NIST - Experts & Thought Leaders

DigiCert, a pioneering provider of digital trust, announced the results of the annual DigiCert® Quantum Readiness Awards. Migros, one of Switzerland’s largest retailers, was named the winner, while NTT DATA, a global digital business and IT services pioneer, was recognised as a finalist.  The awards were presented as part of DigiCert’s World Quantum Readiness Day activities, a date dedicated to raising awareness of the cybersecurity threats quantum computing poses and the steps organisations need to take now to prepare. Migros's wide strategy for quantum future Migros earned the award for its disciplined, company-wide strategy to prepare for a quantum future, including: Establishing a centre of excellence and setting a clear goal of achieving quantum readiness by 2030. Adopting a risk-based strategy, securing new assets from the outset and prioritising existing ones by data sensitivity. Committing to hybrid cryptography and strong governance, ensuring continuity, resilience, and executive-level support for enterprise-wide adoption. Migros's commitment to protecting customer trust  "At Migros, we view quantum readiness as a natural extension of our commitment to protecting customer trust," said Lukas Ruf, Group Chief Security & Risk Officer at Migros, adding "By establishing a centre of excellence, adopting hybrid cryptography, and embedding detailed governance requirements, we are ensuring our systems evolve securely and sustainably." He continues, "This recognition underscores the proactive role of our leadership, security teams, and stakeholders in preparing not just for today’s threats, but for the quantum challenges of tomorrow." NTT DATA as insurance services platform NTT DATA was recognised as a finalist for embedding quantum readiness as an operating discipline across its insurance services platform, including: Comprehensive cryptographic visibility and risk mapping, using DigiCert Trust Lifecycle Manager to inventory certificates and prioritise long-lived and sensitive data flows at risk of Harvest-Now, Decrypt-Later attacks. Practising crypto-agility at scale, operationalising 47-day certificate lifecycles to rehearse rapid rotation, automation, and policy enforcement ahead of PQC adoption. Engineering for hybrid cryptography and cloud governance, designing systems that combine classical and PQC modes across AWS, Azure, and Google Cloud, while openly sharing best practices to raise ecosystem readiness. Hybrid cryptography across multi- and sovereign clouds "At NTT DATA, we recognised that quantum readiness could not be left to chance, it had to become an operating discipline," said KAMODA Hiroaki, Head of Security & Network Division at NTT DATA Japan. KAMODA Hiroaki adds, "From building full cryptographic visibility to rehearsing agility with short-lived certificates and designing hybrid cryptography across multi- and sovereign clouds, we are embedding quantum readiness into the core of our services. This award reflects the commitment of our teams and our ecosystem partners to ensuring our customers can move with confidence into a post-quantum future." Expert panel of judges This year's honourees were selected by an expert panel of judges, including: Blair Canavan, Director, Alliances – PQC Portfolio, Thales Tim Hollebeek, Vice President of Industry Standards, DigiCert Dr. Ali El Kaafarani, CEO, PQShield Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Centre of Excellence, NIST Alan Shimel, CEO, TechStrong Group Hugh Thompson, Chairman, RSAC Migros’s governance-driven approach “Quantum computing represents both a significant advance in computational capability and a corresponding threat to the cryptographic assets that underpin digital security,” said Tim Hollebeek, Vice President of Industry Standards at DigiCert and Quantum Readiness Award judge.  He adds, “NTT DATA’s emphasis on operationalising agility and hybrid cryptography, and Migros’s governance-driven approach with strong executive alignment, illustrate two rigorous and practical models of preparation. Both organisations provide concrete examples of what effective quantum readiness looks like in practice and set a useful benchmark for the rest of the industry.” DigiCert Quantum Readiness Awards The DigiCert Quantum Readiness Awards honour organisations that demonstrate innovation, foresight, and action in preparing for the post-quantum era. With most enterprises still reporting they are unprepared, NTT DATA and Migros stand out for making quantum readiness a business and operational priority.

