Name: An Ounce of Prevention: Turning the Quantum Threat into a Business Win
Uploaded: 2025-04-16T17:16:09.843Z
Duration: 1 h 8 s
Description: An Ounce of Prevention: Turning the Quantum Threat into a Business Win

Transcript for "An Ounce of Prevention: Turning the Quantum Threat into a Business Win": Hey, everybody, and welcome to today's webinar. We're calling it an ounce of prevention. We're gonna talk today about how you can turn the quantum threat into an actual business win. But before we get started, let's just do a couple of housekeeping things. First of all, today's webinar is being recorded and, will be sent out after the fact after the webinar ends. Second, if you're having any trouble with the audio, try refreshing your browser. And if the problem persists, message to the chat, and we'll help you get it figured out. And finally, one last thing. Feel free to put questions in the chat at any time throughout our webinar today. We'll be doing a q and a session at the end, and if we don't get to your question, then we'll follow-up with you individually and help get your question answered. So with that, I'd like to get started, and I'd love to introduce our guest today from Frost & Sullivan, Özgün Pilit. Welcome, Özgün. I'm really looking forward to our time to together today. Same here. Great to be here. Alright. Well, let's kick it off. Of course, we've gotta talk about the agenda. Let's just have a quick look at at what we're going to go through today. So first, we're gonna jump in and and actually just define the use cases of PKI as a service and the strategic imperatives that go along with it from Frost & Sullivan. So great insights coming up there. And we're also gonna account for private PKI. It's a really important piece of the whole puzzle, and we need to make sure that we talk about it and some of the challenges there and how to overcome them as well. Finally, there's this missing piece. Well, not finally, but we're gonna talk about DNS and its important role in all of this and and helping ultimately prevent outages. And then we'll connect all the dots together, including the intersections of PKI and what we call traditional identity and access management, and then we'll close it off with q and a. So, Özgün, let's kick things off. Let's get this thing started. I wanna talk about, just defining PKI as a service and its many use cases. So let's let's just walk through that and and and hear hear from Frost & Sullivan on how you define this. Yeah. I guess anyone tuning into this webinar will be familiar with the general concepts of of PKI. But just to sort of go over briefly, public key infrastructure is, of course, the process of provisioning and managing of digital search to users, devices, applications, and workloads. But PKI is not just the technology of issuing and managing digital search. It's also the roles, the policies, the procedures, so the governance around all of this. And it's specifically defined for organizations and and these use cases. So PK is there to address a variety of trusts, security, and compliance needs. And, yeah, it's a great way to do different ways of encryption and digital identity. But I guess with the increase of, volume and in use cases, the challenges around managing it, it's has massively increased. And, yeah, that's why organizations are more and more looking forward to outsource this. So, yeah, because of service or manage PKI refers to the business model where providers, design, implement, run, and maintain PKI hierarchies on behalf of their customers. And this is typically, hosted on the cloud and and delivered as a SaaS product. So on the right side, you'll see, so Frost & Sullivan, we estimate, Pika as a service market to be just over half a billion dollars in 02/2024, projected to grow to 1.4, billion in 02/1928 with around 20% growth rates in the past year, and that expected to increase as well over the period that we studied. And, the top growth industry verticals are predominantly regulated industries. So banking and financial services, health care, government use cases, but, also manufacturing. And I guess when we come to the use cases, they can be split in a variety of ways. I think the the biggest one would be the public and private. And yeah. Enterprise use enterprise PKI that tends to be predominantly private, which we'll get into a bit in in more detail, later on, and around issuance as well. I guess you could you could split it. So, yeah, splitting the use cases into human and nonhuman identities. Human based TLS certificates have, of course, been around for a for a long time, particularly for the purposes of authentication. But, yeah, over the past few years, there's been an exponential growth in a way, renaissance of of PKI and and and using these provisioning technologies to get certificates, for machine identity. So into devices and and work modes, which, of course, is a big focus for for DigiCert over the past years. Wow. You know, PKI is everywhere, and it's growing fast, so no signs of slowing down for what I'm seeing here. But The other thing I really love about, this slide is that, you know, it shows the breadth of all the different use cases. I think PKI really touches probably more than most people realize because there's the the the management challenges of the PKI itself, and and then there's all the different ways that it's implemented in use cases, across the organization. So so this is great. Let let's continue on, and let's let's talk now about some of the strategic imperatives that that you all are seeing, at at Frost & Sullivan. What do we need to be aware of so that we can so so our our organization so the organizations of the audience out there, can get that, ounce of prevention. Yeah. Sure. So, at Frost, I guess, one of the key methodologies that we use to look at industries, not