|
Digital Trust: Shaking Hands With the Digital Enterprise, Volume 1  You surf the Web with multiple identities. Every day, your e-mails share bandwidth with 160 billion others. And each online purchase you make contributes to more than $100 billion of e-commerce revenue annually.
Unfortunately, we pay a price for the convenience of living online. Since January 2005, there have been more than 150 million identity breaches. Your credit card number — along with PIN — is worth nearly $500. And 45 to 98 percent of all Internet messages are spam. Not too long ago, it would have been unthinkable to do business with a faceless stranger; today, however, millions of business transactions are conducted online with barely a second thought. How did we go from depending upon trust cues such as a steady gaze and firm handshake to blithely sharing personal information with the click of a mouse? The answer, according to a new report from CSC’s Leading Edge Forum, is Digital Trust. “Digital trust depends not only on security features, but also on the ability to deliver evidence about feature operation with full transparency of control and result,” says Digital Trust: Shaking Hands With the Digital Enterprise (download the report), the first of eight volumes written by CSC’s Leading Edge Forum. “Digital trust relies on the premise that systems operate as advertised; conversely, it’s understood that no unadvertised functions will occur. Secrecy, therefore, is verboten. But, just like trust in the real world — which is interpreted and acted upon by each of us in our own way — digital trust is not absolute. For instance, explains the report, you may feel okay about purchasing a $50 shirt online but not a $5,000 piece of art. In the digital world, trust must be present from beginning to end — from design and development through testing and deployment, and ultimately maintained throughout individual operations. “It’s all about building confidence,” says Paul Gustafson, director of the Leading Edge Forum. “We all need to explore the mechanisms that will improve the confidence we have, so we can conduct business and life in a way that’s trustworthy.” The fact is our lives are increasingly taking place online. With Web 2.0 creating new business capabilities, the software industry is being forced to reinvent itself just to keep up. Users are continually learning new skills to work with new applications. With more than 90 percent of all documents produced since 1999 created in digital form, we make decisions every day about the trustworthiness of digital information. “Information technology in automated systems now performs many of the actions that used to involve face-to-face encounters or deliberate, stepwise exchanges of information and compensation,” explains the report. “Moreover, those automated actions now speed to completion in just fractions of a second. We no longer have the time or all the trust cues we once used for decision making.” The consequences of a lack of digital trust are dire. Aside from financial devastation — annually, identity breaches cost more than $20 billion, while identity fraud costs more than $50 billion — value is stolen, jail sentences are ordered and entirely new business models are created based on digital theft and fraud. Simply put, says the report’s lead researcher, IT security expert Ron Knode, “There is a payoff for having digital trust and a penalty for lacking it.” Most critically, says the report, digital trust is more than dealing with the risk of loss. Rather than defending against bad stuff happening — the typical information risk management model — digital trust increases the value of what you have and improves the chance of good stuff happening. Focusing on digital trust as a “re-thinking of security planning and implementation strategy,” the report describes digital trust as emphasizing offense rather than defense. In separate volumes, the Digital Trust series explores the problems and triumphs of six key areas, each of which makes a solo contribution to digital trust: Identity Management Asking “Who are you…really?” identity management delves into the identity of both people and things, laying out three basic schemes for identity organization and governance: the “walled garden” directory-centric approach, identity federation and the “open garden” approach, which places the user more in control. Loss of digital trust in identity management has resulted in entire industries of theft and fraud, along with new problems in information risk management. Intellectual Property Protection Representing over a trillion dollars of value for just the S&P 500 companies alone, intellectual property is quickly expanding into many different digital formats and delivery methods. Aside from confidentiality, digital trust for intellectual property also covers originality, authenticity, integrity and access-usage rights. According to the report, “IP is moving so fast into different formats and delivery methods that digital trust struggles to keep up. But, when that ultimately happens, the benefits of digital trust for IP are the loudest.” Compliance Management Covering everything from data retention to financial statements, personal privacy, payment cards, legal discovery and electronic voting, among many other domains, compliance management is the biggest and most complex key area intersecting every other area. Yes, compliance is expensive, but non-compliance will cost much more in the long run. With rules for everybody, everything and every type of transaction, compliance management weaves a complicated set of overlapping and contradictory mandates; sometimes the payoff is just compliance itself. Liquid Security With the explosion of wireless connectivity making it possible for us to stay connected regardless of time or physical location, the digital enterprise is always on. The increasingly liquid nature of time, location and configuration must be protected by equally liquid security. “From Bluetooth to WiMAX, enterprises are becoming untethered,” says the report. “From hotel lounges to the battlefield, digital trust is being untethered to support different security and privacy needs.” eThreats and Countermeasures As in the real world, no matter how careful you are, bad guys still exist. “Even when the enterprise has done everything right — even when classical information risk management has been done perfectly — there are still threats and misuse,” says Digital Trust. This volume concentrates on the threats of cross-site scripting, phishing and spam, open source exploits and “no tech” exposures. Transparency and Assurance Vital for digital trust, transparency and assurance examines the ways in which digital trust is claimed, measured and acknowledged within and across the digital enterprise. But what kinds of evidence are valid benchmarks for digital trust? Does reputation hold any weight in the digital world? “In this key area,” says the report, “system architecture matters.” Overall, “organizations should think of digital trust as a strategy for enhancing business value, while at the same time addressing important information risks everywhere in the modern digital enterprise,” states Gustafson. “Digital trust technologies and approaches give us the confidence we need to conduct transactions and interact with the digital enterprise safely and securely.” The Digital Trust series will be published monthly, with the final volume due in November 2007.
Is your organization ready for the Digital Trust era? Contact us and find out.
|
|
