TL;DR: As organisations move users, data, and applications beyond the network edge, digital trust now depends on strong identity, PKI, automation, and crypto-agility rather than perimeter controls, according to DigiCert. The security model is shifting from boundary defence to continuous trust enforcement across cloud and SaaS environments.
NHIMG editorial — based on content published by DigiCert: Building Digital Trust in a Perimeterless World
Questions worth separating out
Q: How should security teams govern trust in perimeterless environments?
A: Security teams should govern trust by tying access decisions to identity, device context, and cryptographic proof rather than network position.
Q: Why do certificates matter so much in modern identity programmes?
A: Certificates matter because they prove identity and encrypt communications across distributed systems.
Q: How do organisations reduce trust drift in cloud and SaaS estates?
A: Organisations reduce trust drift by automating certificate lifecycle tasks, enforcing consistent policy, and monitoring where trust decisions are made.
Practitioner guidance
- Rebuild trust controls around identity, not network location Map where authentication, certificate validation, and access approval actually occur across cloud, SaaS, and device estates, then retire assumptions that only the corporate network is trusted.
- Fold certificates into identity lifecycle governance Track issuance, expiry, renewal, revocation, and ownership for certificates in the same governance model you use for human and non-human identities.
- Automate certificate operations end to end Use policy-driven workflows for renewal, replacement, and revocation so manual handling does not create trust gaps during scale, outages, or compromise.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- A deeper walkthrough of how DigiCert frames certificate-based authentication across cloud, SaaS, and distributed devices.
- Practical examples of how automation changes certificate renewal, revocation, and configuration management at scale.
- Discussion of crypto-agility and post-quantum planning for organisations modernising trust infrastructure.
- The survey-backed business case DigiCert uses to connect digital trust with customer confidence and cloud adoption.
👉 Read DigiCert's blog on building digital trust in a perimeterless world →
Perimeterless digital trust: are your identity controls keeping up?
Explore further
Digital trust is now an identity governance problem, not a perimeter problem. Once users, devices, SaaS applications, and cloud services all share the same access surface, the old assumption that trust can be anchored at the network edge fails. That failure changes the job of IAM, IGA, and PKI teams because trust has to be enforced where the transaction happens. Practitioners should treat perimeterless architecture as a governance reset, not a network redesign.
A few things that frame the scale:
- Organisations that describe themselves as confident in their AI deployment actually experience a 72% security incident rate, compared to 33% for those who remain cautious, according to The 2026 Infrastructure Identity Survey.
- In the same survey, only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
A question worth separating out:
Q: What should IAM and NHI teams take from crypto-agility planning?
A: IAM and NHI teams should treat crypto-agility as part of identity continuity. The goal is to change cryptographic algorithms without breaking authentication, certificate trust, or service availability. That requires inventorying dependencies early, testing migration paths, and coordinating ownership across infrastructure and identity teams.
👉 Read our full editorial: Digital trust in a perimeterless world: identity, PKI, and automation