just cybersecurity, but across all the areas that we cover, is through the lens of eight strategic imperatives. So eight key trends and factors that kind of shape drivers and restraints of growth for organizations. And, yeah, for the PKI as a service market, we identified three, key imperatives. So the first one would be around disruptive technology. So, yeah, of course, the ongoing digital transformation, it's it's shaped around the move to the cloud. And it's, yeah, massively changing how individuals and organizations are are doing things. Manual and inefficient processes are disappearing. Resources and applications are moving off prem into the cloud. But also, I guess, the nature of the workforce is also changing. It's, not just remote working, but, with, yeah, organizations hiring around the world with different types of employees, with contractors, with partners, solution providers, these complex supply chains that organizations have to manage, which, yeah, brings the needs, and requirements in in how employees access corporate resources, around privileges, around compliance, around security. But, yeah, I guess also with the different regulations around the globe. Right? Like yeah. With things like data residency requirements, which, yeah, all of all of which calls for PKI, solution providers to address very specific needs for for different customers in a way, yeah, working hand in hand with them, both to kind of, yeah, solve their current challenges that we talked about, but also to kind of unlock new use cases and and applications to kind of yeah. For organizations to drive efficiency, to reduce costs, and to yeah. For their end users to to enhance experience and, and the satisfaction. Yeah. I mean, so couple of things here. Not only is it interesting that, you know, of course, people wanna move to cloud, whether it's PKI or other technologies for the business benefits that it brings, getting out of the, the business of managing your own infrastructure and all those things. But I wanna I'll key in on what you said about, you know, helping each organization with their specific use cases. And it kinda goes back to the first slide when we're talking about all the diverse use cases. And we'll talk about this more, but you've got your public trust PKI. You've got private PKI, which is is very large within most organizations in terms of, you know, amount of certificates relevant to public certificates. And then you've got all the specific use cases of how those certificates are used within the organization. And being able to do all of that, from a single service that is offered as a service in the cloud, as we offer, is is just more and more critical, for customers because there's just not the time to manage infrastructure things and to do some of these manual tasks anymore. There's gotta be automation as we'll talk about to to to meet the the speed of change and and the speed of updates that that are coming. Yeah. Yeah. Exactly. And I guess, yeah, our second, imperative, around this market is is, on human resources. It's, of course, no secret that, in any area of cybersecurity or, I guess, in fact, in the tech landscape in general, there are skills shortages globally. And, yeah, PKI is not an exception. PKI architects and specialists are, yeah, quite a scarce resource worldwide, hard to hire, hard to retain. IT and security teams are not always well versed in the intricacies of of PKI or implementation of different use cases. And in many scenarios, what ends up happening is you have quite senior people, even even CSOs, spending their their valuable time putting out fires due to PKI mismanagement or, yeah, doing things like updating OCSPs and things like that. But also when you think about, the different customer sites and PKI deployments, they can be in really far off places, like, physically hard to reach when you think about manufacturing use cases, for example. So it's already hard to, yeah, get to pick get p PKR people in the first place, but, yeah, perhaps even much bigger challenge to kind of convince them to work in these places. So, yeah, around all of this, PK as a service kind of brings centralized expertise and and technical capabilities to solve these bottlenecks. I just love your example of people even like Cecil's running around putting out fires and a lot of that configuration. Right? You can have outages are a big deal of being caused by PKI because of expired certificates or misconfigured things because there's all these manual processes. And when it comes to the skills of these folks, like, we all know that cybersecurity, there's a skill shortage. But I'd say even inside of cybersecurity as a specialty, PKI is a super specialty. And, you know, even now so those resources are hard to find and those precious resources that you have, as you see how things the speed of change is gonna even increase exponentially from here with quantum and things that we'll talk about. We we just, you know, can't afford to have those specialized people working on, those those types of tasks and and and chasing outages. There's more important things to do. Yeah. Yeah. Exactly. Speaking of which, the last one is is around PQC, of course. Yeah, we won't be getting into too much detail on this as we could dedicate a whole webinar or a series of webinars for the topic. But, yeah, of course, with the advancements in in quantum computing, the security of our current cryptographic systems are under threat. So organizations, I guess, starting with their most critical systems and data, they're in the process of planning and migrating to post quantum or or quantum safe. And, yeah, I guess as as part of these migration efforts, but but also beyond, the concept of crypto agility is is becoming more and more important. Because, yeah, of course, these algorithms are they're