DigiCert this week launched a comprehensive digital trust solution that unifies certificate authority (CA), certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager, now available as part of the DigiCert ONE platform, is a major product launch that was years in the making.
DigiCert is well known for helping companies implement digital trust across the enterprise. DigiCert ONE is a modular platform that can be deployed individually or as part of a suite, either on-premises, in the cloud, or in a hybrid environment. Using the platform, companies can issue millions of certificates on devices and servers to sign software for user authentication with digital identities attached to them.
Also see: The Successful CISO: How to Build Stakeholder Trust
Endpoints Drive Need for Digital Trust
With the rise of connected devices and cloud deployments, the network perimeter has expanded. For IT operations, this means greater complexity and risk. For identity and access management (IAM) administrators, the authentication needs are increasing. For software development and IT operations (DevOps), security operations (SecOps), and operational technology (OT) teams, the attack surface is expanding.
That’s where Trust Lifecycle Manager comes in. It brings together certificate lifecycle management and PKI services. It also tightly integrates with public trust issuance. On the certificate management front, the solution provides:
- Discovery (centralized repository of all public and private certificates)
- Management and notifications (prevents expired certificates)
- Automation (one-touch provisioning and renewal)
- Integration (governance across CAs, or specific vendor Certificate Authority)
Multiple Deployment Options For Trust Lifecycle Manager
On the PKI services front, Trust Lifecycle Manager oversees identity and authentication of users, servers, devices, and other IT resources. DigiCert offers three deployment options.
The first one is PKI as a service, where DigiCert manages customers’ public or private PKI. The second one is on-prem for those who have more complex environments. The third one is in the customer cloud. Approximately 50 percent of customers are deploying PKI as a service, 30 percent in the cloud, and the remainder on-prem.
“We’re seeing a pivot in the industry, where instead of looking at siloed areas, organizations are starting to look across them and see how trust can be managed and measured throughout the organization,” said Brian Trzupek, senior vice president of product at DigiCert. “All the previous announcements and the infrastructure work we’ve done is leading up to DigiCert being able to execute on this launch.”
Also see: Secure Access Service Edge: Big Benefits, Big Challenges
Digital Trust Is Challenging To Deploy With Point Products
When thinking about the building blocks of digital trust, standards that help create trust in the ecosystem are at the core. Creating digital trust is a complicated process involving several key steps that can be visualized as a pyramid, explained Trzupek.
At the base of the pyramid is defining trust through industry and technology standards. “This is where our leadership in the standards bodies that we participate in is so crucial. We’re the voice of the customer in those bodies. We’re taking their concerns, requests, and challenges into consideration,” said Trzupek.
Moving up the pyramid is establishing trust through compliance and operations. DigiCert operates global data centers in six regions with service-level agreements (SLAs) for high availability. “This gives us extraordinarily high availability as a company. We operate data centers under a compliance regime that’s managed by 25 annual audits to ensure that we can deliver trust in those regions,” said Trzupek.
Toward the top of the pyramid is managing trust for public and private PKI in the enterprise, which includes certificate lifecycle management. At the very top of the pyramid is extending trust even further into connected trust ecosystems—essentially everything beyond the perimeter like devices, software, identity, and content.
Although certificate lifecycle management solutions have been on the market for a while, what differentiates DigiCert from competitors is its PKI service provider roots and ability to offer a full-stack solution that combines private and public trust with CA-agnostic certificate lifecycle management.
DigiCert’s PKI Services draw from its rich history in PKI management, simplifying the complexity involved in managing identity and access with pre-built and customizable templates, deep integration and automated provisioning.
DigiCert Is Shifting From Product To Platform
Additionally, DigiCert has more than 100 integrations with third-party vendors, offered out of the box with Trust Lifecycle Manager. DigiCert is opening up application programming interfaces (APIs) to third-party vendors, so they can do this work on their own. According to Trzupek, this gives DigiCert the scale to help more customers.
DigiCert is actively adding support for management of other CAs beginning with Microsoft CA in Q1 and extending to other public and private CAs in subsequent quarters. With these expansions, DigiCert customers will be able to manage any certificate from any CA. Customers can already work with multiple CAs when building their certificate inventory with Trust Lifecycle Manager’s discovery features.
“This opens up a whole new market for us. Previously, we had to sell to customers who are only using DigiCert CA services,” said Trzupek. “We’ve created an entire integration API and surface layer through this product, which third parties can extend and add functionality to it as they see fit. That’s a game changer.”