theCUBE + NYSE Wired: Zero Trust Cyber Series | Amit Sinha, DigiCert

Clips
More from theCUBE + NYSE Wired: Zero Trust Cyber Series

Amit Sinha

CEO

DigiCert

play_circle_outline Importance of Resilience in Identity Management and Machine Identities

play_circle_outline Managing Non-Human Identities at Scale: DigiCert's Role in PKI Solutions

play_circle_outline Exploring Future Trends in Media Authenticity and Trust through Digital Certificates in GenAI Applications

play_circle_outline Navigating Building System Scale Dynamics and Key Management Amidst New Regulations and Demand Growth

Info
Transcript

Amit Sinha, DigiCert

Amit Sinha

CEO DigiCert

John Furrier, host of theCUBE, is at the NYSC for the third day of media week. He discusses cyber, AI innovation, and the collaboration between Silicon Valley and the East Coast with Amit Sinha, CEO of DigiCert. Amit talks about machine identities and the challenges of managing non-human identities in today's digital world. He explains how DigiCert's ONE platform simplifies the management of digital identities, like certificates, for businesses. Amit also mentions DigiCert's growth, its focus on AI and quantum, and its efforts to provide authenticity and trus... Read more

explore Keep Exploring

What is the current state of the art in technology intoxication, quantum cryptography, security protection, and business transformation challenges? add

What is Digicert trying to accomplish with their Digicert ONE platform? add

What is being discussed about media and digital certificates in the text provided? add

What experience and capabilities do you have in managing private keys and digital trust infrastructure at scale, particularly in the face of new regulations and increased demand for public certificates? add

bolt Powered by CUBE AI

Amit Sinha, DigiCert

search

>> Hello everyone. Welcome back to theCUBE here at the NYSC. I'm John Furrier, host of theCUBE. This is the third day of our media week. We've been talking about cyber, AI innovation, and again, as part of our ongoing East Coast, West Coast collaboration, I'll see theCUBE in Silicon Valley and theCUBE here on the East Coast partnering with the NYSC and the Wired community with Brian Baumann and the team has been really taking off. We'll be here up and running more full-time in 2025. Amit Sinha is here, the CEO of DigiCert, CUBE alumni. Amit, good to see you. Thanks for coming on. Not a bad background here.

Amit Sinha

>> John, thank you for having me. This is an awesome background. You're all over the place. Palo Alto and now here in NYSC. It's exciting.

>> I love my Palo Alto studio. Talking about the big TVs, get the screens there, but this is just nice place. But I love the connecting Silicon Valley. It's been interesting. This open source concept of our content, obviously NYSC with their open source philosophy of collaboration. We've created this Wired network, that's what Brian Baumann calls it. It validates our mission of open source content because now every interview we do in this network is a node And the node on the network is out on the open and we want it to be an open free marketplace of ideas.

Amit Sinha

>> That's awesome. Keep up the great work.

>> I really appreciate you coming out here. You do such great work in an area that is not only technical, it's got business transformation challenges. It's super important from a security protection standpoint. And you got a little bit of cryptography thrown in there with quantum. So I mean, you the perfect ingredients that I call technology intoxication. You can get drunk on all that technology. I mean, that's how good it is.

Amit Sinha

>> We're trying to simplify it that people can consume and value it too.

>> Don't drink too much of that quantum. It's potent. All kidding aside, you're in a very hot area in the sense there's a lot going on, super things are happening faster, accelerated. Some are developing and baking out like quantum. Take a step back and let's get into front. We've been on theCUBE two times August and then previously April. You guys were really getting ready for the Quantum Day. Quantum Readiness Day, as you guys called it. As quantum and the standards continue to power through, which is a critical role. We talked at length about that last time, the role of standards. Now, on the other end of spectrum in the AI world, there are no standards. It's a free for all, but data is critical. Now, identity is the number one target for hackers. All they got to do is shoot, hit the bullseye once, get credentials, they are in. You're playing around in all those areas. What's the current state of the art? What's the current situation, I should say, maybe is there a state of the art?