obviously new. They haven't been battle tested. They haven't seen so much production exposure. So it's safe to say that there'll be, a much higher churn in algorithms in the future, be it around quantum or any of the technology or other threats that might come in the future. But, yeah, also new new use cases like homomorphic encryption and things like that, which, yeah, for organizations, will, yeah, require the the ability well, I guess, first, having the visibility around cryptographic assets, but also the ability to, yeah, be able to swap these algorithms when needed en masse and to kind of define policy around all of this. Absolutely. I'll tell you, the visibility is super important because you gotta start there. If you don't know what you have and where, you know, some rogue certificates somebody's gotten on them on their own or they're in a spreadsheet and and it expires and things go down, you know, you're offline, you have an outage. It's just not what you want to happen. So No. This is this is just kind of summarizing, I think, some of the things we talked about. And and a couple of points I wanna make here is we did talk you'd mentioned the quantum thread a little bit. And post quantum cryptography is definitely a thing that is driving, things like shortening certificate life cycles. It's part of it. Right? But that is something else that we see happening along with, going back to your discussion about growth in the first slide, just the exploding amount of identities, machine identities, and identities that need PKI as a as a backing. Right? So we're seeing more quantity, and and things are going faster. We've gotta be able to get control of that. And you see on the right hand side, PKI is at the center of those use cases. But it's also showing a cycle there because whether it is quantum that is that is the driver of that or something else, there are other things that could that could and and and likely will drive the need for that. So first thing, you know, you've gotta be able to have that inventory that you talked about, know what you have. You've gotta be able to introduce automation and not just, you know, some scripted automation, but policy driven automation that goes along with your organization's policy and what you wanna do for different types of certificates for different applications and so on. And you need robust integrations, to make all that work as well so that you can actually increase your efficiencies as a as an organization and save money while you're boosting your security posture. And just as we go back and think of the title of this webinar, what we're here to talk about, that is how you switch from, okay, we've got a quantum threat, and we've gotta make all these changes to, okay, well, we address that. And while we addressed it, we actually are saving money. The resources that we have that are precious are working on more important things or more secure, and and and and all those good things. Right? So it all, I think, comes comes together that way, in in a really interesting way. And one thing I'll just mention, and I think this is important, again, for avoiding having to deal with the pounded cure. So, yes, post quantum is something that is coming in. It's gonna, cause everyone to have to go faster and being able to know where all your stuff is and renew it quickly in automation and all that. But let's think about a different story. There there was an organization once upon a time who had a ransomware attack, and they, did not have these things in place and had found themselves having to reissue half a million, certificates. They had to scramble, and they did end up deploying, our solution. We're we're able to do that quickly. But a a a cyberattack, is another thing that could happen that that means you need to be ready to move quickly with all your certificates. So the point is, Quantum is is a big deal, and it's coming. And maybe even with Quantum, as it gets its sea legs, there may have to be some rapid updates where, oh, you know, we're this algorithm, we're getting it, we're getting it stable now, and everybody's gotta we're deprecating this one. Everybody's gotta move to that one. So all these things just really reinforce the foundation that we have to be crypto agile, or as it says here, the press need for crypto agility. Really important, I think. Alright. So we need to we said we're gonna talk about the agenda, a really important piece of this because it's not just the public trust. It's a private PKI as well that's a really important part of this. So, Askin, tell us about the world of private PKI. Yeah. I guess maybe, like, a good way of defining private trust is through its dichotomy. So so public trust, like you said. So so public trust would be anything facing the Internet, public facing websites, external APIs. So TLS that kind of needs to be trusted by third parties, like in the case of web service. But I guess also document signing, so contracts and documents that need to be trusted outside of the organization's network. So by customers, by partners, authorities, and things like that. But, yeah, of course, also signing code. With private PKI, things run internally within the organizations, without the needs, for the roots to be trusted externally. So, essentially, it runs within a self contained ecosystem. Keys and certificates are issued internally, issued by internal CAs, for, yeah, use cases like network access, site to site VPNs, authentication to internal portal. So so mutual TLS, application to application, server to server, and, yeah, I guess, to a lesser extent, encryption as well. So encrypting files, data at rest within the corporate network. And yeah. So what does this mean? Why do organizations need this? Yeah. Private PKI obviously, offer offers flexibility, as opposed to public trust, which have, yeah, specific