 Hey everyone, welcome to this special Cube Conversation. I'm your host, Lisa Martin. I've got a great conversation coming up next about making digital trust a strategic focus for your organization. My guest is Dr. Amit Sinha, the CEO of Digister. So great to have you, Amit. Thank you for joining me. Thank you for having me Lisa and it's wonderful to be back on the Cube. Isn't it nice? It's nice to be back in person. We can actually have a conversation. Love a 3D conversation. 3D, yes. So I want you to have the opportunity to introduce Digister to the audience. Not many folks know. Talk to us a little bit about the company and how you're providing digital trust to your customer base. Yeah, Lisa. So Digister is a leading provider of digital trust. We are proud to serve over 80% of Fortune 500 organizations as our customers. And our customers use our Digister 1 platform to manage trust across the users, their devices, their software, their content. We've been in business for over 20 years and we have north of 3 billion devices now secured. 3 billion devices and of course that's only gonna grow exponentially. There's so many buzzwords in security. We have topic conversations about security with every guest pretty much these days. But describe to us what digital trust is and how it relates to security. Yeah, yeah, that's a great question, Lisa. Digital trust is sort of foundational infrastructure that allows users, businesses to have the trust and confidence that their online transactions and interactions are secure. I mean, look around you. We live in a very connected world, right? When you connect to your bank, how do you know you're connecting to a legitimate banking side? When you are transacting with the bank, how do you make sure that those transactions are secure and encrypted? Nobody's snooping on it, right? How do you know your iPhone is getting the right update from Apple and not some tampered software, right? You get a digital document that was signed. How do you know the right person actually signed it, right? Hospitals, how do they guarantee that the MRI machine has not been compromised? How does an airline make sure that their mission critical flight avionics systems haven't been tampered with, right? All of this is foundational and built on digital trust. Absolutely critical. You know, we talk about trust a lot as well, trust as currency these days, but on the consumer side, we just have this sort of blind expectation that document that I got for e-signature, the right person signed it, or the update that I'm getting from Apple is legitimate and unless I hear something on the news. So that trust factor is, like you say foundational, but it's really table stakes for every business, every consumer. We talk a lot about zero trust. I understand that conceptually, but can you talk about how zero trust contrast compare it with digital trust for us? Yeah, that's an excellent question. There's a lot of discussion in the security industry around zero trust. Maybe I can share a simple example, right? Let's say you go to the airport and you need to fly somewhere. How do you go through airport security? You know, you show your passport, you show your boarding pass, the security agent looks at your passport, verifies that the picture in the passport matches you, verifies that the name on the passport matches the boarding pass that you have, and then lets you through. So zero, that's zero trust in action. It's a security architecture where you validate identity, you validate intent, and based on that you either allow someone or you block someone, right? Let's take a step back and see what was the infrastructure that went around that particular action to make it successful? Well, it starts with a passport, right? Who issued you the passport? You know, the U.S. passport office. You showed up at the passport office, maybe showed your birth certificate, documents, and once your identity was validated, you were issued this stamp approved document, and now you can use that document to assert your identity and go through an airport and do other things. That is digital trust. So think of digital trust as the infrastructure that allows physical identities to get validated, and then you have digital identities that you can then use in subsequent workflows, right? One of those workflows could be going through the airport in the physical world. Yeah, so zero trust, digital trust seemed to be very symbiotic, working hand in hand, kind of really from a hierarchical perspective, really facilitators, symbiotic enablers. How, what are some of the challenges that businesses have? That airport analogy was great. I had a nightmare a couple of years ago with the passport trying to get to Italy, didn't happen. But what are some of the challenges that businesses, airlines, hospitals, banks, encounter where digital trust is concerned and how is DigiSERD the one that comes in and says, we got you covered, we got those challenges, we're gonna take them off the table? Yeah, I'm glad you latched onto the passport analogy, sounds like it made sense. Well, just like passports expire every couple of years, digital identities in the form of digital certificates also expire. Typically, you know, publicly trusted digital certificates are valid for about a year. Now, back in the day, businesses had a few web servers and they installed these digital certificates that were longer lived and once they expired, they went and kind of renewed it and tracked it on a spreadsheet and managed all of that. Today, when you go to a large organization, they might have hundreds of thousands of these digital certificates across users, devices, servers, cloud workloads, right? And it's a nightmare to manage, right? Imagine you having to deal with one passport, imagine an organization having to deal with hundreds of thousands of this, right? And