By 2025, more than 10.7 million digital certificates have already been issued in Brazil, and the total is expected to reach 11.7 million by the end of the year. The data comes from the National Institute of Information Technology (ITI), a federal agency that serves as the country’s public key infrastructure certification authority.
A digital certificate is a type of electronic identity. It fulfills a function similar to that of the General Register (RG), which proves that a natural person is who they claim to be. The objective is to guarantee security in different types of operations, as José Luiz Vendramini explains. He is a commercial account manager at Redtrust in Latin America, a platform specializing in digital certificate management.
“In short, digital certificates, such as e-CPF and e-CNPJ, are the safest and most legally recognized way to: identify users and legal representatives of the company, digitally sign documents with legal validity, access essential government systems (eSocial, NF-e, CTe, Reinf, Sefaz, etc.), approve internal transactions and processes, such as purchase orders, issuance of notes, contracts, access controls and audits,” he explains.
Vendramini points out that digital certificates have become increasingly important in the broader industrial and commercial context. Indeed, ensuring that the digital identities of employees and guardians are trusted and controlled has become essential for operational continuity, compliance and security.
“Certificates prevent fraud in tax, social, financial and logistical processes and reduce the risk of access or inappropriate operations on behalf of the company by unauthorized persons,” emphasizes Vendramini.
He explains that industrial sectors are highly regulated. “Standards such as ISO 27001, IEC 62443, data protection legislation and segment-specific requirements (pharmaceutical, automotive, energy, etc.) require strong governance of digital identities,” explains the executive.
However, it is not enough to have the certificate; you have to do good management, warns Vendramini. One of the risks when this support does not exist in companies is the lack of traceability: not knowing “who did what”. When the certificate is installed on a user’s computer, anyone with access to the machine can use it.
On the other hand, making processes dependent on a single person holding the certificate also carries risks. If the professional is on vacation, traveling, or absent, processes such as note issuance, payroll, eSocial, and critical releases are blocked.
“Some points of attention for businesses are: centralization of management (certificates, keys and policies should be managed from a single platform), clear governance (definition of who will have access, profiles and permissions) and attention to certificate validity and renewal notices,” advises Vendramini.
He explains that Redtrust’s solution allows full control, without the need to distribute keys or certificates directly to users and machines. This practice adopted by the company is, according to it, one of the trends for the future of the segment, just like the adoption of digital identities for each machine, robot, sensor and application.
“An increasingly discussed point is the direct impact of poor certificate management on industrial uptime. A large proportion of unplanned outages are linked to expired certificates, incorrectly installed or without adequate control. Platforms like Redtrust have been designed to eliminate this type of risk, by adopting complete visibility, centralized policy and absolute control over certificate usage,” concludes Vendramini.
About The Author
