Embracing Interoperability and Openness in Cybersecurity and Digital Identity for a Safer Digital World

The digital landscape is completely foreign to how we perceived it only a few short years ago. According to a McKinsey & Company study, “digital offerings have leapfrogged seven years of progress in a matter of months.” More specifically, how we manage our digital identities and assets in our digital world has changed in many ways. This is a journey every one of us has made in one form or another.

This is a reflection of the challenges we all have made as IT leaders and security professionals over the past several years. But even with how challenging navigating the threat landscape is today, there has been tremendous growth in the cybersecurity and identity (IAM) space. That is why I am pleased to be joining Sectigo as Chief Strategy Officer and CISO Advisor to help advance the company’s leadership position as a digital trust and identity leader.

My Time at Gartner

Prior to joining Sectigo, I served as a VP analyst at Gartner for six years where I worked with amazing people who share my passion for making the digital world a safer place. At Gartner, I covered a wide spread of cybersecurity and digital identity topics. With that wide spread, I was passionate and obsessed in areas such as Bring Your Own Identity (BYOI), Decentralized Identity (DCI) aka Blockchain Identity, blockchain security, data security, NFTs, and Public Key Infrastructure (PKI). So, it was through my coverage, that I had a front row seat to trends that spanned global clients, investors, and tech providers.

It was absolutely apparent that digital identity and authentication continue to be our first layer of defense, but our approach to these methods and concepts is evolving. Specifically, identity for humans and machines, is so critical, that Gartner, called out “Identity-First Security” and “Machine Identity Management” in their Top Security Trends for 2021 (the last Top Trends report I contributed to). But many publications since, such as “Cool Vendors for Identity-First Security” have called out these trends, and it was no mistake, as these trends will continue into the far future.

With over 6000+ client engagements as a cybersecurity analyst at Gartner, it was clear that the market for identity and cybersecurity was starting to come into its own. Ransomware and other attacks, such as ones focused on compromising the supply chain, continue to disrupt business in new ways every day. With the growing complexity of cyber threats, many of us have noticed that organizations can no longer ignore investments in the people, processes, and technology of cybersecurity and identity-first security.

Furthermore, the rapid increase in demand for digital services led to the realization that digital identity is key for digital transformation and digital business. As such, identity management for both humans and machines is now critical for all sizes of organizations. But it is the cryptographic systems that act as the foundation to all these systems. Without strong cryptography we simply do not have digital trust, strong digital identity and/or data security. Therefore, cryptography is critical infrastructure for modern-day business. Yet, this is an area that many organizations struggle with. Namely, they struggle with managing too many complex, costly, siloed, and legacy products that don’t work well in a modern hybrid and multi-cloud world. Customers and the market need a change, and they need it now!

Interoperability, Openness and Transparency Are Now Critical Capabilities

For CISOs, CIOs and their teams to be successful, they can’t rely on a ton of security products just to function. It simply isn’t sustainable.

As such, vendor and product consolidation continues to be a big topic for many CISOs and CIOs (Another Top Trend from Gartner Top Trends for Security 2021). But we need to be focused on enabling the core elements. Specifically, vendors and products need to work with each other. In the case of PKI, Certificate Lifecycle Management (CLM), and Identity Access Management (IAM) walled gardens aren’t an attractive option now or in the foreseeable future. To truly solve cybersecurity threats, and ultimately help cybersecurity practitioners, identity and cybersecurity solutions need to break down existing silos and start interoperating.

Cybersecurity products need to embrace transparency and openness to collaborate and leverage open standards. By open standards, I’m referring to standards such as FIDO and ACME (and of course, many others). Imagine if Bluetooth didn’t exist and that you had to install countless drivers and apps just to get headphones working with your car or mobile device(s). Bluetooth is a critical industry standard that helps all of us leverage interoperability with all our devices and software. Without it, digital life would be problematic.

In the cybersecurity world, products that leverage open standards will have an increased ability to interoperate with others. That means sharing of standards-based functions, data sets, and so on; all with the aim to optimize management and enable automation. Due to modern day hybrid and multi-cloud environments, leveraging of standards and interoperability will help reduce management complexity for cybersecurity practitioners.

