Written by Christoper Carr, Adjunct Professor, MS in Cybersecurity
I was recently questioned by my project manager about why my team spent several thousand dollars on certificates for a new web services platform being built for our customers. I explained that digital certificates are necessary and provide end users with confidence that they are accessing a trusted website. He was familiar with the green browser bar and padlock icon on his browser but didn’t understand how that was achieved or what it meant. I shared a bit of background with him on why this would be important to our customers when we went live with the website.
Digital trust is simply a measure of confidence that computer users have in the security and privacy of digital services they use. Without a level of trust, consumers are less likely to use online services, especially when they involve sensitive data such as credit cards and medical information. Without trust, e-commerce as we know it today would not exist. To help deal with this problem, developers created trust features such as digital certificates, which ensure that a reliable third party is involved in your online transactions.
Digital certificates use the same kind of mechanisms that we use to encrypt our sensitive data but in a slightly different way. Companies such as Verisign (whom we use) investigate the identity of an organization and validate their authenticity by providing a digitally signed certification that can then be presented online to clients. Of course, this process comes at a cost, which is why my project manager paid me a visit. This type of trust-building is essential for the growth and success of the digital economy. Digital certificates alone do not prevent fraud but are a key factor in reducing it by providing indicators of suspicious activity and malicious websites.
Digital certificates are a common technical approach to establishing digital trust, but there are other forms of trust and methods to achieve them. Digital trust can be built and maintained through several initiatives. One of these is educating the public about risks and protection measures that can be taken. Another is enforcing data protection laws and regulations, which have made a lot of news lately. Facebook and other major companies have been hit with multi-million-dollar fines for violating General Data Protection Regulation (GDPR) rules.
We are social creatures, and we understand that trust is not easy to build and distrust is almost impossible to overcome. In the online world, these trust principles hold true as well. A recent survey from ISACA on the state of digital trust indicates that while over 90% of organizations agree digital trust is crucial, less than half are effective at implementing it. We have made a lot of great progress in the cybersecurity realm, but changes in technology make this a constant battle. The goal is to minimize losses and ultimately protect our most important assets…the people.
Please visit the MS in Cybersecurity program page to learn about curriculum, faculty, program options, and more!