DigiCert, a global provider of digital trust, announced open registration for its annual World Quantum Readiness Day virtual event, which takes place on Wednesday, September 10, 2025. The company is also accepting submissions for its Quantum Readiness Awards. Both initiatives spotlight the critical need for current security infrastructures to adapt to the imminent reality of quantum computing.  Adopt PQC standards World Quantum Readiness Day is a catalyst for action, urging enterprises and governments worldwide World Quantum Readiness Day is a catalyst for action, urging enterprises and governments worldwide to evaluate their preparedness for the emerging quantum era. It highlights the growing urgency to adopt post-quantum cryptography (PQC) standards and provides a playbook to help organisations defend against future quantum-enabled threats.  Transformative advancements “Quantum computing has the potential to unlock transformative advancements across industries, but it also requires a fundamental rethink of our cybersecurity foundations,” said Deepika Chauhan, Chief Product Officer at DigiCert. Deepika Chauhan adds, “World Quantum Readiness Day isn’t just a date on the calendar — it’s a starting point for a global conversation about the urgent need for collective action to secure our quantum future.”  Quantum Readiness Awards Quantum Readiness Awards were created to celebrate organisations that are leading the charge The Quantum Readiness Awards were created to celebrate organisations that are leading the charge in quantum preparedness.  These pioneers are setting the standard for what it means to be quantum-ready, demonstrating a comprehensive understanding of the challenges that quantum computing presents.   Judges for the Quantum Readiness Awards Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Centre of Excellence, NIST  Dr. Ali El Kaafarani, CEO, PQShield  Alan Shimel, CEO, TechStrong Group  Blair Canavan, Director, Alliances –PQC Portfolio, Thales  Tim Hollebeek, Industry Technology Strategist, DigiCert   Transition to quantum-ready security DigiCert is championing a collaborative approach to build a quantum-resilient future.  By working closely with industry pioneers and harnessing collective expertise, DigiCert is helping drive a broad, coordinated transition to quantum-ready security — mitigating risk and preserving trust in the increasingly digital world.

DigiCert, Inc., one of the global provider of digital trust, announces a record-breaking Q4 for FY2025, closing at 104% of target net new annual contract value (NNACV), 25% higher than the largest NNACV quarter in the company’s history. The company exceeded expectations for the second half of the fiscal year, fueled by demand for quantum-ready security solutions and an integrated digital trust platform that unifies PKI and authoritative DNS into a single offering.  “Our record results highlight the increasing need for digital trust in a rapidly evolving security landscape,” said Amit Sinha, CEO of DigiCert. “Organisations worldwide are embracing our DigiCert ONE platform to centralise and simplify digital trust management. By securing the entire digital footprint—from authentication and encryption to DNS—our solutions help enterprises reduce risk, eliminate outages, and improve operational efficiency.”  Between January 2024 and February 2025, DigiCert saw a 67% increase in the number of customers who purchased both a certificate and at least one DigiCert ONE solution, demonstrating the rising demand for an integrated, end-to-end digital trust platform.  Notable business landmarks for FY2025 As part of its growth strategy, DigiCert completed its acquisition of Vercara In FY2025, DigiCert delivered significant business milestones and product innovation, reinforcing its leadership in digital trust. The company closed a record-breaking fourth quarter at 104% of target NNACV, the largest in its history, and exceeded expectations for the second half of the year, closing at 102% of the total ACV plan. As part of its growth strategy, DigiCert completed its acquisition of Vercara, expanding its digital trust capabilities to include UltraDNS and strengthening its ability to provide comprehensive security solutions to enterprises worldwide. DigiCert strengthened its executive team with key appointments, including Chief Trust Officer Lakshmi Hanspal and Chief Marketing Officer Atri Chatterjee. The company also welcomed Dr. Taher Elgamal, the widely recognised “father of SSL,” as a strategic advisor. World quantum readiness day Further reinforcing its leadership in advancing digital trust and quantum readiness, DigiCert hosted the inaugural World Quantum Readiness Day, a global initiative aimed at raising awareness and accelerating action toward post-quantum preparedness. The event attracted nearly 4,000 registrants and featured industry luminaries, including Dr. Peter Shor, Dr. Taher Elgamal, Dr. Bob Sutor, and experts from Google, Accenture, Deloitte, IBM, Cisco, and NIST. DigiCert advanced its technology leadership in FY2025 through continued innovation and investment in future-ready solutions, such as the newly-launched DigiCert ONE platform. The company filed 81 new patent applications during the year, including nine for AI/ML-specific technologies, 10 focused on post-quantum cryptography, and four advancing content authentication. Upcoming products and innovation DigiCert introduced DigiCert® Device Trust Manager, a comprehensive, lifecycle-based IoT security solution DigiCert introduced DigiCert® Device Trust Manager, a comprehensive, lifecycle-based IoT security solution that enables device manufacturers to secure connected devices at scale—from production through decommissioning. As the number of connected devices is projected to reach 56 Billion, Device Trust Manager addresses the growing complexity of compliance, data integrity, and operational risk by delivering end-to-end visibility, automated provisioning, and real-time monitoring. Additionally, DigiCert began offering Common Mark Certificates (CMCs) to address the increasing need for verifiable indicators of online trust. These globally recognised digital trust marks help organisations demonstrate compliance, build consumer confidence, and protect brand integrity. DigiCert is currently the only provider in the market to offer both Common Mark Certificates and Verified Mark Certificates, underscoring its leadership in shaping the future of digital trust.

