Establishing Digital Trust in 2022: How a Top-Down, Cloud-First Approach Can Help

2021 is one of the worst years on record for cybersecurity, and more than 50% of organizations expect a surge in reportable incidents in 2022 compared to 2021. 

Despite this urgency to get security under control, 75% of leaders say that too much avoidable, unnecessary organizational complexity poses “concerning” cyber and privacy risks.

Those are just some of the findings presented in PwC’s 2022 Global Digital Trust Insights report. The report is based on a survey of 3,600 C-suite respondents from October 2021 and sheds light on the need for every digital business to establish digital trust.

It’s easy to assume that the topics of cybersecurity and digital trust should be relegated to technical teams, but heading into 2022 and beyond they need to be a priority for the entire C-suite. 

That’s because digital trust underpins every digital interaction, and these digital interactions are increasing in frequency and becoming critical to how modern organizations operate.

Data from PwC supports this point, finding that the top 10% of most advanced businesses when it comes to cybersecurity have engaged their CEO in cybersecurity decisions and practices. The most successful organizations have also increased time spent on cybersecurity discussions in board meetings and improved the alignment of their cyber strategy to their overall business strategy.

Recognizing that digital trust requires a top-down approach, what does the process of establishing digital trust actually entail? It’s becoming increasingly complex in the growing digital world, as each human and machine identity creates an end-point that requires security.

Specifically, organizations now face an explosion of machine identities thanks to increasingly complicated cloud and hybrid IT environments, the emergence of IoT devices, and a growing reliance on DevOps for increased speed and agility.

Securing all of these connections and establishing digital trust requires PKI and cryptography. However, this long-standing practice is evolving fast. The volume and velocity of certificate issuance has grown rapidly alongside the explosion of identities, but the lifespans for those certificates have shortened over the past decade – which further feeds the challenge by requiring teams to issue new certificates more often.

As machine identities continue to explode and certificate lifecycles keep getting shorter, organizations face more and more complexity. Additionally, the fact that many teams still manage keys, certificates, and the underlying PKI infrastructure using manual methods like spreadsheets or outdated management tools doesn’t help the situation. Neither do instances in which DevOps teams spin up their own PKI and issue identities outside the visibility of security teams.

This complexity is a problem. It creates gaps in information and makes it easy for issues to slip through the cracks. That’s why, according to PwC, organizations with the best cybersecurity outcomes over the past two years are 5x more likely to have streamlined operations enterprise-wide.

While no business is immune to these types of complexities, they are particularly troublesome in the IoT manufacturing space due to sprawling supply chains that can’t be completely trusted and vulnerabilities in other critical infrastructure throughout the manufacturing process, like smart meters, telematic devices, and industrial controllers. 

PwC’s survey echoes this sentiment, with 56% of leaders expecting a rise in breaches via their software supply chain in 2022 (and 19% eyeing significant increases – a number that grows to 25% among North American respondents).

Simplifying environments is the best way to overcome the complex challenges hindering digital trust and creating risk for organizations. Doing so requires time and effort, but it is possible.

The organizations that have started to see success in streamlining their environments have done so by consolidating tech vendors (especially to decommission vulnerable legacy technologies), automating standard, repetitive processes, creating an integrated dashboard for key metrics and defining the mix of in-house resources and managed services, PwC reports.

This type of simplification is especially important for PKI, as companies must overhaul their PKI governance to standardize control over the issuance and management of certificates and to centralize visibility into the entire program. Doing so is the only way to elevate PKI to the critical infrastructure it needs to be to meet zero-trust security goals.

To that end, one common trend toward simplifying environments and improving PKI governance is the shift toward vendor-agnostic PKI platforms. These platforms offer the ability to monitor and manage digital certificates from different root CAs, in different environments, with different lifecycles and applications, all from a central source. As a result, they not only standardize control and centralize visibility, but also reduce the burden of managing multiple systems that may or may not share information with one another.

Once organizations determine the need to simplify environments to improve digital trust, where is the best place to start? Answering this question can prove challenging, but in most instances, the cloud provides a strong foundation to simplify business processes and IT architecture, increase flexibility and accelerate innovation.

A move to the cloud needs to happen carefully though, as PwC warns that companies typically waste an average of 35% of their cloud budgets on inefficiencies. The report notes that the extensive technology options, new architectural approaches, complicated service plans, and new models for billing and pricing can easily lead organizations to create more complexity inadvertently.

That said, PwC finds that cloud security remains the top investment priority for the C-suite. This is no surprise given that cloud PKI solutions offer benefits like increased security, more elasticity and instant global availability and reduced capital expenditures compared to their on-premise counterparts.

Fortunately, the cloud also offers a variety of options for organizations with different needs. And while PwC notes that these various approaches can end up creating complexity, if organizations take the time to understand their options and align those choices to their business requirements and goals – especially with the help of a trusted partner – they will be well on their way toward a streamlined environment that supports digital trust.

As cybersecurity threats continue to rise, no business can afford not to pay attention to digital trust. Whether it’s first establishing this trust through a PKI program or overhauling a legacy setup for a modern solution, this initiative needs to start in the C-suite.

Additionally, the most successful organizations will focus on establishing digital trust by simplifying their environments to gain control over increasing complexities. One of the best ways to do so is through a cloud-first approach, which can reduce costs, increase security and provide more flexibility to align to business needs.