regulations and requirements in in relation to things like stoke lifespans. Organizations can have private PKI in in the ways that kind of meet their own needs. So around issuance, revocation, rotation, and and administration of certificates. And, yeah, depend depending on the security and operational needs, organizations can have different private PKI deployment scenarios. So they can do things like segmenting the roles and and the roots and and and the issuing CAs for different use cases, for example. They can have, different u issuing CAs in different jurisdictions and different geographies. They can have different configurations for CAs, different security levels. And, yeah, of course, they have the option to keep their OCA offline backed by HSMs and things like that. And, yeah, when we talk about PK as a service, solution providers like DigiCert, they, design, deploy, and manage these hierarchies on on behalf of customers. That's right. And I think the the couple interesting points, like, so all the things the the great points you made about private PKI, and it needs all the management of any other PKI. Right? And the thing is, what's different is, it's the it is so much more to manage. Typically, we see up to a hundred x of the amount of internal trust or private guide certificates in organization as a ratio compared to the amount that they have as public trust like web SSL certificates. So it's a big chunk to manage, and you want and this is part of turning into a business advantage and and avoiding that that pound of cure is preparing this right together alongside of your you're managing it together, basically, from the single platform that we offer all as a cloud service. You can manage these things together, but have policies that you need in place for these parts of your private PKI, these parts of your public, and so on. But, I was gonna I mean, the business stakes are high here. So I just wanna give an example on the private PKI side. So once upon a time, there was a customer who had an outage that was caused by private PKI, and and and it took down their their business operations for, you know, a a good a good half day, let's say. And what happened? There was a third party who, was pushing an update to the systems, and they pushed an update that had an expired self signed certificate. So not only is it private PKI think of the things that you manage, but what what kind of self signed and internal stuff are are third parties putting into your environment that actually caused that outage? And so then, you know, the the recovery from that is, we're not gonna have these third parties having their own certificates. We're gonna manage those. If there's an internal certificate, we're gonna do it, in a in an automated and trustworthy way. So this goes to show you the, the importance and the stakes for avoiding that pound of care even with internal are are are just as high. They're very important. So, yeah. So so so that's so that's some of the stuff, that we're seeing. I guess, did you have anything else on this one, by the way, before we move on? Yep. I think we we covered it. Okay. Great. Because there is a really important part of the private PKI, internal PKI world that is known as the Microsoft CA. So, let's talk about this because this is a big part of our our customers and those who we are on the list listening audience probably part of your private PKI. So what is Frost & Sullivan seeing in the market here with Microsoft? Yeah. Of course. Yes. Microsoft CA or ADCS, has been foundational to enterprises over the years. It's, baked into the Windows Server, and it's historically been, I guess, relatively easy for enterprises to use it within the Microsoft ecosystem. It's yeah. Maybe it's safe to say it's definitely done its job. And, yeah, perhaps the majority of organizations to this day still use it at some capacity. But, yeah, there are quite a lot of shortcomings, I guess, related to what we've been talking about earlier. But I think the first bits around shortcomings would be the scalability and operational costs aspect of it. When you think about the growing number of users and devices and applications in the in the modern enterprise architecture, demand increases for for search and and organizations have to invest in in physical infrastructure along with, I guess, software licenses and things or and professional services that come with it. And, yeah, that obviously brings extra costs and, in a way, unpredictable pricing, but also the time to kind of get these things up and running. If yeah. So the time to value aspect of it. So if you're like a high growth company, you can't really have certificate issues be a barrier to your business. And, yeah, related to that, the automation bits of it, of course, which becomes quite complex with with Microsoft CA, the increase in volume that we talked about. But there's also, of course, yeah, variety of different protocols you need for issuance in different use cases, especially when you talk about, things like IoT devices, or, yeah, DevOps and and cloud services, the different hybrid models that enterprises use enterprises are using. It's, yeah, kind of becomes quite a challenge quite although there's coexisting with Microsoft CA. And and I guess finally, the the user interface and user experience of it. Organizations, they need things to be much simpler with minimal user inputs and interaction and, yeah, Microsoft CA is not necessarily the the best option for that. Yeah. So so lots of of things that add additional time and and cost of management and risks and issues, with with this. And I think, you know, another one, let's look at the security aspect for a second. We I'm I know about a story where, you know, an organization hired, you know, a a set of hackers and gave them some basic credentials to