these digital certificates are getting shorter and shorter in duration. And when certificates expire, they cause outages. I mean, any business you go to, they'll say, hey, some critical service or system was down because of cert expire, right? As a matter of fact, Elon Musk recently tweeted saying that the entire Starlink system, the SpaceX broadband satellite internet system was down because a digital certificate on a ground station had expired. So these outages happen, but it's not just outages. Security breaches have happened because digital certificates have expired. One that comes to mind is Equifax, whereas I think about 150 million user accounts and information were compromised. And the root cause was a digital certificate that expired on a critical network security device, right? And these outages can cost tens of millions of dollars to large organizations. So what more and more people are realizing, particularly businesses, they need automation. They need a centralized way to manage all of these cryptographic identities across their organization. And what Digisert provides is Digisert One Platform and it comes with things like Trust Lifecycle Manager where all your identities, all your digital certificates across devices, servers, content, users can be discovered, managed and automated without a human in the loop, right? So it really cuts down outages, reduces your attack surface and the risk of security breaches. That's so critical because we've seen in the last couple of years alone the massive rise in security breaches, whether it's, and so much of it's human area, you talk about the challenge of manually managing hundreds of thousands of security search that probably have a huge variety of expiration dates. It's managing that at scale and dialing down the risk has to have automation. It seems like that's not a, you know, I'd be nice to have, that's, we have to have this. And you know, we did a quick survey at Digisert and found that 47% of users said they will switch their vendors when their trust is broken. So it's not just a security issue, it's also a revenue impacting issue because your customers stop trusting you. Oh, Churn is one of the easiest things. She said nearly 50% of people would say I would leave brand reputation. It can be absolutely catastrophic if that trust is broken. Let's talk about the consumer side for a minute. We all have, I don't, I've lost count of how many smart devices I have in my home. I'm doing a remodel right now, so there's gonna be more. But when we think about consumers, we're cooking in the kitchen and we're asking the one with the girl's name, you know, to play certain music or how many ounces and a cup or whatever happens to be. And we're not thinking about the security aspect of that. But the White House and the Federal Communications Commission recently announced the Cyber Security Labeling Program for smart devices to protect consumers like you and me. This is the U.S. Cyber Trust Mark Program. Talk more about the threat here on the consumer side and how digital trust and Digisert are helping consumers ensure that the transactions they're doing are secure. Yeah, that's a wonderful question and very relatable to end users, right? You know, there's estimates that by 2025, the number of IoT, these types of internet of thing devices would be somewhere in the 75 billion, like 10 times more devices than humans, right? And you see that in your home, as you mentioned, you might have an Alexa device, you might have a Google Nest device, you might have dozens of other things. Now the challenge with these devices, generally these are low cost with poor quality software, not often patched, right? And the question is, how do we raise the security of these devices? Because they are now posing a massive attack surface, right? So the question, if you look at IoT devices, I'd say, take a look at your iPhone. It's generally much more secure and why is that? Because your phone has a digital tamper-proof identity in the form of certificates, you know, from Apple. When you get software updates, it's signed by Apple. So you know, it's sanctioned software, it's not been tampered with. So you have a trusted device getting trusted software and that's how you get a trusted ecosystem. How do you bring that to your consumer IoT device that are cheap and maybe price is a factor as well? So step one is sort of digital identities, right? And fortunately, standards like matter are evolving and led by Amazon, led by Google, they want to increase interoperability in the house, but also raise the bar on security. And fundamentally talking about a few things. One, tamper-proof digital identity. So every device should have an identity, right, that prevents counterfeiting. Number two, software that goes on to these devices needs to be scanned, right, signed, and then you have this ecosystem like your iPhone where a trusted device is getting a trusted update. The standards are also pushing for what is known as a software bill of materials. You think of it as like your nutrition label on your favorite snack. You pick up your favorite snack, you see the nutrition label, you can take it a step further, maybe the FDA certifies it as organic and then it gives you that visual indicator that this is higher quality food, right? So how do you bring that concept to your consumer devices, right? And that's what the White House and the U.S. Cyber Trust Mark is all about. You know, trusted device, trusted software, with a software bill of materials, telling you what's inside this. And with a visual mark, the U.S. Cyber Trust Mark, kind of like organic, saying, hey, consumers can make an informed choice that this is a more secure device. Right, and that's something that I think, probably a high percentage, just thinking off the top of my head here, of people never once think about with their