Talking Digital Certificates with IdenTrust’s Debra Spitler

By Geoff Kohl, Senior Director of Marketing, Security Industry Association on March 2, 2017 |
Security Industry Association (SIA)

When she was a college student at Arizona State University earning her B.S. in Marketing, Deb Spitler had a chance as part of her scholarship funded by Honeywell Home and Building Control to get a free lunch with Honeywell execs. “What college student turns down a free lunch?” jokes Spitler.

That free lunch turned into a career in the security industry, first with Honeywell for 18 years, then another 18 with HID Global where she has served in a variety of roles, notably as global account manager, director of business development, vice president of marketing, vice president of HID Connect (now the HID embedded solutions business) and vice president of mobile access solutions.

Today she serves as Vice President of Business Development for IdenTrust, a business within HID Global that deals in digital certificates. The company, which was founded by a group of financial institutions, quickly moved into the government space, and was notable for being the digital certificate provider that President Bill Clinton used to sign the eSign bill into law in 2000. The law was a watershed for the industry that IdenTrust is in; it ensured the validity of digital signing of contracts and documents, a method common today in banking, government contracting, real estate and many more industries.

The firm was acquired by Austin, Texas-based HID Global in 2014; the majority of the IdenTrust staff are  based at the company office and operations center in Salt Lake City, Utah.

Spitler — who is speaking about digital certificates at ISC West 2017 (find more seminar details below) — joined the IdenTrust team in February 2015 and today is “assisting the IdenTrust group integrate into the greater HID Global organization and leverage HID’s strengths across multiple market dynamics, identifying new business opportunities for IdenTrust; and simplifying the IdenTrust messaging to the market.”

We asked her to brief the SIA membership on digital certificates and what they mean for the security industry.

What are digital certificates and how have they been used in the past?

Digital certificates are electronic credentials that are used to certify identities that allow people, organizations or devices to exchange information securely over the internet using public key infrastructure (PKI). More simply put, a digital certificate is issued to a person or device to establish and protect an identity that then allows that entity to do the same things in the electronic world that they can do in the physical world. Trusted identities are used to combat fraud and protect against cybercrime.

A few of the primary use cases for digital certificates are to provide:Secure two-factor authentication to devices, networks (i.e., Windows smart card logon or VPN access) and applications Encryption of data, email and documents; and Digital signing to save time, eliminate paper, provide auditability and streamline business processes.

Digital certificates are currently used extensively by: (1) the U.S. government for secure two-factor authentication to devices and applications; (2) financial institutions for a variety of use cases; (3) healthcare organizations for electronic prescribing of controlled substances; and (4) various State or Transportation Department organizations to digitally sign design plans and other similar documents.

Due to cybersecurity concerns, there is high interest in and accelerating adoption of deploying digital certificates to encrypt and sign emailed communications. The high-profile email hack involving Amy Pascal at Sony Pictures was a catalyst for discussion regarding the value of using digital certificates to protect sensitive email communications. Since then, government agencies and enterprises have grown increasingly serious about the need to implement the use of digital certificates to protect email communications and sensitive documents.

While digital signing has also been available for a long time; it is only in the last few years that organizations have begun to realize the business value of digital signing, encompassing the ability to streamline business processes, thus reducing costs while improving auditability.

What can digital certificates mean for security industry channel partners in terms of delivering added services or value?

The traditional security industry has not previously focused on providing digital certificates. That said, the emphasis on cybersecurity and the Internet of Things is opening opportunities for new discussions around the use of digital certificates. With a long history in the physical security industry, I view a number of opportunities for traditional security industry channel partners.

Channel partners should consider speaking to their end-user customers about email encryption and signing, as well as the use of digital signatures. These two offerings are relatively easy for a security partner to learn about and sell since Microsoft Outlook, the most commonly used email client, is ready out-of-the-box to accept digital certificates for encrypting and signing email.

Likewise, Adobe PDF, the most commonly used software for secure documents, is ready out-of-the-box to accept IdenTrust digital certificates for digitally signing documents.

Channel partners should implement the use of digital certificates to facilitate secure two-factor authentication to security system management consoles and/or data feeds. This will help end-users ensure that access to their systems and data is secure from hacking and that only authorized individuals have access. As systems move to the cloud, this will become an important factor in the end-user’s decision-making process specific to which system to purchase and implement.

Lastly, channel partners should begin to ask those who manufacture security systems and/or components about the security elements available in the products being used or purchased. As the components move to having more online or cloud functionality, the security and privacy of the devices will become more relevant.

Learn More

  • Digital Certificates: What You Need to Know for Your Enterprise​
  • When: Wednesday, April 5 from 12:30 to 1:30 p.m.
  • Where: SIA Education @ ISC West, Sands 201, Level 1
  • Session Summary: We exist in an increasingly mobile world, relying upon the internet to keep us constantly connected. Yet the mobility tools we use can make us easy targets for cybercrime. Today, the use of digital certificates is the gold standard for establishing virtual identity and protecting confidentiality. Gain the knowledge to analyze how implementation of digital certificates will mitigate the risk of cybercrime, while allowing you to be more productive in a mobile world.
  • Presented by: Debra Spitler, Vice President of Business Development, IdenTrust​