Amit Sinha

>> Yeah, no. First, thank you again for having me, John. Always exciting to talk to you. You get all of this and our conversations are always interesting. So just taking a step back since I last spoke to you, DigiCert is doing extremely well. We closed our Vercara acquisition, so now we serve 20% of the authoritative DNS queries in the world. And we'll get shortly into how DNS and SSL are just electricity and water for our digital lives. What's new? Well, I was at Gartner Identity & Access Management Conference earlier this week and the burning topic there was machine identities.

>> Non-human.

Amit Sinha

>> Non-human identities. And here's the kicker, for every one human identity that a business has, John or Ramit, there's like 50 machine identities. And the two big problems businesses are grappling with. One is the cost of managing the life cycle of these identities. And number two, resilience, because these identities are getting shorter and shorter and when they expire, critical services are down. So the two big topics were, "Hey, help me reduce cost, get me more resilience on my identity fabric on this whole digital trust infrastructure." And DigiCert has been working actively with our customers. We have our DigiCert ONE platform in the cloud. And what that does is it just simplifies the management of all your digital identities, like certificates, all the way from discovery to policy and governance to full automation, it's cutting costs, eliminating outages, all the stuff that you'd expect.

>> Yeah, I definitely would like to have you guys participate in our survey. One of our leading analysts, Christophe Bertrand on theCUBE research side, I don't know if you know Christophe, he's just recently joined our team this past year. We're doing a whole survey on cyber resilience and we've talked about this in the past. You addressed this head on. It's the most important critical issue and there is no resilience yet in GenAI, but there is major progress on that. So we got a survey coming up, an event in March of next year. We're going to have a big industry digital conference. So we definitely want to have you guys participate in that because here's the problem and here's the question. Customers don't know who to believe. And not vendors. Who to believe in terms of what's real and what's not, where should they focus their priorities? Resilience is the framework that will set the standard for all applications. So not just data, but data is in all applications. So the GenAI is on a collision course with the identity and resilience piece that you're in because GenAI is just another application. You ask all the experts. That's the constant theme. Oh yeah, well, there's some hyperbole and they, "Oh, it's going to change the world." Okay, humanity. Okay, AGI. Okay, put that aside. To the IT departments, to the major platform players in the companies, it's AppSec review. What's the resilience framework? You talk to anyone who's got chops, they go, "I'm going to treat GenAI like every other app." But guess what? Data is involved. So you're doing resilience, you're in the middle of that. How is that coming together? What is the key to success to scale resilience up to the GenAI layer?

Amit Sinha

>> Yeah, I mean funny you bring GenAI resilience. I mean have kids in college and I got a text from my daughter saying, "I couldn't do my homework because Chat GPT apparently was down today."

>> Yesterday. Yesterday, I saw that.

Amit Sinha

>> Yesterday. And-

>> Perplexity was up and Profic did well.

Amit Sinha

>> So every time I talk to CISOs and CIOs and I ask them, "What do you care deeply about?" Resilience comes up. If you ask them, "How many times were you summoned to the boardroom because something was down?" All hands go up. In fact, even Elon Musk last year had tweeted the entire Starlink was down because of an expired digital certificate. So look, security is very important, but if your service is down, that's like a dagger through your heart. So here's what we are doing, DigiCert was in the business of issuing you digital identities. So we are at NYSE. NYSE is a DigiCert customer. So step one, when you go and type nyse.com, how does your browser or your app find the right server? And that system, the DNS system has to be resilient. Once I get to that web server, how do I know that is the real one and not a fake one? So that's where digital certificates and identities come in. Once I connect to that, how do I make sure that my communication is secure and private, and all of this has to be on all the time. If a cert expires on nyse.com, is it automatically updated without any downtime? So these are the problems that are very central to what DigiCert is solving for our customers and not just for internet-facing websites, but also the internal problem.

>> So is NYSE a customer?

Amit Sinha

>> They are, yes.

