The year’s wrapping up but the cybersecurity predictions are hitting high gear.  Today from DigiCert we have COO John Merrill and Flavio Martins, VP of Operations.  DigiCert is at the nexus of modern security, providing enterprise security solutions in the fields of PKI, SSL, authentication and digital certificates.  Their clients number more than 70,000 around the globe, consisting of financial, government, enterprise organizations and beyond.

We asked Merrill and Martins to identify the biggest projected threats ahead in 2014 and how the industry could prepare for them.  Martins feels that to look ahead, we have to look at what we’ve gone through in order to be prepared.  These events of the past year have helped focus everyone on the need for organizations to invest more in their security- especially given  the extensive scope of espionage that came to light in the past year from state-sponsored groups, cybercriminals, and yes, even the government.  Merrill adds that there has been a renewed effort to re-assess security technology and practices across the industry because suddenly the specter of threats has become very real.  In many ways, 2014 will be the year of encryption and authentication.

Thought Leadership

This is where DigiCert’s position as an industry leader comes into play.  More than ever, Certificate Authorities are working together and with others to take a more proactive approach to improve security standards.  New technology and approaches are emerging and now is a great opportunity to effectively apply security practices, as witnessed with the recent migration to 2048-bit encryption.  DigiCert is leading the way, including being the first CA to implement Google’s Certificate Transparency, and is pushing the industry forward toward other practices that improve online trust.  TLS/SSL remains a very effective technology when it is implemented properly, but that is the key – implementing it properly.

Part of DigiCert’s vision to improve security and trust led to its key role in organizing the Certificate Authority Security Council. This group is collaborating  to provide a better way for CAs to educate others about security and work on like-minded improvements.  With this kind of security improvement and solid foundational approach implemented throughout the industry, organizations can be better prepared to handle whatever new challenges are to come in the year (and years) ahead.  DigiCert also extends its influence as a founding/board member of the CA/Browser Forum, DirectTrust and the Online Trust Alliance.

Chief Operating Officer John Merrill adds:

“We’re here to ensure peace of mind with leading security technologies that ensure the trust between our clients and their consumers. The best way to deal with the security issues of the day is by looking forward. So within the community, we are always driving towards advancing best practices and setting new uncompromised standards.”

This thought leadership approach is grounded in the roots of the industry that DigiCert is in.  Their business starts with trust, and that’s something earned through thought leadership, technical excellence and great support.  That stands out in an industry that for a number of years has been in the midst of a lower end focus as a trend.

DigiCert is the fastest growing Certificate Authority

Digicert feels that it can lead by example and demonstrate that companies can succeed without lowering their standards.  DigiCert offers high-assurance certificates, does not issue DV certificates and the company is diligent to the task of never compromising its security layer.  Domain-validated (DV) certificates offer an extremely low level of validation which neglects verifying identity.  It is a point of vulnerability that opens the door to man-in-the-middle attacks and phishing, so DigiCert just doesn’t offer it.  That’s part of DigiCert’s no-compromise approach that makes them a high-assurance provider and a leader in the business.  Martins adds:

“That’s a point of pride and the foundation of what we’re doing.  You’ll see that our growth is much greater than what you’ll see in even the wider security market.  We’re not the most expensive service out there, we’re not the least expensive, we do things the right way and our customers are responsive to that.  At the end of the day, that is why we’re having the growth that we have.”

Beyond SSL

One of the areas where DigiCert’s leadership has emerged is in the development and deployment of the extended validation certificate.  Extended Validation SSL certificates take verification beyond traditional certificates.  DigiCert introduces a number of human interactions within the validation process, where identity is extensively validated before a certificate is issued.  The level of trust and authentication therefore has more value.  DigiCert also invests heavily in their technology response times, which ultimately benefits the customer with the fast web performance that their customers demand while providing higher assurance and trust as well.  The company is branching out to provide high-assurance certificates for healthcare exchange and other related services that require strong trust.  DigiCert’s combination of high-trust and high-touch is gaining it a stronger foothold in the market.

“Our position from day one has always been to deliver value without compromising security.  The challenge is that we can’t control what all the other organizations are doing.  That’s when we come together as an industry, but there’s always going to be laggards and those that aren’t as quick to jump on board.  Regardless, we have to strive for the highest of standards and that’s something that’s recognized.  We’ve felt really good about support from community on this point, and support from Microsoft, Mozilla and many others.  We’ve been proactive and supportive with others in the industry and worked closely with them.”

Forecast: App Security, Malware signing, encryption

Such standards are extremely important, particularly when you consider that a great deal of focus is shifting to application security.  This is an extremely hot area that will continue its incredible growth and actually increase in importance as application technologies continue to grow.  To understand how critical this is, witness the reports on breaches time after time where the proliferation of malware or rogue app includes unsigned or self-signed code, or even stolen certificates which are then used to sign the application, leading to compromise.  Code signing used correctly is an important protection against rogue apps, malware, and other threats that seek vulnerabilities to counter reliable identity and validation technologies.

With little exception, cases where these have been lost have come down to some breakdown in process or procedural error.  You are only as strong as your weakest link, and as Martins states – that’s why DigiCert is constantly focused on being industry thought leaders to make things better for the enterprise.  This is what constitutes a proactive climate – winning thoughts and minds with the latest in security.  DigiCert is well-focused on the next-level security, with an eye on what’s ahead.  What they see is identity, federation and authentication as critical components in the diverse world of application-level technology, encryption, cloud, mobile and just about every technology that is on the scene today.