As the new year dawns, it's a good time for the security industry to look ahead to 2024. We asked this week's Expert Panel Roundtable: What will be the biggest surprise for security in the year ahead? 

Physical security is essential for a modern production facility, users don’t want just anyone entering the building or accessing secure areas. But what about production machinery? Machine authentication is often a missing link in the security plan for manufacturers. Why machine authentication?  Most manufacturers have made significant investments in physical access control (PAC) for production facilities. Few shops currently hand out physical keys to employees or leave the building unlocked during production hours. For all but the smallest shops, front-door access typically involves individual radio-frequency identification (RFID) badges that enable tracking of who is coming and going and at what times. Use of physical keys, password login It is simply assumed that anyone who has access to the factory floor has the knowledge, authority, and training But when it comes to production machinery, many manufacturers still rely on physical keys, password login on the human-machine interface (HMI), or a shared PIN to unlock machine access. In some shops, machines may not be secured at all, it is simply assumed that anyone who has access to the factory floor has the knowledge, authority, and training to use the machines responsibly. However, this is not necessarily a good assumption, especially in a larger manufacturing plant where many people can access the production floor.  Valuable and sensitive equipment CNC machines, robotic welders, process equipment, and other production machinery can cost anywhere from $5,000 to half a million or more, depending on their size and function. They also have significant safety risks for untrained users and may hold valuable and sensitive IP (such as customer design specs or batch recipes). User authentication Authenticating users at the machine level closes an important security loophole and makes plants safer and more productive. Machine authentication prevents untrained or unauthorised users from accessing production machinery. The right authentication system also allows access levels to be tailored for different users based on training credentials, job roles, or even projects.  Machine authentication benefits A strong machine authentication solution provides several benefits for manufacturers: Minimises unplanned downtime and expensive damage to machines caused by untrained operators. Enables tracking of production outcomes by machine operator for better quality control and troubleshooting. Protects company and client IP held on the machine by preventing unauthorised access to machine controls and memory. Enhances plant safety and compliance by limiting machine access to operators with the appropriate credentials. Reduces the risk of deliberate sabotage by unauthorised operators, including damage to machines and production facilities and data theft or corruption.  Mark Merino, the Director of the Digital Factory Group for Polaris Automation, explains, “Machine authentication allows us to identify which people are logged into different pieces of equipment and make sure they are trained appropriately for the machine and have the right clearances for the data they are trying to access.” Choosing the right machine authentication solution  Access control for production machinery can be accomplished by various means, including password and PIN systems, physical keys or fobs, RFID badges, or smartphone-based mobile credentialing systems. The best machine authentication system will: Be highly reliable and secure to protect the machine from unauthorised access. Enable identification of individual operators and tracking of who has used the machines, at what times, and for what projects. Allow access levels to be differentiated by the user. Be easy to implement and administer. Discourage sharing or cloning of credentials. RFID readers An RFID reader can be easily connected to or integrated with the HMI for the machine In most manufacturing environments, the simplest solution for machine authentication is the RFID badge employees already carry for building entry. An RFID reader can be easily connected to or integrated with the HMI for the machine. All users must do to authenticate themselves is swipe their badge over the reader to unlock machine controls. RFID benefits RFID provides multiple benefits for end users, IT, and managers: It leverages technology already widely used, so users do not have to carry a separate key or fob to access machine controls. It is more secure and easier to manage than a password system, as passwords are frequently forgotten, shared, or hacked. Unlike shared PINs, physical keys, or fobs, user authentication via an ID badge enables accurate identification of who is logging into the machine. Users are much less likely to share their picture ID badge (which is often also linked to HR functions such as time and attendance) than a machine password, PIN, or key. If an ID badge is lost or stolen, or an employee leaves the company, IT can easily disable access to the card. RFID credentials are very difficult to hack or clone. Transmission between the reader and card can be encrypted for added security. Unlike biometric options, RFID is highly reliable even in hot, dirty, or humid environments and does not require workers to remove gloves, safety goggles, or masks. Getting started with machine authentication  Machine authentication starts with selecting the right RFID reader. A universal RFID reader supports easy implementation, integration with other building systems, and scaling. A universal reader also provides flexibility for the future