to come in and see what they could do with the network. And they discovered, you know, a a Microsoft CA we talked about, like, under someone's desk or whatever it was. But through that and because of how that policy was set up, they were able to get themselves domain access because of that as as a vulnerability. So from a from a security perspective and and wanting to close those holes, it is, it's very important on that aspect, as well. So, you know, we, we we hear those types of things from customers. What what are you seeing, like, from customers? What are they talking to you about when when they ask you about Microsoft CA? Yeah. I guess, the similar issues. I think beyond the the management complexity of it and stuff, it's, I think Microsoft CA is quite easy to misconfigure, because it's kind of, parts of the operating system, anyone in principle can easily add and remove roles, which could lead to exploits and vulnerabilities when all this is not done properly. So these could be things like granting excessive permissions to a user or, yeah, misconfigured certificate templates and things like that. And, yeah, all of a sudden, an employee has admin rights or some other mishap that kind of creates these huge vulnerabilities. But, yeah, similar to that under the desk example, you you're seeing a lot of CAs and issuance all over the enterprises and and different business units that are not compliant with centralized policy. There there's no controls or visibility around it. Yeah. Someone needs a certificate. They find a guide online and follows it. Maybe that guy's guide is full of errors or, yeah, completely at odds with the organization policy or, yeah, security policies. And, yeah, I think in these scenarios, maybe everything works fine, until, yeah, the certificate expires and no one knows about it. But, also, yeah, it brings, yeah, huge potential vulnerabilities or grounds for escalation attacks and things like that. But, yeah, I guess also when you're using certs for yeah. When you use encryption certs, for, yeah, they certificates for, yeah, data interests, you need to, yeah, keep those keys safe and then have backups. And, again, in a similar way, it'll all work fine until you have to decrypt the decrypt those files and and can't due to mismanagement. So, yeah, I guess mismanagement can cost you several years down the line, if not immediately. That's a great point. And, you know, for folks, if if it's not super clear already, you you've gotta think about your private PKI in the whole scope, thinking back to all the use cases and everything PKI at the beginning of of of our webinar today. Private PKI and all that goes along with it, including Microsoft CA, is a huge deal. But then just to summarize here, with private PKI, you know, it the the trust, as Osgood mentioned, is is is internal only. The trade off is you get to do your own internal governance. You know? You you get to set the policies of how you, set up your PKI, but that can be a double edged sword as well because you gotta make sure that it's secure. But it does give you maximum flexibility, but it does include higher risk. So it it it's it's the back and forth, but it's still it is a very important part of of any PKI, architecture, and setup. So alright. With that, we're gonna move on and talk about the next thing in the agenda, which which is DNS. Now, Özgün, what if I told you that we a customer has gone through they've got their inventory. They've got, you know, the automation in place, policies. They're doing certificate, automated renewals, high volume, all this kind of stuff. But that we found there's another way that they could have an outage that is related to, PKI. Yeah. I I guess I guess I I I get why you refer to DNS as the missing piece in the beginning. That's exactly right. So I would just take a few minutes, to walk through that. So what we're seeing on, on the screen now, and we all understand, right, is to if you got a mobile app and you're trying to access your bank application securely while PKI is involved and it's establishing the encryption and establishing the trust of the server and and so on. But that's actually step two in the process. Right? What happens before that? The thing that happens before that is that there's DNS. There has to be a trusted DNS transaction. You've gotta be able to put in Amazon.com and trust that there's that linkage between the name of the domain and the IP address that the machine is ultimately gonna go to. And so what happens is there is a very important synchronization between the DNS record and what is in a certificate. And, in order for that sort of check or handshake to happen that the certificate is valid, meaning that the the organization owns the domain. Right? And so that happens every time. And and we talk about certificate life cycles having to to be faster. But inside of that, there's this validation life cycle that may have even shorter term updates that need to happen. So if that piece gets out of sync, this back and forth, that piece is no longer in sync, then guess what? Eventually, you're not gonna be able to establish a secure, communications because if it gets out of sync, here's the thing, It doesn't go down immediately. But the next time you need to do anything with that certificate, need to change the keys, need to renew it, whatever it is, and you call the CA, the certificate authority, and try to do that, then it's gonna fail, and you're gonna have to establish that validation, before you're, able to move on. And so this is how not keeping that synchronization in place between these two teams could actually lead to an outage even though you're doing everything else. But there is a solution for that. We're actually have just recently made the announcement of the addition to our platform of a new integration that solves