Digital trust procurement in UK education shifts toward shared PKI

At a glance

What this is: This is a DigiCert press release about Jisc selecting it for a national framework that simplifies access to PKI, TLS and certificate lifecycle management for UK education and research institutions.

Why it matters: It matters because federated procurement can change how identity teams buy, deploy and govern certificate-based trust across many institutions, service accounts and machine workloads.

👉 Read DigiCert's announcement on Jisc's national digital trust framework

Context

Digital trust in education depends on how institutions issue, validate, rotate and revoke certificates across distributed environments. In a sector with many institutions and shared services, procurement shape can influence whether certificate governance stays consistent or becomes fragmented across local teams.

This announcement is primarily about access to certificate lifecycle management through a national framework, not a new identity model. For IAM, PAM and machine identity teams, the real question is whether faster procurement translates into better control over issuance, renewal, revocation and auditability across the full trust stack.

Key questions

Q: How should institutions govern certificate lifecycle management in shared procurement models?

A: They should separate buying access from control ownership. A shared procurement framework can simplify acquisition, but each institution still needs explicit ownership for issuance, renewal, revocation and audit evidence. Without that separation, certificates can remain trusted long after the system, service or relationship they support has changed.

Q: Why do certificates create governance risk in federated education environments?

A: Because certificates often span many services, teams and institutions, while responsibility for them is fragmented. That fragmentation makes it easy for expired, duplicated or orphaned certificates to survive beyond their intended use. The result is silent trust drift rather than a clear access failure, which is harder to detect and govern.

Q: What do security teams get wrong about certificate-based trust?

A: They often assume the cryptography is the control. In reality, the control is the lifecycle around the certificate. If issuance, rotation and revocation are inconsistent, the trust chain remains technically valid while operational governance has already failed.

Q: Who should be accountable for certificate revocation when services are retired?

A: The accountable team should be the one that owns the service and its trust relationship, not a generic platform function. If revocation ownership is unclear, certificates can outlive the system they secure, leaving a residual trust path that no one actively governs.

Technical breakdown

How PKI and TLS underpin digital trust

PKI establishes trust by binding a public key to a verified identity through a certificate authority, while TLS uses those certificates to secure traffic in transit. In practice, the value is not just encryption. It is authenticated trust between systems, services and users. When certificates are poorly governed, organisations lose confidence in who or what is talking to whom, which is why certificate lifecycle management matters as much as issuance. In federated environments, the challenge is to keep trust consistent across many owning bodies without creating local exceptions that are hard to audit.

Practical implication: map every certificate class to an owner, renewal path and revocation process before expanding shared trust services.

Why certificate lifecycle management is the control plane

Certificate lifecycle management covers issuance, renewal, rotation, replacement and revocation. It is the operational control plane behind machine trust because certificates expire, get duplicated, and often outlive the system or service they were created for. The failure mode is not only outage. It is orphaned trust that remains valid after the underlying business relationship or technical need has changed. In education and research, where services and collaborations shift frequently, lifecycle discipline is what prevents long-lived certificates from becoming invisible access paths.

Practical implication: treat certificate expiry and revocation as governed lifecycle events, not as ad hoc infrastructure maintenance.

What shared procurement changes for security governance

Shared procurement does not remove the need for local assurance. It compresses buying friction, which can help institutions standardise on vetted tooling, but governance still depends on implementation choices, logging, policy enforcement and offboarding discipline. A national framework can reduce time to acquire trusted controls, yet it can also create false confidence if institutions assume the contract replaces their own identity governance. The security question is whether shared access leads to shared standards, shared visibility and shared accountability across all participating bodies.

Practical implication: align procurement decisions with control requirements for audit evidence, offboarding and certificate ownership before rollout.

NHI Mgmt Group analysis

Shared procurement can accelerate standardisation, but it does not standardise governance by itself. A national framework can remove friction from buying certificate services, yet the underlying risks remain local: inventory, ownership, renewal cadence and revocation discipline still sit with each institution. That means federated buying only becomes security value when it is paired with consistent operating rules. Practitioners should treat procurement as an enabler, not a control.

