Deutsche Telekom and DigiCert: Revamping Trust Management in the EU

Deutsche Telekom (DT) has paired with U.S. firm DigiCert for its digital certificate management and identity access management, using the partnership to provide a single source for all certification issues, including public key infrastructure. The move has explicit European Union (EU) compliance motivations, with DT’s head of trust center citing a commitment to “certified trust service provision in geo-redundant data centers,” shoring up the trustworthiness of the home-grown cloud amid the EU’s push for cloud sovereignty. The final draft of the European Cybersecurity Certification Scheme for Cloud Services (EUCS) is due to be announced soon, with the impact of the cloud sovereignty issue discussed in a recent ABI Insight, “EU Cloud Sovereignty: Controversial Certification Scheme to Drive Sovereign Cloud Market.”

Access control and authentication underpin digital security, providing the key line of defense against attackers within a network. Providing a reliable source of trust is an important step in preventing data leaks and the simplification of this process, in conjunction with rigorous standards and decades of experience between the partners, preventing fundamental vulnerabilities.

This new relationship underscores a continued commitment to the company’s role as a key trust authority in Germany, having been the first Trust Center in the country in 1994. Trust infrastructure is also key to hardware security, with device management being particularly essential in a market with hybrid working models, removing the security perimeter, and Internet of Things (IoT) devices expanding and complicating the burden on network security teams.

This model reflects key trends in the digital security market. Customer demand is for streamlining the security process, and vendors that can reliably position themselves as “one-stop shops” for core security issues can capitalize on this. The digital security market is broadly understaffed, and regulatory compliance burdens are growing. Simplified infrastructure, working with vendors that design with compliance in mind, is key to mitigating these problems.

DT is also promising flexible scaling through this partnership, enabling agile management of IoT devices. This is a key concern as IoT device uptake increases and will become even more prevalent as 5G-enabled Massive Machine Type Communication (mMTC) use cases are adopted. This could lead to proliferation of devices on a network, requiring rapid scaling of certificate provisioning. Throughout the growth of this market, there will be a dependency on operators to update their traditional security infrastructure to cope with device proliferation and more agile business models. Failure to do so could lead to stunted market growth, or leave the resulting networks inadequately secured.

The DT and DigiCert partnership demonstrates that cloud sovereignty does not necessarily mean cutting U.S. vendors out—strong relationships are still possible in the search for robust security infrastructure. For many companies, the key to updating business models quickly enough to capture nascent markets lies in strategic partnerships such as this. Synergies between IoT, 5G, and Artificial Intelligence (AI) could produce new use cases that require scalable infrastructure to be delivered quickly, and with the dissolution of the security perimeter, it is crucial that the devices supporting these use cases are robustly secured. In-house development of the capabilities to support this can be slow, and network operators may benefit instead from partnering with those that already have the tools and experience required.