Over the past year or so, I’ve had the luxury of working with a group of individuals inside and outside of our organization to explore the role of trust within the context of the bigger changes taking place within the infosec ecosystem and enterprise architecture. We’re turning some of these learnings and areas of debate into a series of blog posts and whitepapers.
The gist is that over the past few years the macro-trends in IT have shifted from discussions on important, but siloed, views of emerging technologies (cloud, mobile, big data, connectivity, etc.) to a view of how to bring them together to enable new business models – typically referred to as digital business. Not only is this getting a lot of attention by big players, but a recent study we conducted with IDG suggests that 75 percent of organizations are in the early to moderate stages of this journey.
On one hand this isn’t news, a variety of cloud, mobile and Internet of Things (IoT) initiatives are likely swirling around your enterprise. Other terms like digital marketing and digital channels are also calling cards. But on the other hand, many organizations are taking a more holistic view of what digital means across the business model and asking strategic questions around what it might mean for the overall competitiveness of the organizational and in these organizations the conversation is moving from the CIO and CISO to the CEO.
In the majority of cases this is causing a sense of urgency in the organization and a desire to move quickly with the new initiatives. One of the bottlenecks in this change is risk and a need for controls. This fits well with a brakes on a car analogy - Why do we put brakes on cars? So we can go faster. Therefore we put security controls in place so we can do riskier things. As an organization, we play to the brakes in the area of trust. We enable our customers to evolve toward their digital business objectives, by allowing them to trust the people, systems and things within their ecosystem and to extend this trust to secure the interactions. How the technologies change the approach to trust, how risk is defined within an organization, and ultimately the business value that is trying to be unlocked are all parts of the challenge we continue to explore.
The move to digital business, like any other change, presents us with some good, and some bad, circumstances.
- The good: Organizations are able to extend the value of their products, services and solutions to provide more personalized experiences, available whenever and wherever users want to buy or access them and they can increase the efficiency of their delivery.
- The bad: Enterprises have to ensure that only authorized users have access, that the things are doing what they are supposed to, and that the “bad guys” are kept out. Every person, place or thing connected to an enterprises digital ecosystem provides a potential vulnerability. And the old ways of securing the connections will have limitations.
- The solution (or at least a critical part of the solution): Using identity to establish trust within and across systems provides a strong foundation from which to enable the business model. And, as we move from models that focus solely on people to those that put an equal weight on devices and apps, the approaches to establishing trust are likely to shift.
Part of what we’ll be examining is the role of public key infrastructure (PKI) and cryptography along with the changes required in this technology to support the evolution of the enterprise architecture and business models over the next several years. This technology is going through a bit of a renaissance given its ability to provide a frictionless experience on mobile platforms and to establish trust within the infrastructure. It’s becoming so foundational that we are calling it the Digital DNA for your evolving enterprise.
If you’re like most people, you may have heard of PKI, but you have no idea how it works. Our PKI infographic
provides a “101-level” introduction to this technology. Essentially, PKI solutions work through a variety of digital certificates and public and private keys. These certificates and keys work to prove identities and encrypt information that’s shared between authorized users, devices and apps. It sounds complicated, but once you get it, it’s pretty straightforward.
There are several unique characteristics of PKI for securing your digital business, it provides for no eavesdropping or theft of communications, no tampering and provides for non-repudiation. In addition to providing a secure enterprise, it also makes your business faster, helps you to create new offerings with new delivery models and allows your employees to be more collaborative and innovative.
Digital Business is the key to growth for your enterprise. Wondering how to build it? Enable it? Secure it? Visit entrustdatacard.com/digital-dna
to learn more about enabling and transforming your business with a trusted identity and while you’re there, be sure to check out the PKI 101 infographic
Over the upcoming months, we’ll explore a variety of use cases and applications for digital business, as well as touch on best practices for designing and deploying the technology. Up next: How PKI is Gearing up for the Internet of Things.