As digital transformation heavily influences companies and how they operate, trust has become the foundation of secure interactions. Public key infrastructure remains the bedrock of digital trust, from safeguarding transactions to securing machine identities.

However, as threats evolve and organizations scale, PKI must modernize to meet new challenges, according to Deepika Chauhan (pictured), chief product officer of DigiCert Inc.

“If you look at it from a customer point of view, all customers, big and small, have a sprawling digital footprint,” she said. “What does it mean? It means different kinds of machines, be it user devices like phones or laptops, but also network infrastructure, your cloud workloads and software content. The foundational principle for digital trust is that the organization wants to have confidence in the security, privacy and authentication of all the digital connections between these devices.”

Chauhan spoke with industry analyst John Furrier, during a CUBE Conversation on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how organizations can safeguard their digital ecosystems against the next wave of cybersecurity challenges by embracing public key infrastructure modernization, AI integration and quantum readiness. (* Disclosure below.)

Public key infrastructure’s role in digital trust

Public key infrastructure has long served as the cornerstone of secure digital interactions. It provides encryption, authentication and integrity for various applications, including VPNs, Wi-Fi authentication, cloud workloads and software supply chains. However, the digital landscape is expanding at an unprecedented rate. Organizations now manage sprawling digital footprints that include user devices, network infrastructure and software ecosystems. This necessitates a new approach to PKI management — one that ensures resilience, compliance and automation, according to Chauhan.

“What is happening most often with the customers is a brittle, do-it-yourself kind of solution, often unsupported,” she said. “With the explosion of machine identities across the organizations, customers don’t have visibility across the entire infrastructure. Gartner recently … their identity and access management team … had an interesting data point. They said for every human within an organization, there are 50x more machine identities that they have to manage.”

The mandate to modernize PKI approaches has never been more glaring. The traditional approach to PKI has been fragmented, often managed in silos across different departments. This outdated model creates several challenges, the first of which is a lack of visibility, where many organizations are unaware of the full extent of their PKI deployments, leading to unexpected outages when certificates expire. There are also compliance risks, meaning that regulations — such as post-quantum cryptographic requirements and CA/Browser Forum standards — necessitate stricter security measures, according to Chauhan.

“What we are trying to provide is a platform for crypto-agility and PKI modernization, as well as DNS modernization, across the entire customer landscape,” she said. “The way our customers are using the platform is you have all these silos doing their own thing; how do you bring order to that? How do you have centralized visibility and control?”

PKI modernization addresses these issues by centralizing visibility, automating certificate management and ensuring compliance across all machine identities.

The intersection of AI and security

Artificial intelligence is revolutionizing cybersecurity, and its coverage spectrum extends to PKI as well. First, AI-powered analytics can identify and monitor all machine identities across an organization for increased visibility. Second, AI-driven workflows reduce manual intervention, preventing outages due to expired certificates — enabling zero-touch automation. Third, AI facilitates proactive compliance management by detecting and addressing policy deviations, according to Chauhan.

“The key thing we are trying to solve is enabling our customers to solve the crypto-agility problem,” she said. “The second thing we are solving is in the software supply chain. That’s something organizations are waking up to, especially with a lot of different incidents like SolarWinds. Software supply chains are porous. How do I ensure we are releasing trusted software with visibility around threats that keep on getting introduced, because we don’t know what threats are introduced when we are using third-party software, as well as open source.”

DigiCert leverages AI to improve PKI automation, allowing organizations to reduce operational costs while strengthening their security posture. AI-driven security solutions mitigate risks and provide organizations with greater agility in responding to emerging threats. On the other hand, quantum computing poses a significant threat to current cryptographic systems, Chauhan explained. While today’s encryption standards rely on the difficulty of factoring large numbers, quantum computers could potentially break these encryptions in minutes. To counteract this risk, organizations must prioritize crypto agility — the ability to swiftly transition to quantum-safe cryptographic algorithms.

“If you start adopting these, your journey for quantum readiness gets easier,” Chauhan said. “The first step to start the quantum journey and be ready for the time when quantum computers are there and they can break the cryptos, you need to have the visibility of your assets so that you can transition to quantum-safe algorithms. And that’s where we’re headed.”

Here’s the complete CUBE Conversation video with Deepika Chauhan:

(* Disclosure: DigiCert Inc. sponsored this segment of theCUBE. Neither DigiCert nor other sponsors have editorial control over content on theCUBE or SiliconANGLE) 

Photo: SiliconANGLE