Notifications
Clear all
Topic starter
25/06/2026 2:53 pm
TL;DR: The practical question is not whether the platform is larger, but how teams reassess control boundaries, validation workflows, and dependency risk when trust services converge under one vendor, as DigiCert’s agreement to acquire Vercara combines DNS, DDoS, WAF, and certificate-management capabilities into a broader digital trust stack for online infrastructure, according to DigiCert.
NHIMG editorial — based on content published by DigiCert: DigiCert to Acquire Vercara, Strengthening Its Position as a Leader in Digital Trust Press Release
By the numbers:
- Vercara’s UltraDNS service ensures 100% website availability along with built-in security for superior protection.
Questions worth separating out
Q: How should security teams govern DNS and certificate management together?
A: Security teams should govern DNS and certificate management as one trust chain because domain control validation, issuance, and service reachability are operationally linked.
Q: When does a consolidated trust platform create more risk than it removes?
A: A consolidated trust platform creates more risk when one provider or one admin plane controls validation, routing, and protective enforcement without strong segregation of duties.
Q: What should enterprises review before merging DNS, WAF, and certificate controls?
A: Enterprises should review ownership boundaries, privileged access, recovery dependencies, and audit coverage before merging DNS, WAF, and certificate controls.
Practitioner guidance
- Re-map trust ownership across DNS and certificates Document which team owns domain control validation, certificate issuance, DNS change approval, and emergency rollback.
- Review administrative concentration before platform consolidation Assess whether one control plane now holds too much authority over validation, routing, and security enforcement.
- Include trust infrastructure in lifecycle governance Bring certificate renewals, DNS changes, and edge protection updates into the same change-management and access-review cadence used for other critical identity-adjacent controls.
What's in the full analysis
DigiCert's full press release covers the operational detail this post intentionally leaves for the source:
- The stated rationale for combining DNS, DDoS, WAF, API, and certificate management under one vendor.
- Quoted executive commentary on why unified digital trust matters for enterprise operations.
- Transaction context, including the acquisition structure and closing status.
- Background on the product portfolios and customer base of both companies.
👉 Read DigiCert's acquisition announcement covering Vercara and digital trust consolidation →
DigiCert and Vercara: what this acquisition means for trust controls?
Explore further
25/06/2026 4:05 pm
Digital trust is becoming a control plane, not a point product. The DigiCert and Vercara combination reflects a market move toward bundling DNS, certificate lifecycle, and edge protection into one governance surface. That matters because the assurance chain now spans domain control, availability, and trust validation in one operational path. Practitioners should evaluate whether their current ownership model still matches that convergence.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: How does trust infrastructure affect identity governance programmes?
A: Trust infrastructure affects identity governance because certificates, DNS, and edge controls establish whether systems can be verified and reached at all. That makes them part of the broader identity and access control environment, especially for workload identity and internet-facing services. Teams should include these dependencies in lifecycle, change, and incident response processes.
👉 Read our full editorial: DigiCert acquisition of Vercara reshapes digital trust governance
