a close up of a logo

The power of trust: thoughts on security in the digital age

Sian  John

Sian John

Chief Security Advisor

Read Time, 5 min.

When you’ve been working in digital security for a quarter of a century, as I have, people often ask what my number 1 piece of advice is to help businesses and organizations build trust with their customers and partners.

My answer is always the same: “Don’t be creepy!”

I know it’s a cliché to use films as parallels, but there’s a great example of what I’m talking about in Minority Report. Forget about the film’s overall premise, to predict when someone is likely to commit a crime before they do it. For me, the creepiest bit of the film is when Tom Cruise’s character walks into a department store and they scan his eyeball and then tell him exactly what clothes he’ll like. It might seem like a really good service, but it’s creepy. And I think people are worried about creepy things.

When companies talk about using advanced technologies like AI, an implication is that customer data can be used to profile people. So companies who do use AI have to do so with integrity and in an ethical way, so that people trust they’re using it with good reason and to good ends. Overstep the line, and you lose that trust.

My role is helping organizations to use technology in a way that builds trust. Here, I want to share some of the key things I think CISO’s should consider when approaching security in the digital age.

The importance of making trust leaps

Someone who has influenced a lot of my thinking on trust is Rachel Botsman, in particular her concept of what she terms Trust Leaps. For Botsman, trust leaps are when people have to make a mental leap from the known into the unknown. These leaps are characterised by a particular emotion: uncertainty.

When organizations move from on-premise to cloud-based infrastructures, they have to make a trust leap, which is to say: they have to confront uncertainty. So when we do make the leap to digital transformation, there needs to be enough information and visibility to make that leap as comfortable as possible.

Those CISOs who embrace the move to the cloud are looking at hyper-scale cloud service providers like Microsoft and asking themselves questions like:

  • Do I think that you as an organization are going to look after my data?
  • Do I know that I’ve got control over that data when it’s there?
  • Do I have visibility of what’s happening in the cloud service?
  • Can I get an understanding of how you’re going to operate in the backend?
  • Will I get visibility of risk?

We do everything we can to answer these questions and more because we understand that moving to the cloud is a massive chasm of trust to leap over for some organizations. The more information and transparency we can give, the less daunting that leap will be. Because ultimately, trust comes down to people feeling they are in control, and that what they expect to happen, will happen.

How transparency reduces the need for trust

Transparency is a word that often comes up when we talk about trust. But something Rachel Botsman points out that really resonated with me is that transparency does not actually build trust. What it does is reduce the need for trust. By being transparent, you reduce the amount of unknown, so it’s less of a leap to make to trust.

When it comes to security, having the right controls in place so you can see what’s happening, audit what happens and show engagement – all of that creates greater transparency, and so reduces the trust gap.

But I also believe that under the right circumstances, transparency can actually be used to build trust. The Norsk Hydro data breach is a great example of this in action.

Norsk Hydro is a huge global aluminium manufacturer whose factories rely on digital technologies to power their machines. So when they were hit by a massive ransomware attack, it spelled potential disaster for both their production line and brand image. But their response saved them.

When the attack hit, they held a public press conference. They were very transparent about it. They were transparent about the attack itself, the investigation, their engagement. So rather than the breach having a negative effect on their image, a lot of the commentary from people at the time was about the trust and respect they built in the industry because of the way they responded transparently to deal with it.

That’s a classic example of taking lemons and making lemonade with them. And it was made possible by being transparent, ethical, honest, and responsible with the trust of customers and partners whose data was put at risk.

Taking responsibility for cyber security

One of the characteristics of trust and privacy is that it is very emotional. To trust is to be vulnerable, and cyber criminals know that, which is why our trust is often the gateway they try to exploit to gain entry to our organizations.

They will continue to succeed. Because people are people, and they will continue to make mistakes. It’s easy to say “If you get a link, don’t click on it.” But security experts have to remember that the modern world has been set up to encourage people to click on links. So saying “don’t click on the link” is really saying “don’t do the thing you’ve been conditioned to do for the past 15 years”. It’s unrealistic, and I think security experts can be too hard on end-users, expecting them to behave in a way that isn’t natural to them.

The better response is to expect the breach and be prepared for it. That’s how I operate: I expect criminality to exist. I expect humans to make mistakes. And I accept responsibility for trying to manage that equation and mitigate its impact.

As I see it, technology is the greatest defence we have in this fight.

Safeguarding digital privacy

Discover the 5 ways to increase trust and empower people in our latest eBook, Safeguarding digital privacy

Discover more related articles per industry:

Education

  • a woman using a laptop

    Make remote learning work better for everyone. Find out how.

