TL;DR: Digital trust has shifted from certificate hygiene to an executive IT imperative as cloud services, hybrid workloads, remote access and zero trust expand the connected surface area, according to DigiCert. The governance challenge is that trust now depends on identity, integrity and encryption across people, machines and services, not just websites and documents.
NHIMG editorial — based on content published by DigiCert: Digital Trust as an IT Imperative
Questions worth separating out
Q: How should security teams govern digital trust across people, workloads and devices?
A: Security teams should govern digital trust as a shared control domain that covers identity, integrity and encryption across all entity types.
Q: Why do certificates matter to IAM and NHI programmes?
A: Certificates matter because they bind cryptographic keys to identity claims for both humans and non-human entities.
Q: When does digital trust become a governance risk instead of an infrastructure detail?
A: Digital trust becomes a governance risk when trust artefacts are distributed across cloud, DevOps, partner and device environments without consistent lifecycle controls.
Practitioner guidance
- Map trust controls to identity classes Inventory where certificates, tokens and other trust artefacts secure humans, workloads, devices and services.
- Bring certificate lifecycle into IAM governance Include certificate expiry, rotation and revocation in access review and control testing routines, especially for CI/CD pipelines and cloud services where the blast radius of stale trust is high.
- Extend trust checks across supplier and partner handoffs Require continuous validation of identity, provenance and certificate status at every external integration point.
What's in the full article
DigiCert's full blog post covers the operational detail this post intentionally leaves for the source:
- How DigiCert defines the four building blocks of digital trust in its own operating model.
- The specific role DigiCert assigns to standards bodies such as CA/Browser Forum, NIST and IETF.
- The way DigiCert links certificate lifecycle management to business process automation and reduced outages.
- The source article's own examples of connected trust across device lifecycles, software supply chains and digital rights provenance.
👉 Read DigiCert's full blog post on digital trust as an IT imperative →
Digital trust and identity sprawl: what IAM teams need now?
Explore further
Digital trust is now an identity governance problem, not a certificate-only problem. The article correctly frames trust as spanning identity, integrity and encryption across people, machines, workloads and services. That matters because the trust boundary has already moved beyond human login events into machine-to-machine and workload-to-workload exchanges. Practitioners should treat digital trust as part of the identity programme, not as a separate infrastructure concern.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to the Ultimate Guide to NHIs.
- Another NHIMG finding shows that only 5.7% of organisations have full visibility into their service accounts, which makes continuous trust validation difficult in practice.
A question worth separating out:
Q: What is the difference between digital trust and zero trust architecture?
A: Digital trust is the set of assurances that prove an entity, transaction or artefact is trustworthy. Zero trust architecture is the operating model that assumes breach and continuously verifies access. Zero trust depends on digital trust artefacts, but the two are not the same thing.
👉 Read our full editorial: Digital trust now spans identity, workloads and supply chains