How the CSC plans to make cloud-based digital signatures ubiquitous

By |

It’s been quite a year for the Cloud Signature Consortium. Since we were formally incorporated as a not-for-profit association this time last year, membership has grown beyond the 11 founders to more than 20 members, and the numbers are still growing. CSC can now count among its members all of the world’s largest trust service providers.

So why have industry, and academia, voted so strongly in favour of the CSC approach?

The answer lies partly in the accelerating pace of digital transformation, and partly in the evolving regulatory context. Either factor alone would not explain the rise of the CSC. But together they created an urgent need for the kind of interoperable technology standard for Digital Signatures which the CSC has developed.

In technology terms, businesses and governments are under increasing pressure to accelerate the move from paper to digital, to drive digital transformation and deliver digital experiences that stand out from the competition and make life easier for citizens.

Regulators recognise this challenge, and have worked hard to support digital transformation. The 2016 eIDAS Regulation in Europe gave legal standing to cloud-based digital signatures there for the first time, meaning that digital identity certificates issued by Trust Service Providers (or Certification Authorities as they are known elsewhere) can be stored in the cloud rather than being held by the user on a hardware token or downloaded onto a single device. This simple legal innovation – which liberates business processes from an office-based desktop computer and enables productivity on the go – is a model for regulators across the globe to follow.

But providing experiences that are digital from start to finish, are secure, work on any device, anywhere, and are truly scalable, is a major challenge and one that requires industry collaboration. In this context, formal standards processes and ad-hoc industry collaboration need to work in parallel to respond quickly to market signals while ensuring maximum openness in terms of the technical specifications developed.

The CSC evolved to fill this gap. The open standards-based approach gives organisations that wish to use signatures as part of their digital transformation the freedom to choose from a variety of trusted certificate providers so that they can comply with local laws or regulations governing their specific country or industry. It eliminates compatibility issues and deployment limitations, making it possible to for users to start small with a single project in a single location and expand with ease across multiple departments and locations, nationally and internationally.

2019 promises to be a year of growth and consolidation for the CSC. With Version 1 of the cloud signature API specification* now published, we expect to see the number of companies that implement the specification into real products to grow significantly, making the CSC label more visible than ever.

And we expect more companies to join CSC, both to help shape future iterations of the standard, and to contribute to the technical work that will define APIs for other trust services such as long term preservation and archiving services.

But above all, CSC remains committed to working closely with standards bodies across the world to ensure that as different governments develop their own approaches to digital transformation, there is the broadest possible agreement around common cloud signature standards. Ongoing exchange of technical expertise is the best way to maintain interoperability in the market place and ensure the quick availability of usable solutions that respond to real world needs of companies and governments everywhere.