Securing identities for the digital supply chain

Number 10 has announced new plans to boost the cyber security of the UK’s digital supply chains. In 2021, the NCSC fended off a record 777 cyber attacks, many of these targeting supply chains. The current state of the world has already seen the fragmentation of supply chains from cars to crisps, and the UK cannot afford to remain vulnerable to more disruption.

Alongside proven threats to the supply chain, the UK Government’s heightened concern comes off the back of its own commissioned research that shows 91% of CEOs and directors at Britain’s top companies see cyber threats as a high, or very high risk, to their business. However, nearly a third of firms are not taking sufficient action on supply chain cyber security.

The constant rise in cyber attacks is perhaps unsurprising, as companies expand business functions across a range of increasingly complex network environments to enable the current ‘Working From Anywhere’ era. With more vendors, more devices, and more personnel with authorised access to secure systems, the opportunity for criminals to slip through is rapidly growing.

Tackling the root of the public sector’s cyber security problem

Iouri Prokhorov, founder of Helastel, discusses how the cyber security pitfalls that plague the public sector can be tackled. Read here

The dangers of digital identities

One of the most common ways enterprise attacks start is when cyber criminals impersonate a legitimate user or device to steal intellectual property, or demand a ransom. These attacks often get in through a weak point in the digital supply chain, and the strongest system for ensuring its integrity is to verify digital identity is crucial to ensure the integrity of the entire supply chain. Cyber security experts have urged the Government to consider the issue of safeguarding digital identities throughout every checkpoint of the chain.

Digital identities are proliferating in the modern world. Every human and connected device has one or more, and for any business to function, validation using digital certificates is the most effective method to establish digital trust. Certificates, with their unique cryptographic algorithms, are the glue holding together online trust.

Digital certificates help organisations ensure that only trusted devices and users can connect to their networks, providing these core cyber security tenets throughout the digital supply chain:

  • Identification & authentication
  • Confidentiality
  • Integrity
  • Non-Repudiation
  • Access Control

Managing the entire certificate lifecycle

As the world becomes more connected, governing and securing digital certificates is a business essential. As certificates’ lifespans continue to shrink, enterprises need to deploy ever more into their digital infrastructure. With greater numbers of certificates entering an organisations’ cyber space, there is more room for dangerous expirations to go unnoticed. From business-ending outages to crippling cyber attacks, the potential downside to bad management of this vital utility is huge.

Unfortunately, digital certificates are still woefully mismanaged by businesses and governments world-wide. The volume of certificates being used to secure digital identities is growing exponentially, and businesses are faced with new management challenges that can’t be solved with legacy certificate automation models or outdated on-premises solutions. It is clear the age of spreadsheet certificate management is over.

Today’s digital-first enterprise requires a modern approach to managing the exponential growth of certificates, regardless of the issuing certificate authority (CA), and one built to work within today’s complex zero trust IT infrastructure. Despite the role CAs play in safeguarding enterprises, many are still reluctant to work together. This can seriously hinder the management of certificates, and therefore put companies at risk as businesses struggle to manage certificates from different issuers under one platform.

Consequently, industry pioneers are now turning to ‘CA agnostic’. This new concept gives enterprises the flexibility to use multiple CAs, which is a common practice in business, while managing all human and machine identities at scale. Certificate Lifecycle Management (CLM) is enhanced dramatically with a CA-agnostic solution, and enterprise security leaders can leverage full visibility and lifecycle control over all digital certificates.

Zero trust: the five reasons CIOs should care

Tony Scott, board member at ColorTokens and former federal CIO of the US Government, identifies five reasons why chief information officers (CIOs) should care about zero trust. Read here

Safeguarding the digital supply chain

More than ever, governments and enterprises alike need to understand how digital identities fit into their digital supply chains. Looking towards a CA agnostic CLM solution will not only decrease overall enterprise risk, but also reduce time wasted by IT professionals on manual certificate management, allowing them to use their expertise where it is really needed. This will transform the landscape of modern digital security for all.

Supply chains from chips to fruit need protection. When our supply chains are less in peril, our businesses are less in peril. Time to get those certifications in order.

Written by Nick France, CTO of Sectigo

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com