>> That's a good customer. They have a high bar

Amit Sinha

>> Yeah. And I mean you can go to NYSE and click on the little lock icon and look at how that website is secured and you'll see a DigiCert certificate.

>> And so you guys are really cracking the code on the infrastructure side of making stuff resolve load.

Amit Sinha

>> Right. How do I make sure I get to the resource I want reliably? Once I connect, how do I make sure that it's the authentic resource and my communication is secure? And that's happening not just on the public side, it's happening on the private side, private apps, cloud, software.

>> And I think your point about the digital certificate is something so small and seems trivial, super important, obviously that's the identity. Okay. But that could go wrong. You got to manage it all the time.

Amit Sinha

>> All the time. You have to manage it.

>> I hate the emails I get, "Your certificate is expired."

Amit Sinha

>> Yeah. And look, the issue here is that if you look at any sizeable organization, they'll have hundreds of thousands of these cryptographic identities. So it's a here and now problem. And you mentioned quantum. The challenge with quantum is that this entire identity fabric has to go through a full upgrade. It's like once in a third year upgrade cycle because the foundational algorithms that were behind the current state of cryptography is changing. I don't know whether you caught it this week, Google announced their Willow quantum chip. And get this, it was able to do a computation in under five minutes that would've taken the world's fastest supercomputer more than the life of the universe.

>> And you think about how the high-performance computing business has changed so fast, supercomputing has been democratized so more connections are coming. So your solution is going to be even more in need. Endpoints, this application, machine to machine. So talk about the non-human identities because this has come up a lot. You mentioned the Gartner Conference. We're hearing this to be a-

Amit Sinha

>> Big problem.

>> A big problem as the sprawl of machines to run the GenAI.

Amit Sinha

>> Yeah, everything. I mean the non-human identity spans your classic user laptops, devices, servers, cloud workload was now to agents, AI agents, what are they? The non-human identities. Software building blocks, OT devices, critical infrastructure devices, just the number of IoT devices in your personal lives, 10 times more than humans. So it's not unusual to have 50 times more non-human identities within an enterprise than human ones. All of them have to be managed, and that's a big problem.

>> I mean, I was talking with a developer entrepreneur and they were talking about how in the development world, people share credentials to help each other all the time. Tokens, maybe even passwords because they share passwords, but tokens can be hacked and get full access to databases. Major information leakage, big time. So this is the one small example of the machine to machine vulnerabilities out there. What's the solution? I mean, how do you guys solve that problem? It's come up a lot. And first of all, scope the problem. How big is it? And then how do you guys solve it?

Amit Sinha

>> As I said, look, just the sheer number of machines and non-human identities is massive and there isn't one size that fits all. The identities in a Kubernetes cloud infrastructure might be different from a AI agent that you might have. The identity for your software that you download is slightly different. So what Digicert is trying to do is we have our Digicert ONE platform that is providing PKI as a service. PKI is public key infrastructure, and we are enabling these workflows that allows you to manage identities across machines, across software, across devices, across content, across infrastructure. The identity on a F5 load balancer might be different from the identity on the latest LLM that you have packaged and you're trying to ship out. But foundationally the math behind it is all the same. It's like here's a private, here's a public key. You need to secure the private key and then you need to enable integrations that allow me to manage these identities. So if I'm talking about cloud infrastructure, I might need an Ansible plugin or some Salt plugin. But if I'm talking about my software supply chain, I might need Jenkins plugin or a GitHub access. So it's about providing centralized governance for your entire identity fabric with decentralized issuance, ability to enable workflows, produce audit reports, all the things that you'd expect to run a massive infrastructure like this.

>> Well, I mean, this is why I like the PKI as a service. Talk about your business model right now. How's business going? Give an update on key milestones. Can you share specifics of the momentum?

Amit Sinha

>> Yeah. John, we're on track to become a billion dollars in annual recurring revenue. We are tracking with-

>> That's a billion ARR.

Amit Sinha

>> In annual recurring revenue.

>> That's pretty big.

Amit Sinha

>> It's big. And we-

>> Explain why that's big versus someone saying, "I'm a $10 billion company," because you get it every year.