in case companies want to change transponder technologies or allow for user authentication using mobile credentials on a smartphone. IIoT model User authentication must be designed within the context of the wider security ecosystem of the plant To ensure the security of production machinery, user authentication must be designed within the context of the wider security ecosystem of the plant. Modern production machines are increasingly networked and connected in an “Industrial Internet of Things” (IIoT) model. That means machines are not only vulnerable themselves but are also endpoints in the broader IT landscape of the plant. Machine authentication systems must incorporate best practices for endpoint security, such as those outlined by ISO (International Organisation for Standardisation), NIST (National Institute of Standards and Technology), and other industry organisations.  Best practices: The reader installation should be tamper-proofed to prevent physical disruption of the authentication system. Use an encryption standard suitable for the security level of the application. Encryption prevents data interception or card cloning. If higher security is desired, RFID can be implemented as part of a multi-factor authentication system along with biometrics and/or a password or PIN. The authentication system should support different access levels for different users or classes of users. A role-based permission system allows for different levels of access for line operators, supervisors, IT, and maintenance, for example. For maximum safety and security, individual users should only have the minimum access required to do their jobs. With secure machine authentication, manufacturers can protect people, production equipment, and IP, while enabling smooth operations. It all starts with an authentication system that supports reliable and secure operator identification at the machine level. 

Integrators need to be well versed in Total Cost of Ownership (TCO), when discussing video surveillance options with their customers. Business leaders are looking for the best, most economical technology that will address their security needs, and they also want to avoid being blind-sided by unplanned technology operations and service costs. While most folks understand that the initial cost of a video surveillance system is not the same as the total cost of ownership, many might be surprised to learn that the costs to operate and maintain video surveillance system on-premises technology is often double and sometimes even quadruple the original purchase price, particularly when IT servers are involved.  TCO landscape changed with advent of cloud systems Fortunately, the TCO landscape has changed with the advent of cloud systems Fortunately, the TCO landscape has changed with the advent of cloud systems. What has changed? To begin with, there are certain characteristics built into true cloud systems that offer tremendous economies of scale and save the customer money. The three examples described below are also outlined in the National Institute of Standards and Technology (NIST) Definition of Cloud Computing: Resource pooling - This is a term that describes how businesses, who are cloud system subscribers, all share the significant cost savings from equipment purchases and servicing at large scale. Cloud system subscribers all receive high-power and high-capacity computing at a much lower cost than would ever be possible with an on-premise system. Rapid elasticity - This is the cloud-computing term for the ability to provide scalable services. Rapid elasticity ensures that each cloud system subscriber is always using only and exactly the high-performance computing resources needed. This is a much different situation than an on-premises system, which must be sized and continually powered to satisfy occasional peak system usage. Measured service - Each subscriber’s account only uses and pays for the resources allotted by subscription. This ensures predictable data center costs and reasonable subscription pricing. True cloud offers high system reliability, strong cyber security Additionally, true cloud offers high system reliability, wide-area internet-based remote access and strong cyber security that surpasses what is feasible for on-premises deployments. When you compare all the costs to own and operate video management systems (VMS), as opposed to using purchase price alone, the TCO of a true cloud system is considerably below that of a typical on-site system. The savings vary, but generally safe ranges are: Small business: 5% to 15% Multi-site retail operation: 25% to 40% Large commercial business: 15% to 25% Classic TCO Cost Categories Let’s take a look at the classic TCO cost categories for physical security systems. The chart in Figure 1 shows eight categories, whose relative sizes vary depending upon type and configuration of the project. Figure 1 - The classic TCO cost categories for physical security systems For small single-site deployments, calculating TCO is simple. For multi-site, large commercial, and enterprise deployments it is more complex. With multi-site deployments, these costs are typically grouped with other costs across a variety of budgets and are typically difficult if not impossible to accurately predict or track. Cost of server and network installation The cost of server and network installation, maintenance and repair will be about the same for any VMS However, for video surveillance systems, even if a security manager wanted to calculate the TCO, what benefit would there be? The competitive part of a commercial video surveillance system is not the server and network infrastructure, which is often provided or specified by the organisation’s IT department and is substantially the same, regardless of the brand of video management system (VMS) software. The cost of server and network installation, maintenance and repair will be about the same for any VMS. Only the software purchase price and ongoing licence fees will make a competitive difference, right? In the past, that was generally true. However, with a cloud video system, this is no longer the case. Cloud reduces Video Management System TCO A well-engineered true cloud VMS includes capabilities that are typically not affordable in on-premises systems. For example, a true cloud VMS offers server and data redundancy, high bandwidth wide-area network infrastructure, and very strong cyber security, all of which would require a very significant investment in a non-cloud system.  