Getting trust right in a 'post-truth era'
Organisations need to develop a ‘trust framework’ so that they can proactively manage the collective risk that is made up of suppliers, customers, employees, partners and even partners’ partners.
So said Bruno Horta Soares, leading executive advisor, IDC Portugal, during his keynote address at the ITWeb Security Summit 2021, where he gave an overview of the current threat landscape.
“An existential issue for enterprises is that they are entering a ‘post-truth era’,” he said. “In this era, the interpretation of truth is not controlled by the enterprise, but rather by various interest groups, with each group influenced by its own set of biases and agendas. Enterprises may not be aware that different meanings of truth exist.”
What is trustworthy?
And in this era of multiple interpretations of truth, the big question for enterprises and their customers, partners, and regulators, becomes not what is necessarily a consensus interpretation of truth, which may not be attainable, but what is trustworthy.
Horta Soares said IDC research revealed that CEOs expect digital trust challenges in the next years.
“Getting trust right is paramount and fundamental to a thriving digital economy. Trust elevates to a boardroom topic as the language of trust changes. Conversations move from qualitative and abstract descriptions of security and trust to quantitative expressions of risk.”
"Traditional approaches to security, risk, compliance and privacy are facing challenges both in scope and scale."Bruno Horta Soares, IDC Portugal.
He said the five elements of trust – risk, security, compliance, ethics and social responsibility, and privacy – are transforming the conversation from what a company ‘must’ do to prevent negative outcomes, to what a company ‘should’ do to prevent negative outcomes and build toward positive trust outcomes.
“Thus traditional approaches to security, risk, compliance and privacy are facing challenges both in scope and scale.”
According to the IDC, by 2025, 80% of chief trust officers will demand that vendors incorporate security and risk capabilities to measure corporate trust, including vendor relationships and employee reputation.
Trust isn’t the only challenge businesses need to solve.
Due to the dire lack of security skills, by 2023, to try to reduce the security complexity faced by limited staff, 55% of enterprise security investments will be on unified ecosystem and platform frameworks.
In addition, the many people working from home, have driven a slew of new technologies, and new solutions to monitor them – not because companies want to create a ‘Big Brother’ scenario, but to secure them, said Horta Soares. IDC predicts that by 2022, budgets for modern, software-defined secure access solutions will quadruple as flaws in legacy VPN remote access solutions are illuminated by the mass work-from-home migration.
By 2023, 42% of organisations will be held to regulatory certification that their AI and ML-based algorithmic systems are ethical (free of bias and discrimination) and transparent.
“This means that these will no longer be experiments around AI, organisations will definitely take advantage of these new technologies. However, with great power comes great responsibility, and this is not only from the company side, but from the ecosystem. All companies will need to share, in a very clear and transparent way, what they are doing with these strong, powerful tools,” noted Horta Sores.
The race to digital outcomes will go beyond financial and top-line growth, it will encompass a totally new set of values for the future enterprise, he added. “By 2023, 35% of the largest organisations must demonstrate social responsibility initiatives through internal structures and processes and publicly report the results in financial statements.”