2025 security predictions: what they mean for identity teams

TL;DR: Post-quantum cryptography, AI-driven phishing, shorter certificate lifespans, and continued certificate automation pressure headline 2025 predictions, with manual certificate management still common in nearly a quarter of enterprises, according to DigiCert. The real governance issue is that trust operations are becoming too dynamic for spreadsheet-era controls.

NHIMG editorial — based on content published by DigiCert: DigiCert’s 2025 security predictions

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

Questions worth separating out

Q: How should organisations prepare certificate estates for shorter lifespans?

A: They should treat certificate management as a continuous lifecycle process, not a periodic admin task.

Q: Why does AI-driven phishing change identity security decisions?

A: It lowers the reliability of human judgment in routine trust checks, which means organisations need stronger process controls.

Q: What breaks when cryptographic agility is missing?

A: Migrations stall because organisations cannot change certificates, algorithms, or trust chains quickly enough to meet new requirements.

Practitioner guidance

• Inventory every certificate and trust dependency Create a living inventory of TLS certificates, internal PKI assets, embedded keys, and application dependencies so renewal and migration can be planned centrally.
• Automate issuance, renewal, and revocation Replace manual renewal flows with automated certificate lifecycle management, including alerts for expiring assets and revocation paths for compromised trust material.
• Map cryptographic dependencies before PQC migration Identify which applications, libraries, devices, and identity systems depend on each algorithm so you can sequence quantum-safe changes without breaking service.

What's in the full article

DigiCert's full press release covers the operational detail this post intentionally leaves for the source:

• The specific 2025 prediction wording and the vendor's full rationale behind each forecast.
• The cited survey detail behind manual certificate management and the broader trust context.
• The vendor's discussion of digital trust, CTrOs, and crypto-agility as presented in the original release.
• The full list of predictions, including the sections on content provenance, IoT resilience, and private PKI standards.

👉 Read DigiCert’s 2025 security predictions on trust automation and PQC →

2025 security predictions: what they mean for identity teams?

Explore further

View Full Forum →  |  NHI Foundation Course →