Amit Sinha

>> Yeah. Yeah, look, annual recurring revenue first shows that you're a durable SaaS business. You have subscribers that value your services-

>> They have the subscriptions....

Amit Sinha

>> and they have the subscription. So that's number one. The other thing I wanted to highlight was we are tracking to get to about a rule of 60 companies, profitability plus growth rates getting closer to 60, which is rarefied air for a lot of businesses. In terms of overall momentum, AI and quantum are two big tailwinds that are helping us grow the business. 90% of Fortune 500 are already digital customers from PKI and DNS. This is, I call it electricity and water for your digital trust. And then we are leveraging those relationships to expand the business, offer more value to customers. We talked about managing all these machine identities with AI. We are working with standards bodies like the content provenance initiative. I was at the San Francisco Press Club and the burning question there was how do we know what's real and what's fake? And here is what I think is going to happen in a few years, if not already. By default you're going to assume all media is fake.

>> Yeah, exactly. Yeah.

Amit Sinha

>> And back in the day when you had the internet, you saw a little lock icon on your Bank of America. Like, oh, that's a trusty website. Now if you go to email, you go to Gmail, there's PKI-based standards now where you can see the logo of the company and you can see a blue check mark and that gives you a higher assurance it's not a phishing email. I think the same thing is going to happen with media. You're going to-

>> CUBE approved.

Amit Sinha

>> CUBE approved.

>> Yes.

Amit Sinha

>> John's CUBE will have a digital certificate. You're going to sign the entire manifest. And even if I get an embedded video in WhatsApp or iMessage, I'll know that it's the authentic one.

>> And if it is tampered or doctored, it'll-be like Google Docs. Show me the history.

Amit Sinha

>> Show me the history. Exactly.

>> Little lineage there or authenticity. We're already seeing it now. The best content, we just saw the last election, I mean Trump was just here. Authentic, not necessarily the payload, but the louder the authenticity. People want podcasts, they want podcasts. They want to see, they want , what do you think? So that's more of a mind, not the soundbite. So you're seeing authenticity and you're starting to see original content, not recycled hot takes. And our business is hot takes. I see other analysts out there. I mean they're just spewing hot takes, I call them warm takes, sometimes cold takes. But high-frequency insights. So insight, authenticity, trust. This is the bedrock.

Amit Sinha

>> That's the bedrock of our business.

>> Yeah, ours too.

Amit Sinha

>> And I think, here's the kicker, the math exists to do that. It is about embedding that into workflows. So we're working with Adobe and Microsoft and these companies. We're also working with camera manufacturers. I mean, I take a picture or a video, I want the original metadata, location, GPS coordinates, duration format to be locked in. Just like when you get a piece of software from Apple, you know that it's not been tampered with because the entire bill of materials is riding with it along with a digital signature.

>> Yeah. What's interesting, I like how we're riffing here because it's good. If you have the, what did I say? Authentic, original, and trusted. If you nail those foundational principles, GenAI works for you because now you have the trust. So if someone aggregates something like say news on our side or does some low-hanging fruit assembly of non-differentiated lifting of any kind, not just every lifting, but any lifting, that's our user experience if it's trusted. Original, that is real. Authentic means I'm relating to it. You could do anything with GenAI. Right now everyone is scared of GenAI, "Oh, that was written by a bot." Well, it depends. Why do you question it? Because you don't trust it.

Amit Sinha

>> And look, it's okay-

>> Same with your thing, security.

Amit Sinha

>> Yeah. And look, it's written by a bot, that's great. It's stamped by a bot. But as a consumer, I need to know the source provenance. I need to know this really came from the CUBE. Versus this was a onion mashup of the CUBE.

>> The onion mashups are good though, by the way. Sometimes I think they're real.

Amit Sinha

>> They are real.

>> Because they're so good. It's like the daily show.

Amit Sinha

>> Correct.