phones, with a thermostat, a doorbell, and we see so many crimes being caught on doorbell cameras and being released publicly, but it's something that consumers need to have because, like you were saying earlier, from a trust perspective, from a brand reputation, from a revenue impact perspective, for any organization, whether they're dealing with a consumer or not, it is absolutely foundational these days. You mentioned that, I love the airport analogy, airlines making sure that aircraft systems haven't been tampered with. Healthcare, you know, we go in for an X-ray or an MRI, and we don't think, we're curious about whatever is wrong, but we don't think about, this is an organization's IoT device. How is digital trust and digital, how are you helping organizations really enable IoT security, especially as the numbers of IoT devices just keep rising? Yeah, that's a good question. And going back to those two things, I talked about digital identities and secure software. So our customers are using Digisert One, which includes a module called IoT Trust Manager. And what that does is it allows you to stamp these digital identities into your IoT devices, right? And it integrates well with your manufacturing environments, your factories, your OEMs. I mean, you might have a factory that's not even connected to the internet, right? So you need sort of flexible ways to add identities when these devices are being produced. So that's step one. In step two, Digisert One also includes software Trust Manager, where you can scan the software that's getting deployed, make sure it doesn't have any vulnerabilities, generate a software bill of materials, kind of like the nutrition label I talked about, right? Sign it so that it cannot be altered, tampered, and you get that secure ecosystem where you have a trusted device getting a trusted update. This is particularly important for the medical devices. And we have now customers who manufacture continuous glucose monitors, smart infusion pumps. I mean, it's literally life and death. You don't want these devices to be tampered with, right? That are using these mechanisms to essentially reduce counterfeiting, make sure that genuine software is installed on these devices, and also secure the communication between the device and your app or the rest of the ecosystem using the same digital trust mechanisms that exist between your app and the bank, right? Yeah, end to end upstream, damn stream. We talked about consumer electronics, medical electronics. What other, are some other types of OT, IOT devices where digital trust is relevant? I imagine the answer is D, all of the above. Yeah, I mean, quite literally it's all of the above, right? As I said, this is a massive attack surface and it's an easy way in into an organization. So a couple of very interesting new use cases. You probably use an electric car, for example, right? And people often wonder, how can I just drive my car to a charging network and plug it in and magically my account is getting billed? How is all that happening? Well, it turns out that the plug and charge standards use digital certificates. These digital certificates are essentially authenticating, authorizing and securing the communication between your electric vehicle and the rest of the charging station network, right? And it's tamper-proof, no human in the loop and everything just magically works. You know, we have now appliance manufacturers, people making refrigerators and air conditioning units basically stamping out these identities, just like the IOT devices that we talked about. So I think, more and more, you're going to see these standards emerge and a recent FBI study had shown that almost half of the devices out there, right, are just very insecure and they hardly ever get patched. So you're seeing matter and all of these standards emerge and Digisert is actively participating in these standards and driving products that address this for OEM manufacturers as well. Seems like relevance isn't the right word. It's really business criticality for digital trust, what Digisert is providing. But for organizations, and so many are living in a hybrid, multi-cloud world, what's the rule of the hyperscaler where digital trust is concerned? What are they doing in this space and are you guys working with them to deliver digital trust really to organizations and to end? Absolutely, hyperscalers and cloud computing is a massive market. The role of hyperscalers, the AWS, Azures and the like is primarily to provide cloud computing infrastructure, storage, compute, lately a lot of AI services, right? They're not really focused on validating the physical identities of domains, of organizations, of users, and then issuing them digital certificates that they then use on that cloud infrastructure. So today if you go to AWS or Azure and spin up a server and get a digital certificate, more likely than not, it has come from Digisert in the background. So these hyperscalers use central or certificate authorities like Digisert in the background to generate those digital identities. We recently signed a deal with Oracle. Customers who use OCI, Oracle Cloud Infrastructure can now get native Digisert services within their environment as well. And Oracle has some pretty interesting features like sovereign national clouds, right? There might be big governments or entities that don't want their trust boundary to go outside. They want it to be in country. So it really helps in that type of scenario. And then across the world, I mean with folks like Microsoft, we have very deep partnerships. Lots of enterprise customers use Office 365 and the SMIME certificates that are used to authenticate and encrypt email communication often come from Digisert. Similarly, a lot of Microsoft customers may use Intune to manage digital certificates across their device fleet. So we have