Overall, openness and interoperability helps to enable orchestration and ultimately, pave the way for automation for CISOs, CIOs, and their organizations. A future without this will be difficult if security practitioners have to log into many different products to get a view of potential indicators of compromise (IOCs). So, interoperability and openness will be critical capabilities for any and all products/services in the identity, cybersecurity, and PKI markets.

Why I Joined Sectigo

PKI is one of those technologies that we use constantly in our digital lives. It’s always there in the background. The problem is that it is so deeply engrained in the machines and systems we use that we forget that it can also be the answer to many of the identity, data security and privacy challenges we continue to struggle with. When I joined Gartner and I began covering PKI, the running joke amongst many of my colleagues was that it was always (perpetually) the year of PKI. We all knew that the technology was critical, but for many it was, as they say, a hammer looking for a nail. But all that has changed.

Whether it’s a machine or human identity, PKI and digital certificates were finally showing their potential in areas such as:

• Robotic Process Automation (RPA): These entities, known as bots, need digital identities such that their access can be managed. Digital certificates are an excellent choice to provide identity for these entities.
• Zero Trust and Zero Trust Network Architecture (ZTNA): It all starts with knowing who and what you are dealing with (aka identity). Digital certificates are and excellent choice to identity apps, IoT devices, and/or humans.
  
• Cloud-Enablement, DevOps, IoT, Blockchain Identity, Digital Signatures: All of these and many more all require cryptographic keys and digital certificates to work.

With the market going through a massive shift, and the increase in investments in all things digital (both investors and customers), it was time for me to get off the sidelines and join in! I thoroughly enjoyed working with many of the players in the market; and I look forward to working with many of them going forward. While I will be advising a number of other companies, I chose to join the Sectigo team.

Why Sectigo?

Sectigo stood out, amongst many in the pack. While there were a number of aspects, it boils down to three areas:

1. The Team: Pioneers in the PKI and The Cryptography Space
   I worked with many of the Sectigo executive team and staff in a previous life nearly a decade ago. So, in a way, it was like returning to back to the family. The background of the staff, and company were critically important to me. Sectigo was formed from Comodo – Comodo, while being a pioneer in the PKI space, didn’t really come up all that much with many enterprises that I worked with at Gartner. But, when Comodo transitioned to Sectigo, I started hearing clients inquire about Sectigo. Specifically, because they were focused on customer needs such as openness, interoperability, and value. Clearly, the Sectigo team was onto something.
2. Growth: The Rapid Expansion of the Staff, Products, and Addressable Markets
   The rapid expansion of the team, products, and addressable markets was impressive. As a Gartner analyst, I was able to see Sectigo’s growth as a spectator. The team has consistently demonstrated excellent market understanding and vision. But more importantly, they have demonstrated their ability to execute on this vision and strategy.
3. Commitment to Customers, Partners, and the Market
   As an analyst that covered a lot of technology providers and vendors, I would always think (and say), “So what, why should the market/customers/investors care?”. One aspect that was apparent, when covering the market as an analyst was Sectigo’s commitment and mission to be focused on market and customer needs. Specifically, one area that Sectigo impressed me, is the focus on customer value; that is helping clients reduce complexity, consolidate point products, and offer attractive long-term packaging. This is all driven from an outside-in strategy, listening to the customer, the market, and analysts.

This attention to market and customers needs enabled Sectigo to focus on interoperability, and openness. The aim is to help customers reduce complexity (both technically, and financially via potential product consolidation). It is this focus on interoperability and openness that will enable orchestration and automation. But what wraps all of this together, is sensible and attractive packaging, pricing, and overall value.

The market can’t take on today’s complex threats and business demands if they worry about security and identity products that don’t play well with each other; and/or if they are eating up a significant amount of their overall budget.

My Future with Sectigo

My role at Sectigo as the Chief Strategy Officer and CISO advisor will have me focus on overall strategy, corporate development, M&A, and client/industry advisory.

Sectigo is an excellent fit for me because it continues my commitment as a steward for the industry and cybersecurity community (much like the experiences I enjoyed at Gartner). I’ll be offering advisory help to many CISOs, CIOs, and IT leaders, as well as standards bodies, leveraging the knowledge and experience I’ve gained over the years. This includes working with strategic technology partners.

It’s about client and market needs. I have been and will continue to be a steward of the industry. So, let’s embrace the evermore digital future in 2022 and beyond! But let’s do it safely, and sanely.