of Operations for DigiCert. DigiCert is at the nexus of modern security, providing enterprise security solutions in the fields of PKI, SSL, authentication and digital certificates. Their clients number more than 70,000 around the globe, consisting of financial, government, enterprise organizations and beyond.
We asked Martins to identify the biggest projected threats ahead in 2014 and how the industry could prepare for them. Martins feels that to look ahead, we have to look at what we’ve gone through in order to be prepared. The industry has discovered that there are a lot more security issues than many had predicted. These issues were never more clear than when the extensive scope of espionage came to light this year – from state-sponsored groups, cybercriminals and yes, even from the government. Martins has seen a renewed effort to re-assess security technology and practices across the industry because suddenly the specter of threats have become very real.
Thought Leadership
This is where DigiCert’s position as an industry leader comes into play. Recent trends have put Certificate Authorities in a situation where they are working together and with others to take a more proactive approach in general. As older systems fade away and technology refreshes, the opportunity to effectively apply security practices presents itself and one of those changes taking place is the continued migration to 2048-bit encryption. This is still a very effective technology when it is implemented properly, but that is the key – implementing it properly.
DigiCert has thus organized a Certificate Authority security council, in order to create a better security level across the board for organizations and setting the standard for security in the future. With this kind of security improvement and solid foundational approach implemented throughout the industry, organizations can be better prepared to handle whatever new challenges are to come in the year (and years) ahead.
This thought leadership approach is grounded in the roots of the industry that DigiCert is in. Their business starts with trust, and that’s something earned through thought leadership, technical excellence and great support. That stands out in an industry that for a number of years has been in the midst of a lower end focus as a trend.
DigiCert is the fastest growing Certificate Authority
Digicert’s perspective has never gone to the point of compromising and their success stories prove it. Their services are high-assurance only, they won’t issue DV certificates and they are diligent to the task of never compromising their security layer. Domain-validated (DV) certificates offer an extremely low level of validation which neglects verifying identity. It is a point of vulnerability that opens the door to man-in-the-middle attacks and phishing, so DigiCert just doesn’t offer it. That’s part of DigiCert’s no-compromise approach that makes them a high-assurance provider and a leader in the business. Martins adds:
“That’s a point of pride and the foundation of what we’re doing. You’ll see that our growth is much greater than what you’ll see in even the wider security market. We’re not the most expensive service out there, we’re not the least expensive, we do things the right way and our customers are responsive to that. At the end of the day, that is why we’re having the growth that we have.”
Beyond SSL
One of the areas where DigiCert’s leadership has emerged is in the development and deployment of the extended validation certificate. Extended Validation SSL certificates take verification beyond traditional certificates. DigiCert introduces a number of human interactions within the validation process, where identity is extensively validated before a certificate is issued. The level of trust and authentication therefore has more value. DigiCert also invests heavily in their technology response times, which ultimately benefits the customer with the ability to reject invalid certificates quickly.
“Our position from day one has always been to deliver value without compromising security. The challenge is that we can’t control what all the other organizations are doing. That’s when we come together as an industry, but there’s always going to be laggards and those that aren’t as quick to jump on board. Regardless, we have to strive for the highest of standards and that’s something that’s recognized. We’ve felt really good about support from community on this point, and support from Microsoft, Mozilla and many others. We’ve been proactive and supportive with others in the industry and worked closely with them.”
Forecast: App Security, Malware signing, encryption
Such standards are extremely important, particularly when you consider that a great deal of focus is shifting to application security. This is an extremely hot area that will continue its incredible growth and actually increase in importance as application technologies continue to grow. To understand how critical this is, witness the reports on breaches time after time where the proliferation of malware or rogue app includes certificates have been stolen and then used to sign the application, leading to compromise. There’s code signing, rogue apps, malware, encryption and all kind of issues that rely on identity and validation technologies.
With little exception, cases where these have been lost have come down to some breakdown in process or procedural error. You are only as strong as your weakest link, and as Martins states – that’s why DigiCert is constantly focused on being industry thought leaders to make things better for the enterprise. This is what constitutes a proactive climate – winning thoughts and minds with the latest in security. DigiCert is well-focused on the next-level security, with an eye on what’s ahead. What they see is identity, federation and authentication as critical components in the diverse world of application-level technology, encryption, cloud, mobile and just about every technology that is on the scene today.