Once it was unthinkable to use a credit card online. Today, online commerce is booming, and there's a small army working to ensure this trust is not misplaced. However, recent technological advancements mean digital trust must evolve to keep us protected. And the time to act is now.
"Sometimes people ask me what digital trust is," said DigiCert CEO Amit Sinha. "I say it's the fundamental infrastructure to make sure all these things are trustworthy and secure."
If you've built a website you know DigiCert provides the SSL certificate that shows your website encrypts traffic and can be trusted to enter confidential information into. Of course, digital trust is more than websites; it's the authentication throughout each layer of your applications, the network, devices, and more. Digital trust ensures you are running authentic software on authentic devices.
In life, integrity is paramount. You want to be known as someone who does what they say. You want people to be confident if a task is in your hands it'll be done. And, in the world of technology, computers are no different. You want to know you're connecting to your bank's website, not a fake one. You want to know your software update came from Apple, say, and not a malicious third-party. You want certainty the document you signed cannot be tampered with and altered. This is digital trust - integrity for digital things.
{loadposition david08}
And when it comes to digital trust, DigiCert has been in business for more than two decades, has over 100,000 customers around the globe, and is used by over 80% of Fortune 500 organisations. Locally, about 70% of the ASX use DigiCert. There are 6,000 ANZ customers, with 100 employees across Melbourne and Sydney. In fact, ANZ has been the fastest growing DigiCert region last year, with growth driven mostly among financial services companies, as well as healthcare, tech and government agencies.
However, it is also a time of tectonic shifts with quantum computing threatening to obliterate once-uncrackable encryption algorithms, with an explosion of IoT devices, and with Generative AI making it harder for people to understand what's fake or not.
Quantum computing is not science-fiction; iTWire previously spoke with DigiCert SVP of product Brian Trzupek who informed quantum computing is only a few years from being mainstream, and that you can rent space on an IBM quantum computer right now. Even the Australian Government has invested $1B in quantum computing.
In late 2019, Google claimed it solved a problem that would take 10,000 years for the world's fastest supercomputer within just 200 seconds using a quantum computer. These kinds of problems that quantum computing is really, really good at are things like the very mathematics that current encryption technology is based upon.
However, DigiCert has been preparing for this. Behind the scenes it's been working with standards bodies, and is part of the Internet Engineering Taskforce devising the next series of TLS standards. Additionally, "The US National Institute of Standards and Technology (NIST) has been working on post-quantum cryptography algorithms for several years," Sinha explained. "These algorithms are based on new mathematical problems that quantum computers cannot solve."
It's not talk; NIST is set to release four new algorithms later this year. "These will protect key encapsulation mechanisms and signing processes," Sinha said, also noting that companies such as WhatsApp and Apple are already adopting these technologies. CloudFlare, he said, has already switched 25% of its infrastructure to post-quantum key encapsulation.
This is all well and good, but it's not simply a matter of these big tech companies and bodies to solve the problems. Sinha emphasised there's a real urgency and importance for people like you and I to modernising cryptographic infrastructure in the face of the upcoming shift to quantum computing.
DigiCert has made it a mission to help organisations of all sizes recognise they must upgrade their platforms for quantum-cryptopgraphy readiness. Recently, the company announced its first-ever World Quantum Readiness Day, to take place on 26 September 2024.
While many organisations understand they need to upgrade their SSL certificates, the trickiness comes in that digital trust is so much more; it's all the kinds of things we listed above - the signing of documents, of software, of machines, and on and on. Any given business may not truly grasp just how much digital trust, how many cryptographic keys, are spread throughout all their technology assets and resources. In fact, Sinha says, a DigiCert survey of 1,400 companies worldwide found large organisations had around 54,000 crypto assets scattered across their servers and workloads.
"This is an extinction level-event for modern crypto. It's like the Y2K timestamp problem but without a date," Sinha said.
Fortunately, you don't have to wait "for magic Q day where only then does it become real," he said.
"All companies need to take stock of their inventory," Sinha said. If you don't know where to start, a good place is DigiCert's own Trust Lifecycle Manager which can scan the network, interface with eVaults, work with ITC and MDM tools, and ultimately produce an inventory for you. Prioritise your key applications, and begin chipping away. Leverage automation for faster gains.
It's a big job, it's a potentially daunting job, but it's a necessary job. It's not the time for wait-and-see. It's not the time for following suit after the US. Once malicious actors are using quantum computing all global markets are at threat.
"Quantum computing gives malicious actors the opportunity to break algorithms and exploit the inherent trust users place on legitimate applications and websites," Sinha said. "Only post-quantum cryptography can defeat the threat and preserve the sanctity of digital communications."