    Since the COVID-19 outbreak first hit China, our education customers in the country have done amazing things to keep students engaged while they transition to remote learning. From eLearning innovations, to keeping students’ spirits high with photo and cooking challenges – teachers and students have shown extraordinary resilience during this difficult time. Now, as the […]

  • a person sitting on a chair in a room

    Bridging the education gap in challenging times

    Across the globe, teachers, students and parents are dealing with a new reality: how to adapt to an educational environment that has moved from the classroom to the internet. As in many countries, the remote Faroe Islands, more than 300 kilometres off the coast of Scotland in the North Sea, has found the lives of […]

Government

  • Iceland runs on Trust

    How the cloud helped a small nation realise big ambitions

    In December 2015, the Icelandic government kicked off a digital infrastructure review. With more than 100 different suppliers managed by over 100 IT managers in each public institution, the brief was clear; to simplify operations and streamline IT for over 20,000 users. The solution: Fast forward two and a half years, and a decision was […]

  • a man and two women standing in front of a brick building

    Ajuntament de Lleida: transforming the public sector with a modern, virtual workplace

    “At Ajuntament de Lleida, we think differently. We embrace new technology. And when we see that it could add real value to the work we do, we find a way to make it happen.” Carles GinéSabaté, Systems Implementation Planning Manager at Ajuntament de Lleida, is reflecting on his organization’s open-armed approach to digital transformation and […]

Healthcare

  • logo

    Why trust is the essential ingredient in healthcare digital transformation.

    My phone had scarcely stopped ringing for weeks. Now it was ringing again. “Veronica,” said the voice at the other end, “we have an idea!” Immediately, I recognized who it was. I’ve known Carlo Tacchetti for almost as long as I’ve been at Microsoft. He’s a professor at the Vita-Salute San Raffaele University and the […]

  • Nurse and patient

    MOB: increasing healthcare workers’ time with their patients using cloud technology

    “Time is the most valuable currency in healthcare. That’s what this technology gives us: more time with our patients.” Fettah Erdal, Senior Administrator at Dutch healthcare provider MOB is talking about the impact that cloud-based technology is having on his organization’s ability to deliver more patient-centred healthcare. “All of our care workers are in the […]

Manufacturing

Retail

  • HeadBrands is ready for the future with Microsoft 365 Business

    HeadBrands is ready for the future with Microsoft 365 Business

    Since its creation in 2010, HeadBrands has continued to grow, rapidly becoming the leading retailer of hairdressing products in Scandinavia. HeadBrands needed a modern IT solution to increase its business productivity and improve collaboration, both within the company and externally. Its response to this challenge was to replace most of its previous services with Microsoft […]

  • GDPR and Retail: Four GDPR requirements and how Microsoft can help

    GDPR and Retail: Four GDPR requirements and how Microsoft can help

    Learn how we can help you meet GDPR requirements with solutions available today: Assessing your current risk profile “How do I understand where I am already compliant and where I need to focus next?” This is one of the most common questions from retailers in regard to the GDPR. It’s also one of the hardest to […]

Discover more related articles per dossier:

Customer Stories

  • a person sitting in front of a laptop computer

    SSVOZ: Making distance learning a personalized experience

    When this period of remote learning is evaluated – without a doubt, some of the techniques we’ve used will have a more permanent place in the classrooms of the near future. Antoon Fens, IT Coordinator at Stichting Stedelijk Voortgezet Onderwijs Zoetermeer (SSVOZ), explains the critical role technology has played for education in the Netherlands, during […]

Digital Transformation

  • NorthWest Clinics building

    Northwest Clinics: A new era in virtual healthcare

    “I am generally quite modest – I don’t like to brag about my achievements too much. But in this case, I want to make an exception. I want to tell the world what we have done.” For Ed de Myttenaere, CIO at Northwest Clinics hospital (Noordwest Ziekenhuisgroep) in the Netherlands, breaking with tradition is becoming increasingly normal. In responding to the COVID-19 outbreak, his team have implemented a virtual consultation solution that has the potential to redefine […]

Security & Privacy

Tips

  • a person sitting at a desk in front of a laptop computer

    Top tips for smarter remote working with Microsoft Teams

    With remote working becoming the new normal for many, people are having to find different ways of effectively functioning as a team. Microsoft Teams is designed to keep colleagues productively connected and ensure that everybody can continue to work as collaboratively, efficiently and securely as in the office. So, whether you already use it or […]