Notifications
Clear all
Topic starter
24/06/2026 7:18 pm
TL;DR: Digital trust is presented as an end-to-end architecture for identities, certificates, and connected systems in a world where boundaries no longer hold, with PKI positioned as the cryptographic foundation, according to DigiCert. The governance shift is that identity, integrity, and lifecycle control now have to extend across people, machines, workloads, and supply chains instead of assuming a fixed perimeter.
NHIMG editorial — based on content published by DigiCert: Digital Trust for the Real World
By the numbers:
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should security teams govern digital trust across human and machine identities?
A: Security teams should treat digital trust as a shared governance model across human identities, service identities, workloads, and devices.
Q: Why do certificate lifecycle gaps create identity security risk?
A: Certificate lifecycle gaps create risk because trust can remain valid after the underlying system, owner, or relationship has changed.
Q: When should organisations include PKI in IAM governance discussions?
A: Organisations should include PKI whenever identity extends beyond human login flows into services, workloads, APIs, devices, or third-party ecosystems.
Practitioner guidance
- Map certificate ownership across the estate Build a single inventory of public and private certificates, then assign each certificate to a named business or technical owner so renewal and revocation do not depend on tribal knowledge.
- Tie trust decisions to lifecycle events Connect issuance, renewal, replacement, and revocation to asset changes, vendor changes, and system decommissioning so trust ends when the underlying relationship ends.
- Extend governance to machine identities Include workloads, services, containers, and devices in the same trust inventory used for human identity so certificate governance is not isolated from IAM operations.
What's in the full article
DigiCert's full article covers the operational detail this post intentionally leaves for the source:
- The article's explanation of how digital trust is positioned across standards, compliance, operations, and lifecycle management.
- The PKI framing for binding identity to websites, emails, networks, software, users, and other connected objects.
- The examples of trust extending into supply chains, device lifecycles, and content provenance.
- The vendor's own resource links and product context around certificate and trust management.
👉 Read DigiCert's perspective on digital trust and PKI for connected ecosystems →
Digital trust for perimeter-less enterprise identity: what changes?
Explore further
25/06/2026 4:31 am
Digital trust is now an identity governance problem, not just a certificate problem. The article frames trust as an ecosystem architecture, which is the right move because modern identity security fails when cryptographic controls are treated as isolated tooling. Certificates, service identities, and ecosystem participants all need ownership and lifecycle control if trust is supposed to persist outside a fixed perimeter. The practitioner conclusion is that digital trust should be governed as part of the broader identity programme, not parked in a separate technical silo.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: What should teams do first when digital trust spans many ecosystems?
A: Teams should start by mapping where trust is asserted, who owns each trust object, and how revocation happens when assets move or relationships end. That baseline exposes the gaps between policy and reality. Once those gaps are visible, the organisation can prioritise lifecycle controls instead of assuming the perimeter will hold.
👉 Read our full editorial: Digital trust and PKI for borderless identity ecosystems
