For DigiCert chief trust officer, building trust starts in-house

In a recent ForwardThinking commentary, the AI Trust Imperative, I wrote about the importance of being able to believe the answers we are getting from AI tools. Lakshmi Hanspal, who is chief trust officer at DigiCert, says that trust is actually vital in every aspect of enterprise security.

Hanspal, whose storied career includes security executive gigs at companies like SAP, Bank of America and Box, believes landing her latest job with this title at this particular time is not a coincidence. “I've been able to see firsthand how trust has evolved from a compliance check box to a strategic imperative,” Hanspal told FastForward. And that warrants a person who is in charge of that.

While she has CISO responsibilities in the current role, she says that the job goes beyond that when it comes to instituting policies and procedures designed specifically to instill trust – things like identity management, clear governance frameworks and risk management. She believes that while these activities are all in the name of keeping a company secure, it starts by working backwards from the customer where her own company acts as the test customer for everything that they sell. 

"We are ensuring from an enterprise perspective that we are delivering the best internal trust posture for ourselves (as a company) in our own internal networks, processes and access levels,” she said. This in turn helps them provide a corresponding level of trust to customers in the products and services they sell..

Solving the identity problem

DigiCert’s raison d’etre is to help companies provide a valid identity for digital assets, and protecting cryptographic keys is a big part of that. “DigiCert provides cryptographic assets to servers, machines, IoT devices; allocating identities, ensuring authentication and encryption,” Hanspal explained. 

With growing concern about quantum computing being able to eventually break encryption, the company is focusing on quantum-proof encryption. And there’s also the matter of deep fakes and trusting the content you are seeing, and Hanspal says it all comes back to ensuring you are implementing trust best practices.

I've been able to see firsthand how trust has evolved from a compliance check box to a strategic imperative

“There are hygiene mechanisms and best practices in trust and security postures that companies have access to today, and that can help them put their best foot forward when these barbarians knock at the gate, whether that involves generative AI deep fakes or quantum computing trying to break the encryption algorithms.” 

As you might expect, given her company’s business, she encourages the use of digital certificates and encryption keys, both of which never expire, to provide a good way to secure these devices.

Learning from the past

As Hanspal points out, every decade or so there is a transformational technology that challenges security professionals. As examples, there was the cloud, and then micro services and most recently generative AI. With each new wave of computing technology, there is a new set of security challenges. 

She says that with each new era, we have to relearn the same lessons over and over again. “We have to learn from the previous evolution, embrace best practices you already have, and let them be part of the golden image, the DNA with which the new technology is built,” she said. While cloud and mobile gave way to shadow IT, she implores IT and security teams to not let that happen with generative AI technology, but to take control of it instead to the extent possible. 

The best way to do that is to stick to the basics, regardless of the latest technology. “While I think some of this has to work through organically as we build this to scale, there are some basic hygienic, best practices that have not changed in 30 years like risk management, threat detection and incident response,” she said.

GenAI may be the latest shiny technology to capture our imaginations, but it doesn’t mean we throw our security best practices out the window. “The frameworks for Gen AI will always benefit from the 10 or so basic cybersecurity principles that have guided CISOs and security engineers through decades,” she said. If people keep those in mind, the technology may change, but the ways organizations build trust and security remain steady.

Photo courtesy of DigiCert.