���׶���Ƶ

TABLE OF CONTENTS

INTRODUCTION: FROM THE ALASKAN FRONTIER TO THE EDGE OF SPACE

THE REAL IS DIGITAL AND THE DIGITAL IS REAL

THE PROOF OF TRUST IS ALL AROUND

BUILT ON PROVEN TECHNOLOGY

CONCLUSION: PUT DIGITAL TRUST TO WORK

REAL TRUST FOR THE REAL WORLD

The notion of trust between two points in a digital connection is as old as digital communication itself. But too often, there’s been a disconnect between the technology and the ideal. The principles of trust have lacked harmonious hardware and software solutions, and vice versa. True digital trust is equal parts concept, processes, and tools. It’s the point at which digital technology and the ideals of trust meet to deliver value and meaningful impact.

PART III

THE PROOF OF TRUST IS ALL AROUND

Even the engineers and security experts behind our solutions are often amazed by the creative ways people use digital trust. Like a thread woven through seemingly disparate technologies and unrelated industries, digital trust is at the heart of how we communicate, navigate, and work in the real world.

AVIATION

Smooth takeoff, safe landing

In industries with complex ecosystems, where there are a lot of connecting parts with limitations on the power of devices and variation amongst the types of devices, there’s a need for an adaptable, reliable security solution. In the case of air travel, all these factors come into play, but there’s also a need for data confidentiality.

The information transmitted between ground and plane must be secured, just as the device itself must be secured, in order to prevent what could be catastrophic tampering.

With digital trust solutions protecting these devices and the data they transmit, pilots and towers can safely and securely gather, communicate and use a variety of information to ensure planes take off and land safely, regardless of the plane or the airport. If it’s on AeroMACS standard, it works the same—and just as reliably—in a small airport in the United States as it does at a major airport in Australia.

Deployment: worldwide
���׶���Ƶ solutions protect the AeroMACS network, the standard for aeronautical communication that will soon be used by nearly every airport around the world.

Primary need: authentication
With thousands of flights in the air, airports, airlines, and pilots rely on AeroMACS to guarantee the safe and on-time travel of millions of people every day.

Could a hacker really break into someone’s pacemaker and cause it to stumble or fail entirely? Yes.

When “life or death” is literal

In August 2017, an unusual headline hit the newswires—unusual, at least, for anyone who doesn’t work in the IoT world. The United States Food and Drug Administration was “recalling” a number of pacemakers due to a cybersecurity threat. In what sounded like another story about internet hacking risks, the FDA warned that certain pacemakers might “be vulnerable to cybersecurity intrusions and exploits.” It was a strange idea, something that sounded like the plot of a science fiction movie. Could a hacker really break into someone’s pacemaker and cause it to stumble or fail entirely? Yes.

As medical device manufacturers invented novel and valuable ways to connect medical devices—from smart hospital beds to continuous glucose monitors—the patient benefits were skyrocketing. At the same time, concerns over the protection of patient data collected by connected devices, and eventually, concerns about intrusions leading to device failure, were also mounting.

Indeed, hackers found just such an intrusion point with pacemakers. The manufacturers encrypted communication between the pacemaker and the bedside monitor, but the monitor itself wasn’t secured. With access to the monitor, these hackers were able to send repeated commands to the pacemaker, depleting its battery life. Even worse, they could instruct the pacemaker to shock the patient. Searching for an answer to protect not only the device but the safety of the patient, many manufacturers turned to digital trust solutions.

Today, thousands of people enjoy peace of mind knowing there’s an effortless, secured monitoring system working to ensure their pacemaker continues to function and alerting them of any potential issue.

In the near future, the capabilities of cardiac technology will grow, offering more patients and their doctors more options for better data and immediate assistance without surgery or hospital visits. The medical devices will get smaller and smarter, but the security solution that will continue to protect the data—and the life—of the patient will be digital trust.

Deployment: worldwide
Thousands of hospitals and care centers, and millions of people, across differing compliance and implementation standards, for use by providers and patients alike.

