In a recent interview with SafetyDetectives, Avesta Hojjati, VP of Engineering and Head of R&D at DigiCert, discussed the critical aspects of digital trust, emerging cybersecurity technologies, and the importance of collaboration in enhancing security. Hojjati’s extensive expertise and insights shed light on key factors shaping the future of online security.
Can you please introduce yourself and talk about your role at DigiCert?
I am the Vice President of Engineering and Head of Research and Development at DigiCert, where I manage advanced development of cybersecurity products and contribute to the M&A strategy.
I have authored multiple academic papers and am known for my research on side-channel attacks on medical devices and 3D printers. I also do research focused on computer security and privacy, embedded systems security, reverse engineering, and applied cryptography.
From an industry perspective, I am a member of the International Association for Cryptologic Research (IACR) and a board member of Rutgers University Continuing Education, Sovrin Foundations, and ID4me AISBL.
What are the top services offered by DigiCert?
DigiCert is a leading global provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert ONE, our platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its software with its industry leadership in standards, support and operations.
What are some emerging technologies or practices that have the potential to enhance digital trust and security in the future?
Most important is the role of artificial intelligence as it relates to security. This is an interesting one, because what we have seen is that artificial intelligence could be used both as a defensive and as an offensive mechanism. It enables us to look at specific patterns in the network or in identity activities of individuals in an organization and be able to decrease the false positive and false negative, and to make decisions not only more automatically, but with a higher level of confidence.
Unfortunately, the same technology could be used to overcome some of the existing security solutions that we have in place. One example of those is Intrusion Detection Systems (IDS) or Intrusion Prevention systems (IPS) that could be manipulated by an AI engine and AI attack protocol.
One fundamental technology that is essential to digital trust is Public Key Infrastructure, or PKI. We all use PKI. Every time we visit a website we utilize the certificates that enable us to know the identity of that website as well as to establish an encrypted mechanism to communicate our personal data, including credit card information or Personal Identifiable Information (PII).
A scalable and enhanced PKI could solve different problems that are fundamental to digital trust. For example, with PKI you can cryptographically sign a document. A lot of employees now work remotely and they’re not able to go to a physical office to sign a document. With document signing solutions, they can sign the document cryptographically, with a very high level of confidence. That’s just one aspect that a PKI solution can handle for digital trust.
Securing connected devices is much bigger than that and includes medical devices and industrial control systems. In these cases, you need to confirm the identity of the devices prior to communicating with them. A stable and capable PKI solution is capable of issuing identity to those devices, and can also establish a secure line of communication in the future to receive updates.
What role does collaboration between different stakeholders, such as businesses, governments, and technology providers, play in strengthening digital trust?
Digital trust includes everyone. From a business perspective, if you have a strong digital trust posture, meaning that you’re capable of deploying solutions to increase your overall security, this will enable you to have a better position with your customers.
For governments, the role of compliance, standards and policies plays an important role. Recently the Food and Drug Administration (FDA) stated that every medical device manufacturer is required to have a Software Bill of Materials (SBOM). Governments develop specific policies that increase the overall security posture of individuals and technology providers. This is where multiple vendors can collaborate on a unified solution that can solve a real problem, instead of providing multiple solutions that cause confusion.
Digital trust and deploying, enhancing, and maintaining digital trust is a multi-entity, multi aspect, multi position approach that requires collaboration from everyone involved.
With the rapid growth of data breaches and cyberattacks, how can organizations build resilience and regain trust in the aftermath of such incidents?
Visibility plays an important role. Your best defense is to make sure that you know your environment, and you have visibility at every layer. It’s too late to start building your defense where you have been compromised already. Ransomware is a primary example. With ransomware, your files are locked, and frequently without having access to a backup. You may need to pay the ransom, which is not the best solution. To build resiliency and trust in the aftermath of such an incidence, you need to have a good post-mortem and make sure your weak points are covered and that they won’t be repeated in the future. Interacting with the right vendor becomes fundamental to protecting yourself from being compromised again, but also to make sure you’re spending money that will properly solve the problem.
The cost of preventing a cyberattack is much less than recovering from a cyberattack. If you’re compromised, you have to deal with downtime and possible data exposure. A good analogy is you don’t want to wait for your building to collapse in an earthquake and then rebuild it from a scratch. As you start the building process, you want to use earthquake-resistant materials and put in other checks and balances to ensure safety.
In the context of digital trust, what are some key considerations organizations should keep in mind when implementing cloud-based solutions?
First, ask questions to determine the needs of your organization. Do you really need to deploy a solution on the cloud? If you don’t have the expertise, do you have the right cloud provider who is capable of growing with you? With digital trust, it becomes more complex. Digital trust includes connected devices all the way to connected individuals, their identities, as well as the security posture of software and documents, etc. The complexity of digital trust goes from 0 to 60 very quickly, illustrating the importance of selecting the right cloud provider. Select one who is familiar with the capabilities and requirements of digital trust and is also able to maintain those for decades to come. Our need for digital trust will continue to expand and it’s foundational to all of our business interactions.