Securing Digital Transactions Across an Increasingly Dynamic Enterprise

Article by Brian Trzupek, Senior Vice President, Emerging Markets, DigiCert.

author-image
SMEStreet Edit Desk
New Update

Today’s enterprise organizations are up against a wave of new challenges maintaining security and privacy. Conducting business electronically has long been the norm, but it can still leave information vulnerable. 

In 2019, the losses that occurred due to cyber-crimes in the country were estimated at INR 1.25 lakh Cr. As connectivity improves and digital transactions take the front seat, several businesses in India are expected to lose their immunity which they enjoyed in a less connected economy. There’s no doubt in the fact that cyber-attacks are becoming more advanced and entrepreneurial. These attacks are large scale, fast-moving and easily able to bypass the traditional, security frameworks of the organisations.

To safeguard the data that drives their key business processes, organizations need to restrict access to confidential information, classifying documents and other information, based on the user’s level of authentication. 

Identity is also increasingly important to enabling the trust that drives digital transactions. It’s up to every organization to consistently authenticate the identity of users and IoT devices. They also need to verify the integrity of documents and communications passing through the organization. According to the Internet Crime Report for 2019, released by USA’s Internet Crime Complaint Centre (IC3) of the Federal Bureau of Investigation, has revealed that India stands third in the world among top 20 countries that are victims of internet crimes.

These challenges take on new importance given the unprecedented challenges in our current environment. Over just a few weeks, much of the world’s workforce has switched to remote work. A recent Gartner snap poll indicated that 91 percent of HR leaders have implemented work from home initiatives. As they rapidly transition more employees to this new model, corporations may lack provisioned laptops, driving BYOD adoption where it may not have existed before. Supporting a remote workforce securely is increasingly complex, because people are staying productive using a diverse array of devices, including mobile phones, laptops, and tablets. 

PKI Points the Way

Passwords alone aren’t sufficient to mitigate today’s security challenges. For most enterprise organizations, Public Key Infrastructure (PKI) is fundamental to securing today’s digital transactions. In the enterprise, people routinely authenticate to access corporate resources. They may do so without revealing their identity, or authenticate using a stolen password. Identity is just as important as authentication, and PKI can help enable the strong identity practices required to maintain the integrity of enterprise data. 

Enterprise organizations also need the ability to set up their secure devices at scale. They must enroll those devices into a management platform, providing a secure digital certificate to authenticate to VPN or other resources.

For example, IBM scales its Identity Services across an environment that encompasses 500,000 users, in 170 countries. The firm’s managed PKI insulates end users from technology, while supporting trusted transactions. Users can go about their daily business in a frictionless way, secure in the knowledge that they are upholding security and compliance requirements. 

For organizations that need to maintain business continuity even after transitioning to a largely remote workforce, PKI can also support document signing for remote workers. It lets organizations securely prove that documents have been signed and are unaltered, for distribution to multiple regions. For example, in the EU, Qualified electronic signature certificates, enabled by Qualified digital certificates, can support business online or across borders. They are available for individuals and corporations, and could enable a legal team to sign a certificate that’s valid for a specific company. 

Enabling PKI Across the Enterprise

What’s needed to enable modern PKI for current challenges? First of all, organizations need the ability to support multiple devices, remotely. In many complex organizations, an individual or a team will be responsible for managing digital certificates remotely, from a few locations. These organizations need a platform to automatically track the certificate lifecycle, from any location. The solution should be automated for agility and support rapid deployment of additional users, enabling IT or security departments to pre-provision certificates before an employee joins the organization—or automatically upon onboarding.

To maximize adoption and ease of use, solution should be fully transparent to users, while providing strong identity and authentication capabilities to the corporate VPN. 

For today’s increasingly dispersed global organizations, a modern PKI solution should support flexible deployments that are easy to maintain, and can scale smoothly. It should be capable of meeting in-country deployment requirements, and also ready to offer public, private, or hybrid cloud support. The platform can support these modern PKI requirements if it uses cloud-native technology and a container-based architecture. 

The solution should also enable organizations to simplify complexity, through a holistic approach to management. According to a recent IDC survey, 37 percent of participants cited security complexity as among the top three challenges their organizations face over the next two years. An end-to-end, centralized management tool can free up limited security and IT resources to focus on other business priorities.

Identity and privacy have long been essential to protecting digital transactions. In today’s uncertain environment, they have become even more critical. With the right strategy and solution, organizations can get out in front of their most pressing challenges now, while building a foundation for continued compliance and integrity well into the future.