Last year, no business conversation was complete without someone using the words digital transformation. This year the essential phrase appears to be ‘digital trust’. But what does digital trust actually mean and how does it affect the cybersecurity landscape?
In simple terms, digital trust can be defined as the confidence people have in an organization’s ability to keep their digital data secure and to handle it with integrity and accountability. Digital trust is seen as critical to the long term success of organizations in a connected world. Trust is everything, say its supporters: abuse, lose or expose people’s private data and you lose their trust and their business, followed shortly thereafter by your revenues, market share and reputation.
What does digital trust mean for cybersecurity?
Cybersecurity has grown up around the need to protect data, devices, networks and processes in the digital world. For the industry, and for each individual vendor within it, digital trust essentially means two things: a need to build trust in their own digital operations, and then to ensure they can enable digital trust for their customers. To be trusted organizations that help others to build trust.
Building trust for our customers
Let’s start with the needs of customers. In the beginning, it was all about computer security; technical and complex stuff, confined largely to the IT team in the basement. As organizations become more digital and began to understand and harness the value of data, protection evolved into information security, with business-literate security teams and Chief Information Security Officers. Now that connectivity is pervasive and embedded, security is all about trust and integrity, and CISO’s role is to build and maintain digital trust across the business. To achieve this, they need security partners that can provide reliable protection technologies as well as superior data privacy and security, helping them to manage risk and mitigate the impact of cyberthreats.
In other words, in today’s ultra-connected world, cybersecurity is no longer simply about protecting hardware and software, but about safeguarding digital organizations and the vast volumes of data they create.
As a result, the role and responsibility of cybersecurity has changed. Security now sits at the very heart of a customer’s business, and if an organization is going to let you in, it needs to feel it can trust you. A lack of trust means it will look elsewhere or put up barriers to reduce any potential risk. And, if the organization is a government trying to protect a national economy or infrastructure, those barriers can be very high indeed.
Building trust in cybersecurity vendors
At Kaspersky, we are passionate about establishing trust through transparency and accountability as well as through product quality, and we believe this approach is something other vendors will adopt too. The journey is inevitable in an online world increasingly buffeted by uncertainty, geopolitics, headline making cyber-attacks and criminal scams. Regardless of the security provider you choose, you deserve to know your important information is in safe hands.
For individual security vendors this requires openness about products and processes, and being able to provide evidence of their integrity. This means making source and update code, processes etc. accessible for review by others, despite the potential risks. That is because others – whether partners, customers or national governments – need clear visibility, and to be able to make up their own minds by looking at the evidence for themselves. We have been a pioneer of this approach, launching our Global Transparency Initiative in 2017, and opening our first Transparency center in Zurich in 2018. We see a continuous and growing interest from businesses to learn more about how our security products work and data is processed, so we know it was the right thing to do. For instance, we continue opening Transparency centers across the globe, available for our partners also in Madrid since June 2019.
Building trust in an industry
The actions of individual companies are important, but they will not be enough on their own. We also need to come together as an industry to build a common framework for digital trust that works across all borders and boundaries. To establish, agree and abide by universal standards of performance, data handling, and more. This will not happen overnight, but every step in the right direction will make a difference.
Last, but definitely not least, we need to ensure people understand what we all do, and how and why we do it. This includes the type of data that is collected (malicious or suspicious files, for example), the type of data that is never collected (private stuff about users), why we need access to core systems (it’s where the malware hides), how data is processed and where it is stored, and more. And we need to explain it in clear, unambiguous language.
It actually doesn’t matter whether the term ‘digital trust’ is a passing buzzword or an enduring business requirement, because what it represents: the need to transparently prove security, reliability, and integrity in a hyper-connected world, is real and important. We believe it sets the bar for what customers should expect from our industry.