>> Yeah. I mean it's like a daily show. I mean, we don't have a lot of time. We could do a deep dive. We'll get back in Palo Alto and when we do more content video editorial. But I do want to ask you a serious question before we get into the wrap-up. You guys are operating at scale. Congratulations on the metrics by the way, and the momentum. It's obvious why your product is needed, it's critical. It seems like a trivial thing, but it needs everywhere. One of your portfolio is expanding once you get your sequencing on your beachhead, but you're operating at scale. And right now that's a big discussion. You can do well for a while, but scale, you said rarefied air, also scale is, rarefied air. What are you seeing at scale? We're seeing that with AWS and even Nvidia. When you operate at scale, you see new things. What are you guys seeing? Talk about the scale dynamic and what you see and learn and what you code back into the solution at scale.

Amit Sinha

>> Yeah. I mean, look, there's no shortcut to success. I'll start there. And yes, you can ride on learnings and other people's infrastructure for a while, but to be able to build a system that's at scale, and we've been at this for 20 years, so we know how to secure all these private keys. We know how to manage it. Some of the largest hyperscalers, I won't name names, but you can guess them. All of their digital trust infrastructure around PKI and SSL is managed by us. So we've proven our infrastructure with some of these massive deployments. So new regulations are coming. For example, Google and Apple are pushing for public certificates from one year to go down to say 90 days or even 45 days. What does that mean to infrastructure? Suddenly you have eight X more of the same. Can overnight, can your infrastructure deal with that step-up demand? And we were able to do that and we've assembled a good team. We have our battle scars, and as I said, there's no shortcut and we've just learn.

>> It's learning. It's a trajectory.

Amit Sinha

>> Exactly. And that's just on the technical side, but even on the customer side, our net promoter score is 81. Because over time we've figured out how to work with customers, help them through some of these complex issues. And we barely have started to scratch the surface for post-quantum cryptography, which is a wholesale upgrade of this entire infrastructure. So I think that requires scale, operational excellence and proven ability to have done it in the past.

>> I've been saying on theCUBE, economies of scale are great on trajectory. That's classic competitive strategy, business school 101. But scale is also a barrier to entry, not just on the learnings. There's no compression album for experience, as Andy Jassy would say. But it's now a barrier to entry because you've got your tentacles and so many identity pieces of the organization. You got to love the position because as you keep learning and adding to your portfolio, DNS today, cryptography tomorrow, identity here for servers and people, I mean, you get nice position.

Amit Sinha

>> Yeah, I was in New York this last couple of days, met half a dozen banks and other financial institutions. I mean, these are well-funded organizations and they're still saying, "Hey look, this is complex stuff and we need an expert who's done this to be able to manage this all for us." And that's the value we are providing.

>> I think the big learning coming out of this next wave because of the scale that I'm taking away is that the old school thinking of, "Oh, we can just build it internally."

Amit Sinha

>> Yeah. Now that's going away for sure.

>> It's going away because two things. One, scale. Number two, the black box that it turns into when the people who built it quit. Or they are promoted.

Amit Sinha

>> Yeah. And that's a resilience problem. That's an outage problem.

>> That's their outage, a resilience problem. So nobody wants a black box.

Amit Sinha

>> Nobody.

>> So if you specialize at something really, really good and do it great and keep innovating, that's a formula. That's counterintuitive, the old days. Go big or go home. The old venture capital strategy in Silicon Valley, I remember that. That is too narrow of a market. Well, not really. Not really. I'm not you guys but in general.

Amit Sinha

>> The market that we play in is 16, 17 billion dollars easy.

>> I'm not saying your market, but identity. Oh yeah, identity. But what does that even mean identity? But if you go horizontal-

Amit Sinha

>> It's a big deal....

>> it's a 16 billion dollar market. Amit, thanks for coming on theCUBE. Appreciate you.

Amit Sinha

>> Always a pleasure.

>> We went over as usual here with great topics. Again, he's in the sweet spot of multiple technology touch points, identity with security, quantum, and just running all these applications. I'm John Furrier in the hot seat here at the NYSC, celebrating theCUBE here on the East coast. Thanks for watching.