A cloud-based VMS makes these affordable due to the large economies of scale in the flexible computing, data storage and wide-area networking resources of a cloud data centre and the internet. Cloud-based system offer data redundancy and cyber security Notice that, in the TCO calculation examples that follow, the cloud-based system contains data redundancy and cyber security measures that on-premise systems simply do not offer. Other benefits include: Hot redundant computing Geographically desirable video storage locations Information security audits Continuous penetration testing Continuous feature delivery Automatically applied application security updates Backups are current, encrypted and verified In a true-cloud VMS, backups are kept current, encrypted and are verified In a true-cloud VMS, backups are kept current, encrypted and are verified, and cyber security controls are tested, as part of normal cloud operations. Another cost-lowering element is intelligent bandwidth management with local on-premises buffering, typically allowing existing business internet connections to be utilised for uploading video to the cloud VMS, incurring no additional internet bandwidth costs. Video-optimised data centre technology Furthermore, TCO is even better from a cloud company that designs and builds its own public or private cloud, using hardware and software optimised for video applications, in order to maximise system performance and reliability, and minimise costs. VMS software that is built using public cloud providers’ services, are built for a wider variety of application types, and offer fewer system optimising options. Furthermore, margin-stacking occurs because the public cloud’s profit margin on its computing, networking and storage services are then resold by the cloud VMS provider. That means subscribers now pay for two profit margins on the VMS platform’s supporting infrastructure. TCO Comparison – True Cloud vs. On-site NVR Enterprise System Figure 2 - TCO Calculations for True Cloud Enterprise VMS Figure 3 - TCO Calculations for On-Site NVR Enterprise System Deployment TCO Comparison As Figures 2 and 3 above show, a 5-year cost TCO comparison between a True Cloud VMS and an On-Site NVR Enterprise System shows a 35% savings for the True Cloud VMS.   On-Site NVR Enterprise System: US$ 1,138,255 True Cloud VMS: US$ 741,470 TCO Diff: US$ 396,785 Savings: 35% However, in addition to the cost savings, there are several critical information security elements included in the True Cloud VMS that can’t be feasibly achieved in the On-Site NVR Enterprise System (Figure 3, items 5b, 5c and 6c). Thus, the True Cloud Deployment is without question the better value. Cloud System TCO Wins The above TCO comparison underscores the typical advantages of cloud-based over premises-based video management systems. The hard and soft benefits are clear: Lower TCO. Lower total cost of ownership. Lower Up-Front Costs. Lower up-front expenditure costs. No Margin Stacking. TCO is even better from a cloud company that designs and builds its own data center technology, eliminating vendor margin-stacking. Full Hot Redundancy. Data storage and video recording and processing are fully redundant. Cyber security. Strong cyber security including data encryption in transit and at rest. Mobile Performance. Better wide-area mobile device performance. Automatic Updates - Automatic security and feature updates with no action needed by the service provider. Only Pay for What You Use - Cloud customers can add and subtract video analytics and other system capabilities on demand, paying only for the period in which they use them. Instantly Adjustable Video Retention - Cloud customers can expand video retention and recording resolution and frame rate on a per-camera basis, without having to make any on-premises infrastructure changes. No Refresh Cost Bump - There is no server refresh cost bump, typically required with on-premises systems for: (a) upgrading outdated server computers for increased processor power and memory, to meet new software requirements; and (b) replacing hard drives nearing their failure point. No Downtime and Accelerated New Features - True cloud systems remain current through continuous delivery software engineering, incrementally improving software in intervals of weeks, rather than months or years. Security/bug-fix updates and version upgrade downtime are eliminated as are staff learning curves. Cloud has changed the TCO landscape Cloud has changed the TCO landscape, and this offers integrators a great opportunity to demonstrate to their customers how security systems costs can be easily measured and predictable. Customers appreciate when the cost (subscription price) is in plain sight. Business leaders appreciate understanding the bottom line—which is that the TCO for a True Cloud VMS system, when correctly calculated to include on-premises VMS equipment refreshes, will typically cost less than an on-premises VMS – while providing greater value.