Digital signature adoption grows within the industry

Process management and concern with IoT device security drive industry certification

  • By 2022, more than 2.8 million digital certificates have been issued in Brazil. Almost 8.6 million emissions are projected by the end of the year;
  • 51% of active certificate signatures correspond to legal entities, 48.2% to individuals and 0.8% to devices;
  • Industry applications range from document signatures to IoT device certification.

The challenges posed by the pandemic over the past two years have driven a major digital transformation, to which various sectors of the economy have had to adapt. Although it is not a new procedure, digital signature has jumped in this period, and today it is a fundamental tool in the routine of several companies, either for speed and safety in bureaucratic procedures, or for the saving of resources and optimization of work and physical space, which impact on cost reduction. Following this trend, the industry has also benefited from the use of digital signature in its operations.

The advanced digital signature is the modality most adopted by the sector, performed from a certificate not issued by ICP-Brasil (Brazilian PKI root), which must be recognized by the parties or accepted by the signatory in order to confer legal validity. “There is an inclination of the industry to invest in internal Public Key Infrastructure (PKI) to issue their own digital certificates, reducing bureaucracy of internal procedures,” explains Roberto Gallo, CEO of Kryptus, a Brazilian multinational provider of encryption and cybersecurity solutions.

Among the most recurrent applications are the signing of contracts with customers and suppliers, issuance of electronic invoices, import and export operations, financial transactions and labor, tax and tax documentation. “We noticed an increase in the adoption of Hardware Security Module (HSM) integrated with these applications to provide an essential layer of protection to subscriptions in corporate environments, as this equipment ensures an inviolable environment for the processing and storage of cryptographic keys, and can be accessed and managed remotely without risk of tampering”, completes.

Cloud and IoT applications

Digital certification adoption is also relevant within the industry 4.0 concept, which is already being applied in the sector and encompasses in its processes cloud computing, artificial intelligence (AI), and Internet of Things (IoT), among other emerging technologies. In 2021, the OM-BR certificate for metrological objects, such as fuel pumps, water and power readers, scales, and speedometers, was launched in Brazil in partnership with the National Institute of Information Technology – ITI with Inmetro. “The internet of things is already a reality, and one of the biggest concerns is the security of storage and transmission of data of these devices, driving IoT certification to will be one of the main features of digital certification,” predicts the executive. Market studies project 50 billion devices connected to the network in 2022, doubling the estimation for the previous year.

The distancing implied by the pandemic meant that cloud computing also had a forced acceleration within the industry. Here, digital certification is used to authenticate virtual environments and application access. “Today, the processing and storage of cryptographic keys of digital signatures can also be carried out within a Cloud HSM, which offers the same security of physical equipment in the model as a service,” adds Gallo.

Compliance to LGPD

Prevailing since 2020, the General Data Protection Law (LGPD) regulates the collection and processing of personal data by a natural or legal person under public or private law. According to Kryptus’ CEO, international best practices advise that sensitive data should be encrypted and/or anonymized. The correct management of such keys cannot be achieved without the use of a PKI. In this context, an HSM-based cryptographic infrastructure (whether in the cloud or on-premises) can deliver not only data encryption, but also the governance of its key.


Our team is made up of the best professionals in the market: those who stand out for their expertise, agility, innovative thinking and technical capacity, valuing challenges and believing that it is possible to transform the world into a better place. If you fit this profile, please submit your resume or portfolio in the form below.



Valid Rss Rogers