this problem. And so that's our UltraDNS capability. It's, manages 20% of the world's global DNS traffic. I mean, you can see from the numbers here, % uptime since 1999 and two hundred billion transactions daily. So this is a big chunk of of DNS. And so if you're managing your DNS with us and your PKI with us, you can fully automate that validation step that has to take place, and so that you'll you'll never run the risk of that happening. And so, you know, that what that validation really is is for you as an organization to be able to prove to the certificate authority that you still own the domain. Right? And and the way to do that is the certificate authority will give you a little a little token, a little piece to go put into the DNS record. And they say, well, if you really own that that d next record, you'll be able to update it. Here's the token. Next time I come back around, I'm gonna look for that token. And if I see it, I know it's valid because you you've proven that you still own it. But if not, then there's gonna there there could be an issue. And so that's this domain validation. And that's actually what, how most people are doing, you know, the your basic validation. Now there are higher levels. There's there's organization validation and things that require more, proofing. But this is this is the really, the most common one. The industry is moving towards it even more, and that validity that I just talked about, is shrinking. And so when we look at what this looks like for two different teams in your organization, for the audience out there, you've likely got a DNS team and you've got a PKI team, and the DNS team is managing the DNS records and so on and so forth. That all makes sense. Right? But in in many scenarios, when that validation has to take place, there might even be like a ServiceNow ticket that's sent from the PKI team to the DNS team, and they have to, like, manually make that DNS record update. Or it might be that there's there's some kind of, kind of I'll just call it scripted slash brittle type of integration that could go down or if you get out of sync and you might not know that those things didn't happen. But then there's what we're bringing together. So by bringing, UltraDNS into the platform with our search central capability, these things automatically and natively talk to each other so that whenever these updates are happening, with with search central, which is where, we do our our public trust certificates. Right? There's the now a piece of automation in place. So that validation automation just happens between the two. It's a native integration, and you don't have to worry about those things getting out of sync and not knowing about it so that you end up, with, you know, trying to renew a certificate and then, whoops, that's that didn't work. It failed, and and why did it fail? Right? Now there's one thing I was asked the audience to think about. Sometimes you may tend to think about that in, like, a a one z two z type of renewal thing. Right? But in reality, think about, a high volume, multi cloud, mixed cloud environment where there's thousands or more of certificate automate, re renewals or validations happening all the time in an automated way. If you if you don't have this and that gets up the sync and you don't know it, you know, that that could be big big issues to go fix. So you wanna have that integrated from the front. And, when you do, then you get more of these business value pieces that we talked about. So we talked about the crypto agility and the need to be able to go faster in that cycle. This gives you that, and now it expands that coverage to this critical link between DNS and PKI. And, also, thinking about your teams, we talked about in the beginning, the scarce resources. You don't want them manually updating records. You wanna automate that both from a resource perspective and from an accuracy and not getting that misconfiguration we talked about, which all leads to increased resiliency, which keeps us from having outages, which is definitely something that that we want to do. And so we do that by pulling all these things together, into a single platform. Right? So you see at the center, there's the PKI and DNS and the cycle that's happening. And that emanates into the public and private and bringing in other third party certificate authorities into a quantum ready platform that is, you you know, AI powered for the integration and the automation that touches all these different use cases. Going back to your first, slide, I was going to have all the different things, that we need to do that PKI touches in the organization, right, from software to devices to content signing and AI agents and all that stuff. That's that's how we cover that. And our our recent announcement about the PKI plus DNS coming together on the platform just takes it to the next level in terms of the ability to have that resiliency and to get those business benefits that you're all looking for, which, you know, again, is taking us back to our our theme here. This is how you turn what you could what you see as a quantum threat into something you can ultimately be a a huge win and a driver for your business. Alright. So that's that's DNS. Pretty interesting how that how that ties together, I think. Alright. So now let's talk about another really interesting factor to me especially, and that's PKI's intersection with the world of identity access management. So, Özgün, let's let's talk about let's talk about this. Yeah. I guess when we talk about the convergence of PKI and I'm I think two topics emerge, security and and user experience. So, yeah, over the years, there's been, many successful attacks against MFA, whether it's push based or messaging. And, yeah, CISA and other security agencies worldwide worldwide, they either mandate or