RV Raghu, ISACA Ambassador and Director, Versatilist Consulting India Pvt Ltd, 0
Ensuring trust, however, became a challenge with the rise of rampant scams, frauds, cyber-attacks and security breaches, and everything else that erodes our trust in the digital world.
The versatility of technologies today means that they can easily be used for both good and bad, and often the onus is on the user to protect themself. This is easier said than done since technologies can be easily misused, irrespective of whether the user is a tech novice or a technophile. Some of the most successful attacks in the digital world have been perpetrated on people who understand technology or who work closely and deeply with technology.
Does this mean that we should return to a pre-tech, almost Luddite world, assuming such a thing is even possible? What we need instead is a non-techno, deterministic, nuanced approach to building, bolstering, and sustaining trust in the digital world.
Various approaches to managing trust in technology and, by extension, the digital world, have evolved to especially focus on the aspects of improved governance and robust risk management. The rapid pace of technology change and the evolving threat landscape demand more especially when it comes to creating digital trust. Enterprises, professionals, users, civil society, government, and anyone else involved will need to establish a culture of trust that can withstand the impacts of technology change, the imbalance in the spread of technology and the inevitable challenges due to the ubiquitous dual use nature of technology.
A first step would be to define digital trust so that there is a common understanding of what it means. ISACA defines digital trust as “the confidence in the integrity of the relationships, interactions and transactions among providers and consumers within an associated digital ecosystem.” This includes the ability of people, organizations, processes, information, and technology to create and maintain a trustworthy digital world. It also impinges on all parties involved to engage in ethical behaviors at all times, leading to a constant baseline of trust.
While this sounds good on paper, ensuring it in reality requires an approach that can stand the test of time, and one that is applicable even when the next best technology comes along--think artificial intelligence, machine learning , quantum computing or any such emerging technologies with multiple uses/applications. Culture is the linchpin that helps foster a baseline of trust. Enterprises need to establish a culture that fosters and puts digital trust above every other motive.
A good starting point to establish this culture is of course to foster a common understanding of what digital trust is, for which ISACA's definition of digital trust can be very useful. Enterprises would also do well to actively socialize what digital trust means internally and externally so that they are able to address the trust factors of quality, availability, security and privacy, ethics and integrity, transparency and honesty, and resiliency that enable safe, private, and reliable digital transactions.
It is also imperative that enterprises across the board prioritize digital trust so that the right culture can be built around it, leading to a self-fulfilling cycle. This prioritization can be further bolstered by addressing who within the organization is responsible for digital trust and how they address what needs to be done to proactively foster digital trust. While the easiest approach may be to assign responsibility for digital trust to a specific role or office such as CEO or COO, this will lead to siloed thinking and may be counterproductive in the long run.
An integrated approach can work well—as opposed to a designated role—where a member of the leadership team makes sure that all the appropriate areas are coordinated to address digital trust in the most effective and optimal way. Finally, for the culture to endure, it is important that professionals and, for that matter, everyone involved in decision making, is appropriately skilled no matter whether they are in IT strategy, security, information technology or risk and compliance, which are broadly considered to be the top roles focused on strengthening digital trust within enterprises.
The trifecta of a common definition of digital trust, an enterprise-wide digital trust framework and skilled professionals can not only foster a culture that focuses on digital trust but also sustain it in the long term.
A good starting point to establish this culture is of course to foster a common understanding of what digital trust is, for which ISACA's definition of digital trust can be very useful. Enterprises would also do well to actively socialize what digital trust means internally and externally so that they are able to address the trust factors of quality, availability, security and privacy, ethics and integrity, transparency and honesty, and resiliency that enable safe, private, and reliable digital transactions.
The trifecta of a common definition of digital trust, an enterprise-wide digital trust framework and skilled professionals can not only foster a culture that focuses on digital trust but also sustain it in the long term
It is also imperative that enterprises across the board prioritize digital trust so that the right culture can be built around it, leading to a self-fulfilling cycle. This prioritization can be further bolstered by addressing who within the organization is responsible for digital trust and how they address what needs to be done to proactively foster digital trust. While the easiest approach may be to assign responsibility for digital trust to a specific role or office such as CEO or COO, this will lead to siloed thinking and may be counterproductive in the long run.
An integrated approach can work well—as opposed to a designated role—where a member of the leadership team makes sure that all the appropriate areas are coordinated to address digital trust in the most effective and optimal way. Finally, for the culture to endure, it is important that professionals and, for that matter, everyone involved in decision making, is appropriately skilled no matter whether they are in IT strategy, security, information technology or risk and compliance, which are broadly considered to be the top roles focused on strengthening digital trust within enterprises.
The trifecta of a common definition of digital trust, an enterprise-wide digital trust framework and skilled professionals can not only foster a culture that focuses on digital trust but also sustain it in the long term.