Certificate lifecycle management is the actual trust boundary, not the purchasing contract. PKI and TLS only provide reliable digital trust when certificate issuance, rotation and revocation are continuously managed. In distributed education and research environments, expired or orphaned certificates create silent trust failures that are harder to detect than access-denied events. The implication is that certificate governance must be measured as an operational control, not assumed from vendor selection.

Machine identity sprawl is the hidden issue beneath digital trust programmes. Once institutions standardise on digital trust tooling, the next risk is uncontrolled growth in certificates across applications, devices, APIs and internal services. That sprawl broadens the audit surface and makes lifecycle offboarding harder when systems are retired or relationships change. The practitioner conclusion is to inventory machine identities before scaling shared trust services.

Digital trust programmes in education increasingly sit at the intersection of IAM, PAM and machine identity governance. The article is about procurement, but the security outcome depends on whether identity teams can prove who owns certificates, who can renew them, and who can revoke them when required. That aligns this topic with NIST Cybersecurity Framework 2.0 identity and access outcomes as well as broader machine identity governance. Practitioners should align the framework with operating evidence, not with contract language.

Lifecycle governance, not just cryptography, is what determines resilience. Encryption only protects traffic while the certificate remains valid and correctly managed. Once governance slips, the risk shifts from confidentiality to trust collapse across systems that still believe the certificate is authoritative. The practitioner conclusion is simple: strengthen lifecycle controls before expanding the scope of certificate-based trust.

From our research:

• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
• For teams building lifecycle discipline into trust programmes, review the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for the governance mechanics behind rotation and offboarding.

What this signals

Certificate procurement will matter less than certificate observability. As institutions adopt shared frameworks, the governance gap moves from buying access to proving lifecycle control. Teams should expect auditors to focus more closely on inventory accuracy, renewal ownership and revocation evidence than on the procurement route itself.

The next maturity step is to align certificate governance with broader machine identity programmes rather than leaving it inside infrastructure silos. That means the same operating model should cover applications, workloads and services, with clear evidence for who owns trust and who can end it.

A useful reference point is the Ultimate Guide to NHIs , Key Challenges and Risks, which frames the visibility and over-privilege issues that also appear in certificate estates.

For practitioners

• Inventory every certificate domain Map certificates by application, workload, device and owning institution so you can see where digital trust actually exists and where it is duplicated or unmanaged.
• Assign clear renewal and revocation ownership Define which team owns issuance, who approves renewal, and who can revoke certificates when a service is retired or a collaboration ends.
• Tie procurement to lifecycle evidence Require audit-ready evidence for renewal intervals, certificate inventory accuracy and revocation execution before treating a framework purchase as complete.
• Standardise offboarding for machine identities Use the same decommissioning discipline for certificates that you apply to other non-human identities so retired services do not retain trust after use ends.

Key takeaways

• Shared procurement can reduce friction, but it does not replace local certificate governance.
• Certificate lifecycle failures create silent trust drift, which is harder to detect than a simple access outage.
• Security teams should anchor digital trust programmes in inventory, ownership and revocation evidence rather than in purchasing convenience.

Key terms

• Certificate Lifecycle Management: Certificate lifecycle management is the process of issuing, renewing, rotating, revoking and retiring digital certificates. It is the operational discipline that keeps PKI-based trust valid over time, because a certificate that is technically correct but poorly governed can still create outage, exposure or residual trust risk.
• Public Key Infrastructure: Public key infrastructure is the trust system that binds identities to cryptographic keys through certificates and certificate authorities. It enables systems to verify authenticity and secure communication, but its security depends on governance, not just encryption, because compromised or stale certificates can preserve trust after the intended relationship has ended.
• Machine Identity: Machine identity is the identity assigned to a non-human system such as a service, workload, application or device. In this context, it is proven and governed through certificates and related trust artefacts, which means lifecycle, ownership and revocation become core security controls rather than administrative tasks.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by DigiCert: DigiCert and Jisc to advance digital trust in UK education. Read the original.