Interview: Mike Hathaway, CTO, Ascertia

Digital identity assurance has never been more important to the security of information. In the modern world, there are ever-increasing numbers of people going digital to carry out all manner of tasks. Be it working, shopping, or socializing; banking, betting or looking for love; buying, selling or binge watching – the reasons for everyday users to logon, sign-in and ultimately entrust their data to the digital sphere are myriad. What’s more, the impact of the COVID-19 pandemic – chiefly the closing of many physical offices, shops and facilities along with strict social distancing restrictions – has only added fuel to the fire when it comes to the modern world’s dependency on accessing services and sharing data online.

For that reason, the importance of public key infrastructure (PKI) – with its purpose of facilitating the secure electronic transfer of information by authenticating the individual, endpoint, service or website in use – cannot be understated at a time when data security, protection and trust is key.

One company that recognizes the significance of PKI is Ascertia, having spent the last two decades with PKI and e-signatures at the heart of its security advancements.

To mark the organization’s 20th anniversary, find out more about the role of PKI in modern security and learn what the firm has planned for its future, Infosecurity spoke to Mike Hathaway, the company’s CTO.

Firstly, how has Ascertia evolved and developed over its 20-year lifespan?

Ascertia is an organically grown business that has expanded in a sustainable, scalable way. The last five years have been particularly strong for us. The industry has changed considerably during our 20 years, however, our main ethos has always remained the same – delivering digital trust and, in particular, business trust with cryptography, across people, devices, documents and data. PKI is our expertise along with our core focus on digital signatures and what they enable within business and society.

Interoperability is paramount to all of this. The fact that our solutions were built over time and designed to work in a complimentary way has fueled the growth of our international partner community and global customer base. Large enterprises, governments and trust service providers are where we excel.

“More often than not, we are all using PKI without even realizing it, and that’s the beauty of the technology”

What role does PKI play in the current security landscape?

PKI is critical. Citizens, employees, services – all of these have moved to some form of online presence, be that an application, a service or online retail. More often than not, we are all using PKI without even realizing it, and that’s the beauty of the technology. You don’t need a one-time password on your set of keys or additional peripherals that you plug in. You’re using PKI in the most transparent manner, and that’s what makes it so fundamental to the security of the internet.

PKI did fall from favor in the mid noughties, and that was largely due to people using the free tools that came with operating systems. People spun up a certificate authority for remote access. Then they spun up another for wireless network authentication. This has come full circle because once businesses had lots of certificate authorities they needed to manage them and organizations wanted to tame this beast by moving everything under one roof. This led to PKI’s resurgence and companies embracing the technology once again.

From Ascertia’s perspective, how has the nature of cybersecurity and the associated risks changed in the last 20 years?

Well, 20 years is a huge window to consider in cybersecurity, and IT has changed phenomenally in that time. We’ve come from a world where everybody went to a fixed place of work, entered with an ID card and sat at a terminal hardwired into a corporate network.

Over that passage of time, more and more services moved online and companies have rapidly digitized business processes. The office is now a room in your house or your kitchen table. It’s a coffee shop. It’s a departure lounge. It’s a train. Employees are accessing corporate services from tablets, mobiles and laptops, over a Wi-Fi or mobile connection.

With this, the need to secure and identify employees, contractors and partners accessing corporate information is paramount. This drives the need for identity, and not just identifying the identity of an individual, but also identifying the identity of the service being used. We are no longer in the office, so we can’t categorically trust the endpoint or indeed the information that’s flowing to us. Authenticity and integrity underpin all of this.

“We are no longer in the office, so we can’t categorically trust the endpoint or indeed the information that’s flowing to us”

Lastly, what are Ascertia’s plans for the coming years, and what kind of key trends do you predict we’ll be discussing when Ascertia reaches its next milestone of 30 years?

Sustainable growth is our objective. This growth will come from our core PKI and digital signature product offerings together with expanding our managed services offering via direct and indirect channels. We work closely with our global customers and they often have exceptionally complex requirements due to their legacy technology and scale. Our customers lean on us and our experienced partners to achieve their objectives.

Expanding our collaborative partner network, one where we all have a common interest in the technology, use cases and solving customers’ problems, is important too. Naturally, our products will move into other bleeding edge technologies to complement our existing product stacks, however, the goal will remain to ensure that it’s easy for businesses to employ digital trust, e.g. enabling people to e-sign a document while ensuring that trust is not compromised.

From a wider perspective, the rate of change we’ve seen in the last two years is going to continue exponentially. Standards will continue to evolve, new use cases are on the horizon that will require some form of identity service and trust service providers and certificate issuers will need to remotely verify an individual based on these evolving use cases.

The world is heading towards 5G, 6G and eventually 7G or 8G technology that will enable hyper-connectivity between devices – think smart cars, smart cities and an explosion of IoT devices. In 10 years, you will likely have billions of connected things exchanging information at a rapid rate. Ensuring our technology underpins trust in all of these settings and infrastructures is going to be paramount.

To learn more about the role of PKI in modern cybersecurity, register for Infosecurity’s upcoming webinar PKI in Today’s Cybersecurity Landscape: What, Why and How

What’s Hot on Infosecurity Magazine?