Primary need: authentication
A security solution that protects the integrity of the device and patient data, and one that’s reliable enough to trust when lives are on the line.

PART IV

BUILT ON PROVEN TECHNOLOGY

Digital trust without underlying technology is simply a mantra. Deploying digital trust in the real world requires software and systems that enable secure connections across this vast and complex landscape. But not just any technology will do. For trust to work in the real world, connections need to possess certain qualities that run on proven security software and protocols.

The three principles of secure connections

Identity
Individuals, businesses, machines, workloads, containers, services, and anything else that connects must be authenticated with a cryptographically unique identity.

Integrity
Objects must be used and transmitted with tamper prevention, as well as tools for verifying that object hasn’t been altered.

Encryption
Data must be secured in transit.

For trust to work in the real world, connections need to operate on proven security software and protocols.

PKI AS A FOUNDATION

Public Key Infrastructure has been proven for decades to secure websites. Over the years, as the connected world evolved, digital security experts realized that the same proven technology used to encrypt websites also verifies digital
identity while authenticating data. And these certificates can be issued to nearly any digital object from networks to emails, code to documents, and even users and devices. By its very nature, PKI provides encryption, integrity, and identity to digital connections, which is why it stands as a fundamental component of digital trust—one ready to meet any challenge.

Flexibility

In today’s ecosystems, professionals need to be able to secure a website alongside an application, or securely sign a document while authenticating an employee’s smart phone. One company needs a solution for automated robots on the manufacturing line while another needs to protect its customers’ credit card numbers.

A solution that works one way but not another, or one day but not the next, not only burdens the IT team responsible for managing security, it also puts the organization at risk.

Unlike other types of security solutions, PKI is incredibly flexible. Because it relies on asymmetric key pairs, and the security process can encrypt just as easily as validate, PKI can be deployed in any number of environments to secure a wide range of connections. PKI solutions can scale down or up, run in the Cloud, on-prem or hybrid, secure web and email today, then BYOD and IoT tomorrow. It’s one solution for any number of security needs.

Public and private trust

More than just simple encryption, PKI binds identity to a key through a signing process. The signature is issued by the root, so anyone with the public key to that root knows the signature bound to the PKI certificate is valid and trusted.

In some cases, that root is public—it’s been distributed to a trust store housed by a web browser like Chrome or Firefox or an operating system like Microsoft Windows or Apple MacOS. In other cases, the root is private—trusted by whatever systems an organization wants to use internally or within a small group of companies. The cryptography is the same either way, but the ability to deploy both public and private options makes PKI especially versatile.

As a result of this flexibility, PKI bridges the gap between public and private trust. It’s powerful and secure enough to be trusted as the private encryption and identity solution for many nations’ governments, and equally as the public solution for consumer IoT devices.

CONCLUSION

PUT DIGITAL TRUST TO WORK

What’s most important about digital trust is often what’s overlooked. Digital doesn’t mean digital anymore. At the heart of digital trust, we find something that’s been the basis of business, agreements, social contracts, and simple human interactions going back millennia. Regardless of the space—physical or virtual—we need to know that our interactions are authentic, our communication is safe, and the information we exchange is legitimate and unchanged.

Digital trust is more than a high-minded idea, and it’s more than security software. It’s confidence in interactions between anything, or anyone, that connects. In that sense, what’s important about digital trust isn’t what it is, but what it does.

Check out this IDC white paper to learn more about the digital trust imperative >

About ���׶���Ƶ

���׶���Ƶ is a leading provider of digital trust, enabling individuals, businesses, governments and consortia to engage online with the confidence that their footprint in the digital world is secure.

���׶���Ƶ® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of digital trust needs, including securing websites, enterprise access and communication, software, identity, content and devices. ���׶���Ƶ pairs our award-winning software with our industry leadership in standards, support and operations, and is the provider of choice for leading companies around the world who put trust to work.

How will you put digital trust to work for your organization?
To find out more, contact sales@digicert.com.