Within the last few weeks, so many markers have been placed that indicate digital trust is a concept with which people are connecting. Here are some observations with which to fuel your own awareness—the momentum is gathering, just beyond the horizon, and much like the perfect wave building velocity, each of us has an opportunity to ride it, get out of the way, or be consumed.
Fake news. The notion that true facts can be warped, massaged, amended, or abandoned but dressed as something real has always been understood by information security professionals. But the near-global awareness that digital information is so easily manipulated was difficult to perceive, at least prior to 2016. In elementary classrooms and corporate boardrooms, there is an awareness that digital content cannot be presumed to be true. Each of us is learning to be more wary of our impulse, almost instinctive, to trust information available within the 4 corners of our devices.
My sense is that the corporate boardrooms are the last strongholds for preserving the presumption of trust in computer-based content. Executives simply have not invested in the controls, technologies, and business processes that assure the integrity, provenance and reliability of business information they consume in making decisions. But there is the greatest vulnerability-if a bad actor, inside or outside a company, can alter information stored on the corporate servers and relied upon in operating a business, tremendous, insidious harm can be achieved.
Soon, there will be a headline of a corporate executive that makes a major decision subsequently proven to rely on information that was intentionally falsified. The bait will be taken, and the executive will be discarded. So, what do you do in your daily work activity to question the trustworthiness of digital information you use to make decisions? Is there any possibility you are relying on fake news?
Networking-Part I. Suddenly the topic of digital trust is becoming the catalyst for old-fashioned professional networking. Even while typing this blog, I have had two requests to connect, one from the CEO of an information security company launching a new product; the second from a senior manager in a global consulting firm working in London. Last week, I initiated connections with a Silicon Valley wunderkind who is talking about how we will need to calculate trust once machines pass the Turing test. In turn, from her LinkedIn network, I have received nearly a dozen additional connection requests.
These synergies are gratifying but something far more important is occurring. The awareness of digital trust is accelerating at incredible velocity. None of this is particularly surprising within social media when the content is an adorable child playing Mozart, but I find it nearly astounding that the momentum is occurring. Why? Because there is so much to learn and none of us have exclusive domain about the knowledge required.
So, what are you doing to connect with others to learn more about digital trust? Peter Higgins writes regularly on LinkedIn about trust (he was an early reader of my book and, I admit, a wise man who understands far more about trust than I do). Who else are you following?
Networking-Part II. One of the key variables that affects our exposure to digital content that should not be trusted is our inability to see past the content and understand its provenance. Where did the information come from? How well was the information itself protected from the point of creation to the point we prepare to access or use it?
Previous efforts have focused on both the identity of the sender (still the most dominant factor in conventional trust decisions) and the identity of the machine (and possible certifications of its security). But the distributed nature of computing, and global cloud services, has made those single-point validations remarkably limited in their utility. They assume the known entity has, itself, made similar validations, and their source(s) have done the same.
Now, technologies are being introduced that are making dramatic changes, creating transparency and accountability that transforms how we can calculate the trustworthiness of the sources of information we are evaluating. (Neither of these companies has compensated me, directly or indirectly, for mentioning them).
Security Scorecard (http://securityscorecard.com) is doing many cool things, but the trust-oriented solution that impresses me is their automation of third-party security compliance. Their platform enables a company to see past their immediate vendors and also evaluate, with non-invasive monitoring, how the upstream suppliers to their vendors are executing information security. This transparency is critical to both enabling trust, but also documenting the diligence and monitoring that regulatory requirements impose. Application security and endpoint security are just two variables that they examine, but also those are areas where IT and infosec departments often struggle to keep up.
CyberSaint© Security (https://www.cybersaint.io) has just released a new solution that promises to make major contributions toward advancing digital trust. CyberStrong™ promises to integrate business process, cybersecurity, and artificial intelligence into a unified platform for measuring security and risk and making informed decisions. If trust is a calculation, and both economics and risk are part of that calculation, their product (if consistent with the description), fills some important holes in how to structure and execute the algorithms of trust itself. I am looking forward to learning more.
So, what are you doing to look at the horizon and identify new technologies that a) look beyond your direct vendor connections, and b) enable powerful, intelligent calculations of the trust you require to sustain and operate your business?
Taken together, these few examples of the changing momentum toward discussing digital trust suggest there is a velocity out there that is becoming difficult to ignore. The tools, responsive to real issues, are empowering trust, not merely improving security; they are creating, and delivering, transparency and analytics across a company’s entire ecosystem not previously possible. The professionals are finding each other, and connecting, accelerating the inherently collaborative collisions from which innovations emergy. Those who create fake information are witnessing declines in their profitability as people begin to ask more questions, and walk away from presuming the trustworthiness of digital information.
So, are you ready to join the trust revolution?