Notifications
Clear all
Topic starter
25/06/2026 3:02 pm
TL;DR: COVID-era cloud migration, remote work, and IoT expansion have made perimeter-based security models unreliable, while digital certificates have become a core mechanism for authenticating people, devices, and services, according to DigiCert. The key issue is not certificate presence alone but whether trust can be continuously issued, verified, renewed, and revoked at scale.
NHIMG editorial — based on content published by DigiCert: Building trust in an untrusting world
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams replace perimeter trust in cloud environments?
A: Security teams should replace perimeter trust with identity-based verification at every access decision.
Q: Why do digital certificates need lifecycle governance rather than one-time issuance?
A: Because certificates are trust artefacts with a beginning, a limited validity period, and an end state.
Q: What breaks when IoT devices depend on vendor platforms outside local control?
A: What breaks is the assumption that the organisation fully governs the trust chain.
Practitioner guidance
- Map trust dependencies beyond the perimeter Identify which users, devices, services, and vendor platforms currently rely on implicit internal trust.
- Treat certificates as governed identities Assign owners, expiry rules, renewal checks, and revocation paths to certificates and their private keys.
- Inventory vendor-linked IoT and smart devices Require a record of which devices depend on external vendor platforms for updates or support.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- How the vendor frames digital certificates as the practical answer to trust verification across cloud, remote work, and IoT.
- Examples of certificate use for authenticating individuals, devices, and software updates in real deployments.
- The vendor's view of how scalable certificate management should work across cloud, on-premises, and CA-hosted environments.
👉 Read DigiCert's blog on building trust with digital certificates →
Perimeter trust is collapsing: what does it mean for identity teams?
Explore further
25/06/2026 4:19 pm
Perimeter trust has become an assumption problem, not just a network design problem. The article captures a broader identity truth: once access moves beyond a fixed boundary, location stops being a meaningful trust signal. That forces security teams to govern trust through identity, device posture, and credential lifecycle instead of through network placement alone. The implication is that old trust models fail because they were designed for a stable edge that no longer exists.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.
A question worth separating out:
Q: Who is accountable when a trusted certificate is abused to sign malicious content?
A: Accountability usually spans the team that owns certificate issuance, the team that protects the private key, and the organisation that failed to revoke or rotate the credential in time. Strong governance assigns clear ownership to each trust asset before abuse occurs, not after.
👉 Read our full editorial: Trust, certificates, and the collapse of perimeter security
