Trust is a state of being as much as it is an emotion. Trust is also a fundamental way of operating.
“A complete absence of trust would prevent one even getting up in the morning.”
– Niklas Luhmann (Trust and Power – 1979)
For a modern enterprise, the process of establishing a state of trust in new information technology systems, along with maintaining trust in existing ones, can be an anchor or a sail for the business. Most often, it is an anchor that impedes forward movement, normally due to the many ways in which trust is negatively perceived. Just as the stakeholders of any information technology system are diverse, so too are their definitions of trust.
So, what does trust actually mean in our digital world? I believe that trust in all things digital is pillared by four critical and quantifiable concepts: security, privacy, accountability, and integrity.
Security is ultimately the governance of the right, or lack thereof, to access something. Digitally, this usually involves encryption and policy management.
Privacy, like the higher-order topic of trust, is very personal. I believe it is best defined as the appropriate use of information. What constitutes appropriate is not static and is subject to change at any point in time for a multitude of reasons.
Accountability is more straightforward; people want things to behave consistently and be provable. As global enterprises have evolved, they must now also efficiently prove what did not happen.
Integrity appears straightforward on the surface yet becomes more complex the deeper one goes. When enterprises rely on thousands of separate information technology systems—from storage to processing to networking to analytics—the integrity of the data supply chain becomes daunting. Integrity applies to the data and also the governance of the entire data-handling process.
Applying the appropriate security and privacy policies throughout the data lifecycle—and having certainty that the correct policies were applied—is a dubious task at best in a traditional information technology environment. Furthermore, enterprises can only dream of having confidence that the decisions made within a digital pipeline were made by reasoning over an accurate version of the data.
These concepts present an increasingly complex set of challenges and opportunities for enterprises to address. The process of trust management bubbles up in different ways depending on the lens through which it is viewed within the enterprise.
For a business unit, trust often means the technology solutions they depend on are predictably available, deliver the expected functionality without surprise, and do not adversely affect their client relationships. It also means that the data they use to make their decisions is accurate and up to date.
For workplace individuals, trust in information technology means they can reliably access the tools needed to be exceptional at their job and expect stable business workflows.
For a governance, legal, security, or risk department, trust means that those systems will explicitly assure, while also not violate, the internal and external compliance and regulatory requirements of the enterprise.
For a human resources team, trust means information technology systems effectively enable them to serve the needs of their employee populations without violating trust-based human-to-human relationships.
For IT, trust means the systems deliver what is expected of them precisely with no surprises in functionality, costs, or information handling.
Ultimately, for the Board of Directors, trust means the enterprise can implement growth and performance improvement plans without introducing unforeseen liabilities.
In this world of Zero Trust, where companies no longer retain ownership of the networks or even the applications where their data travels, we must start from the premise of an untrustworthy infrastructure, which raises a very important question: how do you establish an acceptable minimum threshold of trust in order to conduct business with confidence?
I believe the answer can only be found by examining the pillars of data trust—security, privacy, accountability, and integrity—and understanding how they are perceived, implemented, and managed by the diverse stakeholders across the organization. In my next post, within the context of today’s crisis of cross-environment trust management, I will explore three common qualities—consistency, predictability, and simplicity—that define desirable outcomes across all sets of stakeholders.