What happened
French cybersecurity vendor Evertrust has closed a €10 million Series A funding round, led by the fund Elephant. The company plans to use the fresh capital to expand its European and international reach, including tripling both its sales and technical headcount, broadening its product roadmap, and building a reseller network focused on managed security service providers (MSSPs).
Who is affected
Large organisations, especially enterprises with complex, multi-cloud, on-premises, SaaS or hybrid infrastructures, that rely on digital certificates for authentication, encryption, and signing. Also public and semi-public institutions that require compliance with standards such as eIDAS and NIST will be impacted.
Why CISOs should care
- Evertrust offers an integrated platform combining Public Key Infrastructure (PKI) and Certificate Lifecycle Management (CLM), covering issuance, renewal, revocation and management of certificates. This addresses a growing pain point as certificate volumes rise and traditional manual processes become untenable
- The company recently obtained certification from ANSSI (France’s national cybersecurity agency), bolstering its credibility, a major plus for organisations with stringent compliance requirements or data-sovereignty concerns.
- As certificate lifespans shorten and regulatory demands tighten globally, CISOs must plan for automation and scalable certificate lifecycle governance, and vendors like Evertrust are positioning themselves as viable, sovereign-friendly alternatives to legacy PKI providers.
3 Practical Actions for CISOs
- Inventory Current Certificate Usage: Know where and how many certificates you have (servers, devices, SaaS, IoT, etc.), and assess whether manual renewal and management remain viable long-term.
- Evaluate Integrated PKI + CLM Solutions: Consider solutions like Evertrust’s suite (PKI + CLM) instead of disjointed tools, especially if you foresee growth in certificate volume or need stronger governance and automation.
- Plan for Sovereignty & Compliance: If your organisation handles regulated data or operates in jurisdictions with strict data-sovereignty requirements, prioritise providers with regional certification (e.g. ANSSI) and compliance with standards such as eIDAS and NIST.