deep partnerships with hyperscalers and you can think of Digisert's role kind of like that passport authority, right? We are validating your physical identities, right? Checking to make sure you are who you say you are and then giving you tamper-proof digital identities then you then leverage on your hyperscalers whether it's cloud workloads or other services. I love that really kind of opening the hood and there's Digisert in there really enabling digital trust across the hyperscaler environment. You talked about AI. We can't these days have a conversation that doesn't talk about gen AI. Talk a little bit about what Digisert is doing in that area. How are you using gen AI? Like it's under the hood, the passport authority that you talked about. Give me the sense of the role of gen AI in that context. Yeah, like many progressive organizations we use gen AI to improve efficiency within the organization whether it is AI powered support chatbots or AI based contract review systems. We also have developers using AI co-pilots to increase their coding efficiency. But if I take a step back probably the biggest challenge gen AI poses to our information based society is content trust. And how do you know what's real and what's fake anymore, right? How do I know that this video I saw of Putin on my phone is legit? How do I know that maybe I'm a juror and I'm sitting and wondering are those crime scene photos original or have they been doctored, right? Did the CEO really say that on the earnings call? We get trolled on social media all the time. We're wondering is that a bot? Is that a real person, right? So, you know, gen AI has experts worried, right? It can be used to spread misinformation, to tamper elections, to propagate scams, generate counterfeit identities, you know, ruin reputations of celebrities with things like celebrity porn, right? Fortunately, content authenticity initiatives are being worked on, right? And we're working with companies like Microsoft and Sony and Intel and Adobe on content provenance. And the core idea is as a consumer, I should be able to have a tamper-proof way to validate the source of any media. Where did it originate? What were the subsequent changes done to it, right? And then make an informed choice. So, think of it this way. Let's say Lisa, you take a picture with your phone. Your phone then, you know, records information like location, type of camera, timestamp. And then most importantly, uses the digital signing mechanisms that we've been talking about to sign a manifest. And that can be edited or tampered with, right? Later on, you edit it on your laptop. Your photo editing or video editing software does the same thing. It says, hey, you applied these filters, you made these changes. Another manifest is generated and signed. Maybe a news channel takes it and shows it, right? They might add some captions to it. And other things, yet another manifest. All of these manifests are cryptographically bound to the original media package. So when I consume it, I can see, you know, here's how it originated, here are all the changes, right? And I think this would play a huge part in generative AI and Digisert along with in the PKI industry will have a central role in content provenance. Content provenance, that's something that we're absolutely gonna be following because it affects all of us. But a couple times you talked about digital signing and I was thinking about, oh, the last time I signed something electronically. Are we talking about something that's similar and that's driven by automation? Yeah, I mean, you know, again, all these things we do in the real world have their analogies in the digital world. You know, when you sign a piece of paper, what's happening? I mean, you have a unique handwriting that is hard for someone to clone, right? And if I see a document with your signature and if I have the original, I can kinda match the two and then get a sense that, well, this is Lisa who actually signed it. Well, the same mechanism happens in the digital world. In the digital world, every entity gets a pair of keys. It's called a public key and a private key, right? It's your job to keep your private key secure, but you use the private key to create the signature, right? Think of it as your unique handwriting, right? And everyone else in the world has access to your public key and they can use the public key to then check and make sure that the person who signed it is indeed the right person. And this is based on math that, you know, has been established and it's very hard to break. So what does Digisert do? Well, Digisert essentially validates that you are Lisa and gives you a pair of keys, right? And then you can generate these digital signatures. So when you get a DocuSign link or Adobe EchoSign link, right now you get a link, you click on it and you sign, you can think of DocuSign, Adobe and others as document management systems that are doing the act of signing, but kind of the keys and the infrastructure is coming from Digisert, right? But I can take it a step further, right? Now, when you probably bought your house, you had a notary that was present, right? Now that will stand up in a court of law. Why? Because the notary validated, hey, this is Lisa. You made a note in their logbook, right? Manually, yes. And so that wet ink signature happened in front of them and so it's much more, it's a higher assurance, you know, physical signature. How do you get that in the digital world now, right? And that's where new standards in Europe are evolving. It's called electronic ID standards, EIDES, where they're looking for qualified signatures, right? Where I really validated that you're Lisa. I gave you your unique set of signing keys, right? And you're using that to do a notary-like signature that will hold up in a court of law. Wow, that's fascinating. So you did such