Digital certificates are surging in popularity. In 2020, the global electronic signatures market reached $2.8 billion (€2.42 billion) and that number is only set to grow. One prediction sets the market to grow to more than $14 billion (€12.10 billion) in annual revenue by 2026, says Stephen Davidson, senior manager at DigiCert.
There are a number of reasons behind this explosion in popularity. In the short term, the global pandemic has forced people to look at enterprise computing in a profoundly new way. An overwhelming shift to remote work requires organisations to convey trust digitally and across geographic boundaries. Many have turned to well-proven digital certificates to accomplish this to authenticate the identities of users and devices, to make tamperproof data, and to create legally-valid e-signatures.
Although remote work was gaining popularity pre-pandemic, it went from an enlightened perk to a near-ubiquitous reality overnight. According to McKinsey data, the expected adoption cycle for mass remote working should have been 454 days. Under the harsh realities of the pandemic it took only 10.5 days for most companies 43 times less than most expected. As organisations scrambled to protect these new working methods, it was natural to turn to well-established and widely-supported tools like digital certificates and digital signatures.
Furthermore, under the COVID restrictions, consumers demanded online access to conduct their daily business ranging from expanded online shopping all the way through complex transactions that previously were done face-to-face. New companies sprung up to meet the demand, and others were forced to transform at speed to survive. The pandemic has accelerated digital transformation trends in enterprise technology that were already underway.
According to McKinsey, in the opening salvos of the pandemic, tech adoption rates sped up by three years. While around 20% of customer interactions were online globally before the pandemic, the COVID crisis saw that number rise to 58%.
The same is true of cloud migration which happened 24 times faster than firms expected they could do it in. So too, with spending on IT security which accelerated by a factor of 19.
Many of these changes although made under duress and in pursuit of short-term survival, have solidified and embedded long-term trends.
Digital transformation and cloud computing are two key trends behind the growing need for zero-trust architecture and surging growth of digital certificate deployments. The first trend, digital transformation, is the expansion of the digital realm in our everyday lives. Although driven by the need to work around lockdowns and travel restrictions, both companies and consumers rapidly get used to the efficiencies and speed that come with working online.
Thankfully, solid laws and regulations already exist in most jurisdictions to provide the same legal validity for online business often reinforced using digital certificates and electronic signatures as existed in real world transactions.
Even in this area, COVID pushed along new takes on the enabling laws. In Europe, the enabling regulation for eID and electronic transactions (known as eIDAS) is being updated to improve the regulation of remote onboarding of users and cloud signing. In America, a draft bill is before the U.S. Senate to increase the use of digital signatures to reduce fraud in court documents, which increased during pandemic remote working.
The second trend, cloud computing, brings the long term erosion of network perimeters. A few years ago, we really could build a wall around our assets and physically restrict them to a data centre, and in so doing “permit the good and block the bad”. This is sometimes called the castle-and-moat structure.
But those that are still relying mostly on their castle walls will find them full of cracks. With the advent of technologies like the IoT, remote working and cloud technology, the shape of the network has changed significantly. Networks are no longer centralised hubs, but shifting morasses of data, users and devices flowing out and in of the network.
The castle-and-moat structure cannot protect these new technologies and the increasingly nebulous network which hosts them. In fact, what enterprises now need is the ability to trust the diverse parts of its sprawling networks via a zero-trust architecture. That is where digital certificates come in. As a way to mutually authenticate the identities of both sides of a transaction, they can ensure that each device, endpoint, user and asset are who they say they are.
Digital identity, represented by digital certificates, is taking the place of that old structure. By allotting an identity to individual endpoints and assets within the network, certificates can ensure trust over great distance and the new nebulous shape of the modern perimetre.
But digital certificates alone won’t fully accommodate the changing shape of the network. In 2019, 60% of organisations fell victim to a certificate outage which directly affected their business. Organisations regularly struggle with managing the sheer amount of certificates and identities they possess, especially when one rogue certificate or expiry can cause a major security incident. This necessitates the use of technologies like Public Key Infrastructures and automation to discover, protect and manage these sprawling set ups.
The decentralised, hybrid, remote enabled and IoT using networks of today look very different from the perimeter focused castles and moats of yesterday. The architecture of that new structure is built from digital identities, certificates and signatures and Public Key Infrastructures can keep it standing.
The author is Stephen Davidson, senior manager at DigiCert.
About the author
Stephen Davidson is a senior manager in DigiCert’s Global Governance, Risk and Compliance team with a focus on standards and accreditations related to our European Qualified Trust Service Provider and digital signature-related businesses. He co-founded QuoVadis, which became part of DigiCert in early 2019. DigiCert + QuoVadis is one of the issuers of PSD2 certificates for Open Banking.