or or advise organizations to adopt certificate certificate based, so x five zero nine based authentication to kind of reach that level of maturity and to, yeah, essentially have a truly phishing resistant solution. Mhmm. And I guess with the increase on identity sources, and different use cases, and I guess with things like external stakeholders and consultants and partners that organizations on a daily daily base work with, the the risk of overprivileged and orphan accounts become, become quite critical. So that's, I guess, the security bit of it. And then the other part kind of relates to user experience. As, yeah, identity sources increase, organizations have, in a way, multiple silos for authentication. The user experience is kind of fragmented. In any company, you have multiple endpoints connected to the domain on on prem and on the cloud. There's different business applications and corporate resources on both sides. When you're logging into applications, it's it's federated through identity service providers. There's h IGA solutions, privileges, different access, authenticators, and, yeah, users not always know when to use which. And I guess in the in in this context with PKI, authentication is kind of consistent across the board. So I guess in addition to the management of it and the ease of defining policy, the the user experience is is is much elevated. Yeah. I love it. And I love intersection of security and user experience. And one of the things that I think exemplifies that in the world of PKI and I'm our passwords and the login experience. Right? So, I mean, so you you passwords are, from a security perspective, obviously, a problem because they're phished. They can be cracked. They can be stolen. All these types of things. Right? So we know passwords are an issue. So what do we do then? We add another layer of multifactor authentication and these other things. So now I've gotta get a a code off of my phone, or I gotta do, you know, a separate piece, to log in. And so that becomes to get more secure, that becomes not a great user experience. Right? And so the they they fit hand in hand. And, you know, when you look at PKI and the fact that a PKI credential, when it's used by a user to authenticate to a system, is passwordless. And so in the in the I'm industry, a lot of times, they talk about passwordless authentication. But the the technologies are there, and I think the the the use case are coming together where we'll see more and more PKI technologies with wallet technologies, where you start to see signs of that with pass keys and things like that, will be used for increasing security and user experience at the same time. So, I I think that's I think this is a really exciting place, in the future of identity and PKI coming together in the worlds of passwordless, IE, you know, verifiable credentials, decentralized identity, those types of things. And I'd say, you know, look at Europe, as an example of what they're planning to do with EIDAS two around wallet technologies and PKI backed authentication without passwords. Awesome. Okay. Well, that kind of brings us in our agenda to, to our last section. We've got a few minutes left to do, some q and a. So I'm gonna go to the queue here, and I'm gonna look, and see what what questions we have. And, again, if you haven't submitted questions already, please feel free to do that. And if we don't get to them, we will, send something back to you with the we'll we'll get back to you with the answer to your question. Alright. So first one, let's see here. We've got it even up on this screen. That's so cool. How does quantum impact digital signing? Yeah. Maybe I I could take that one. And maybe a bit that we didn't really talk about so much, as well because, yeah, I guess there's digital signing in in the context of documents and things, but also code signing. And, yeah, of course, the threats around quantum flies to secure code signing as well, which, yeah, has been critical for software trusts, for organizations and development teams to verify that the code that originated from a trusted source is indeed the same as, that one and that it hasn't been tampered with. And I think with the increasing adoption of SBOM, so software built materials, this is, yeah, a key development area. And, yeah, in a way, allowing organizations to catalog and verify the components within their software, especially in the context of software supply chain attacks and stuff when you think about, yeah, the SolarWinds and the Log four j incidents and things. But I guess, also with the increasing popularity of open source and containerized applications, that kind of makes, securing all this more complicated. So, yeah, I guess similar to securing users and devices in a post quantum way, managing all of this. So code signing procedures are are critical for DevOps teams. And, yeah, when not managed properly, yeah, this exposes customers to cyberattacks, but also, a solution providers that bring significant reputational risks when when something goes wrong. So, yeah, I guess in addition to the the post quantum algorithms, this is, yeah, securing cryptographic keys, time stamping the code while signing, and, yeah, doing things like integrity checks and reviews to sort of compare the code on the build server is the same with the one in the repository. But also, I guess, yeah, simplifying and automating all of these processes for DevOps teams. Yeah. I love it. And I I think that, you know, it's an important point. One, that anything that's certificate backed is impacted by quantum. Right? And so those certificates and the corresponding keys, they need to be have the updated algorithms. Right? But, two, I think it's a great example of there's PKI and the certificates, and then and everything goes along with that we talked about. But then there's