a great job talking about Digisert, what is the platform is providing to organizations across industries, the TAM must be huge because the relevance, as we said, it's not relevance, it's business criticality. What keeps you as the CEO of Digisert? What keeps you up at night? What are some of the things that our audience really should be aware of from your perspective? Yeah, I mean, one thing that keeps me up at night is quantum computing. You know, last weekend I watched the movie Oppenheimer, right, and it's about Oppenheimer bringing quantum mechanics to the US and then becoming the father of the bomb. It's taken several decades, but now we have quantum computers and you have Microsoft and IBM and Google, they're all in a race to announce faster and more stable quantum computers. And they can really revolutionize things like drug discovery and climate modeling and also take AI to the next level. But it is a double-edged sword. Those same very powerful quantum computers can break all of cryptography, all the digital trust that I talked about. It could be like, I'd say, an extinction-level event, right? Needs almost a Manhattan project-style effort, right? And some people call it Y2Q, years-to-quantum, just like Y2K. But what is the fundamental problem? Well, the fundamental problem is that the authentication and encryption mechanisms that are used by current cryptography are based on math problems, like factoring very large numbers that are incredibly hard on even the best computers that are available today, right? So it might take a very powerful computer, say a thousand years to break a current cipher. The same cipher can be broken in a couple of hours on a reasonably large, stable quantum computer. And that's because these computers have these spooky properties of superposition and entanglement that you and I would have a very hard time understanding in real life, but it gives them massive, parallel processing capabilities, right? So imagine what happens if suddenly your phone backups are broken, enterprises, their cloud backups are broken, right? Or unauthorized people have access to it. You might have a digital contract that someone has now changed. Your communication on the internet is no longer secure, anyone can eavesdrop, right? So it is an extinction level event for digital trust. Fortunately, now people are working on it, right? So in fact, the White House and President Biden recently issued a national security memorandum instructing government agencies to move their cryptographic standards to what they call PQC, post-quantum computing, right? And Digisert's working with the National Institute of Standards and Technology, NIST, the IETF, the Internet Engineering Task Force, to bring these PQC standards to fruition. And the goal is to have digital trust based on cryptography that is quantum resistant. So they cannot be broken, they cannot, should quantum computers be available, you know, you have new math and new algorithms that even they can't crack. But what does that mean to organizations today, right? I talked about Y2Q. Progressive organizations are looking at this as an opportunity for crypto agility. What do I mean by that? Now I have, I talked about, you have tens of thousands of these certificates and cryptographic assets across your organization. Step one, you need an inventory, right? Tell me, you know, what machines, what devices have what type of algorithms? And step two is all the management and automation. So should I have to swap all of these certificates with post-quantum, right? I have the infrastructure in place, so I don't have to do it manually. Otherwise it would just kill the organization. Oh, it could be catastrophic. Catastrophic, so, I mean Digisert is working on a lot of these post-quantum computing standards, and we also have our Trust Lifecycle Manager platform, which is part of Digisert one, that is enabling organizations to discover, to manage and to automate all of these cryptographic assets across their organization. Discover, manage, automate, absolutely critical. Last question, Dr. Center, for you is, if you had, I'll say a billboard on, we'll say Silicon Valley, we'll say Highway 101, you know, with all those electronic billboards, and it was about Digisert, what would it say? What's that mic drop statement from your perspective? I think, yeah, mic drop, well, I'd say, first, thank you for having me, right? Digital trust is so fundamental and critical, and Digisert is kind of an anchor, the root of trust on the internet for making all of this happen. You know, beyond that, what I would say is, you know, we've built this amazing business around core company values like customer obsession, awesome innovation, relentless execution, and exceptional collaboration, and we're really grateful to our customers and partners for giving us the opportunity to be of service to them. If you're interested in digital trust, you know, look us up, there are plenty of opportunities for builders and sellers in the organization, and more importantly, you know, I know every organization has digital trust requirements, if you do, please do give us an opportunity to be of service to you too. This was outstanding, I know we're out of time, we could keep talking about this, this is such a critical, I mean, to your earlier point, one of them, life and death situations. Thank you so much for sharing with the audience about Digisert, the platform, what digital trust is, why it's critical for every organization. We really appreciate your time and your insights. Thank you, Lisa, it was my pleasure to be on your show here. My pleasure as well. We wanna thank you so much for watching. I'm sure you're riveted by the conversation with digital trust, we thank you so much for your time. For Dr. Amit Sinha, I'm Lisa Martin. You're watching theCUBE, the leader in tech event coverage.