Earning Trust in the 21st Century - Creating Trust Frameworks in a Zero Trust World
By: Anil Karmel, President, Cloud Security Alliance Washington DC Metro Area Chapter (CSA-DC)
Our world is more connected and reliant on technology than ever before, yet we are more disconnected and trust each other less now than ever before. New attacks such as the SolarWinds hack have immense repercussions on the trust we have in the very infrastructure we rely on every day. Additionally, questions have been raised around the media, Big Tech, and censorship. What’s the balance between democracy and corporatocracy? Our society is at a “trust crossroads” and as such, we need a new way to build trust for both individuals and entities. Such is the topic we address in this new paper, Earning Trust in the 21st Century, created by the research committee of Cloud Security Alliance’s Washington DC Metro Area Chapter (CSA-DC.
Private companies unaffiliated with the government create consumer credit scores to ascertain an individuals’ credit worthiness. These scores are used in a variety of means, from what you can afford to purchase to what you’re expected to pay if you default on a payment. Did you know that government agencies allow corporations to consider additional factors in addition to credit scores when determining credit worthiness? For example, in 2019, the New York State Department of Financial Services announced that life insurance companies could base premiums on what they find in consumer social media posts. These implications raise policy questions that need to be addressed to afford the right checks and balances between democracy and corporatocracy.
From a technology standpoint, enterprises are moving toward Zero Trust Architectures to minimize their attack surface and increase visibility, supporting the principle of least privilege, and reducing overall risk. Additionally, organizations such as FICO, RiskSense, and Sift have created risk scoring mechanisms for entities to forecast the likelihood of a future breach as well as predict a users’ intent, protecting businesses from fraud and abuse. Alibaba released the Sesame Credit System measuring an individual’s interpersonal relationships, shopping habits and behaviors, crime, and financial history as well as verification of their personal information to score an individual.
Perhaps the time has come to create a new partnership between industry and government to develop a cyber trust score for both individuals and entities to obtain access to systems and data. This approach could result in the creation of an entirely new industry but with that said, how would an individual’s privacy be protected? Regulatory frameworks such as the European Union General Data Protection Regulation (GDPR) are a good start, giving citizens increased control over their personal data while allowing necessary flexibility in its implementation. With that said, from a social standpoint, there is always the risk that citizens will feel distrusted and uncomfortable when they know they are being measured, diminishing their trust in government and industry.
Earning Trust in the 21st Century speaks to the technical, social, policy, and regulatory issues associated with creating a new trust framework in a Zero Trust world, calling on the industry and government to solve these issues in ways that continue to protect the right to a users’ privacy. New incentives, checks and balances need to be created between citizens, the industry, and the government to build trust. Collaboratively, we can define a new way to earn trust and forge our collective future in the 21st century. Join the CSA’s Washington DC Metro Area chapter (CSA-DC) to learn more about how we can collectively serve as a bridge between industry and government to help make the world a safer place and secure our future in the new digital economy.