Notifications
Clear all
Topic starter
25/06/2026 2:56 pm
TL;DR: Zero trust is presented as the access-verification model that helps create digital trust by requiring every request to be authenticated with controls such as PKI, MFA, and SSO, according to DigiCert. The governance lesson is that trust now depends on continuous verification across users, devices, software, and documents, not on perimeter assumptions.
NHIMG editorial — based on content published by DigiCert: How Zero Trust Can Enable Digital Trust
By the numbers:
- 96% of IT security executives believe that PKI is essential to building a zero-trust architecture.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
Questions worth separating out
Q: How should security teams implement zero trust without creating more identity sprawl?
A: Start by standardising trust decisions around a small set of verified signals, such as identity, device posture, certificate status, and policy context.
Q: Why do zero trust programmes need PKI as well as MFA?
A: MFA proves that a user or operator completed an extra challenge, but PKI proves the identity of a device, service, or signed object with cryptographic evidence.
Q: What breaks when organisations treat digital trust as a branding exercise?
A: They usually end up with stronger messaging than control.
Practitioner guidance
- Map trust decisions to every identity type Inventory where humans, services, devices, software, and documents are trusted today without explicit re-verification.
- Centralise certificate and session governance Treat PKI, SSO, and session policy as one control set with shared ownership and renewal SLAs.
- Reduce implicit trust in connected ecosystems Review third-party access, APIs, and digitally signed artefacts for places where trust is assumed rather than checked.
What's in the full article
DigiCert's full article covers the operational detail this post intentionally leaves for the source:
- How DigiCert positions PKI, MFA, and SSO together inside a zero-trust architecture
- The article’s explanation of standards, compliance, and trust management as building blocks of digital trust
- DigiCert’s example of working with NIST on a zero-trust consortium
- The product context around DigiCert ONE for websites, enterprise access, identity, content, and devices
👉 Read DigiCert's analysis of how zero trust enables digital trust →
Zero trust and digital trust: what IAM teams need to align?
Explore further
25/06/2026 4:10 pm
Zero trust only becomes digital trust when identity proof is continuous. The article correctly frames zero trust as the mechanism and digital trust as the outcome, but the governance implication is broader than access control alone. If identity is only validated at login, the trust model still assumes the session remains trustworthy after the first check. Practitioners should treat request-by-request verification as the point where identity assurance becomes operational rather than rhetorical.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs , Why NHI Security Matters Now.
- Our research also shows: 91.6% of secrets remain valid five days after the targeted organisation is notified, which means revocation and trust decay are often badly misaligned with incident response timelines.
A question worth separating out:
Q: Who should own zero trust and digital trust governance?
A: Ownership should sit across identity security, infrastructure, and risk, with clear accountability for the trust controls that span them. Human IAM, NHI governance, and certificate lifecycle management cannot be governed as separate programmes if the business relies on a single trust posture. Shared accountability is the only durable model.
👉 Read our full editorial: Zero trust as the operating model for digital trust