the use cases. How do you use them? In this case, you know, they're they're being used, like you said, to secure the software supply chain and to, and to sign software and to and to, convey that trust. But, also, they're used for signing digital documents and sealing documents of an organization, you know, on behalf of an organization or, you know, all those types of things that go in with content trust. And, you know, at DigiCert, we we offer those pieces in addition to the core that we saw of of the DNS and the and the PKI things. You know, we've also the the pieces that are around the outer edge, those are the use cases. So the software is the software signing. You've got, device trust and being able to trust the devices and the content, you know, documents, all those different things. Those are those are all the use cases. And so, you know, it affects it from the core all the way out. Alright. Let's go to the next question. Can I start preventing quantum issues now? Short in short, the answer is yes. The, algorithms are available, and the DigiCert One platform is completely ready to go, to use those. So whenever you as an organization are ready to start implementing and start upgrading and start adopting, all of our all of our products and capabilities on the DigiCert one platform are are ready to go. So you can start addressing those as soon as you're ready. Alright. Let's go to the next one. Alright. Let's see the questions. What about the intersection between PKI security and evolving? Yeah, the evolving AI landscape? It wouldn't be a webinar if we didn't talk about AI, I was gonna write. Yes. No one will talk about that a little bit. Yeah. I guess, yeah, we kind of talked about, machine identities and, yeah, the explosion around all of that. But, yeah, it's interesting to kind of look at the role of PKI in in the age of AI now. I think, for example, specifically around deepfakes. So, like, yeah, AI generated synthetic media, images, videos, audio that kind of, yeah, look quite real, but, it is entirely fabricated, of course. And, yeah, using all of that for phishing attacks and scams and with, yeah, things like face swapping and lip syncing and all those things. And I guess with, yeah, these Gen AI tools being publicly available and free, the the barriers, of entry are quite low for these things. So anyone can really do it. And I guess, yeah, the to kind to kind of counter these manipulations, PKI and and, yeah, digital signatures can be a great tool. So in this context, it would be, yeah, encrypted time stamps through PKI kind of, yeah, in a way, acting as as as digital watermarks to, yeah, confirm the content's authenticity and to prevent any sort of tampering. But, yeah, I guess, also, yeah, when we talk about AI agents and them becoming more and more popular in the in the picture, how are users actually going to trust their interactions with AI agents in the chatbots, and how can you be sure if, yeah, that hasn't been compromised or even, yeah, the LLMs haven't been compromised. So, yeah, PKI can, be applied or potentially will be applied to to address these new security needs. Yeah. And that's why I brought this back up because in and even the question before, we were talking about signatures, right, and the ability to sign. And if you think of if you apply that to AI and what's happening with the explosions of AI agents, and I think I think you nailed it there, you know, the of our vision and where we're going with that is, you know, those signatures and the and the ability to have a trusted identity of the model and of whatever the agent is itself that's communicating with you, that it is the identity that comes from where you think it is, and that the transaction that you're doing, at that time is is authentic and trusted and all that kind of stuff and and authorized. Right? That is that is not only important to the future as as agents just do more and more on behalf of people, but also to the scale issue of being able to have being able to do this at the scale of the amount. We say exploding machine identities. Well, the AI agents fit into that, and they're all gonna need to have their PKI backed identities and the signed models so you know what's you're getting as trusted, all of that. So a really, really important piece of the puzzle, I'd say. Okay. I think we have time for one more question. So let's see what else we have. There it is. Does private PKI mean my org manages everything ourselves? So great question. Short answer is no. And in fact, you know, because at the DigiCert platform, we have full as a service private PKI with all the same benefits and security of the of the public trust. You, as a customer, have the option to have full as a service private PKI with with us managing, you know, the HSMs, everything. Right? And but we also you also have the option for, some hybrid scenarios as well, if that's necessary on your journey to cloud and depending on where you are with your private PKI. So you absolutely don't have to manage everything yourselves, but there are pieces that you could continue to maintain and manage in a hybrid model if that's what works best for you and your journey to, agility in the private PKI space. Well, Ashley, forty eight minutes goes by quickly. And we're we're we're we're we're we're we're it. Yeah. It was great to chat with you. Thank you so much, for joining today. I really enjoyed the conversation. I think, hopefully, everyone got a lot out of it. It was a it was a great pleasure. Thank you, Adam. Awesome. Well, folks out there, get in contact with us. We've got the the contact us, link here. We'd love to hear from you. If you submitted other questions, we will get back with you. We'd love to start a conversation. And, with that, just thank you so much, for being here today, and we'll talk to you all soon.