Infosec

Trust in business is trust in the security of those you do business with

Håkon OlsenLeave a comment

Without trust in business there would be no growth. When someone grants you credit, they trust you will honor your duty to pay. When you fork over money for a product you trust that the product is what marketing says it is, or at least fairly close to that. If this trust was not in place, we would not be so eager to do business with each other, and growth would stall. With that follows unemployment, poverty, less innovation.

What have we, as a society, put in place to feel OK with trusting strangers when we do business with them? Basically there are three things that build this kind of trust:

  • Mutual dependence and benefit, typically a customer needs a product and a business is supplying it
  • Activities we undertake to make sure we can trust the other party. Here are some examples:
    • Read about the firm in the news – do they seem honest and fair?
    • Check a supplier’s credit rating – do they have a solid operation?
  • Laws that we expect people to follow, such as
    • Regulations for marketing
    • Safety regulations for products

How does this transfer to information and data? Today doing business means exchanging data. Numerous media reports show that information security incidents pose a real threat to businesses, and to individuals. This threatens to erode the trust we need to make businesses successful, and to support growth. There are two issues that make it harder to trust businesses with data than many other aspects of the relationship:

  • There are fewer laws and established practices
  • We don’t really have many established practices for doing the prior checks.

In fact, most buyers don’t even have a procedure for doing any “trustworthiness checks” regarding data when qualifying suppliers. I think this is something we need to change. When people start to expect that customers are checking their security postures, they will improve their practices. This benefits us all; when more people have reasonable security practices to ensure confidential data is kept secure, and to ensure that public data are available to those that need them, we start to build more trust also in the digital economy. And we need that to ensure growth does not stagnate.

As a starting point for what to think about, see this post about supplier risk: Why high-reliability organizations evaluate the threat potential of suppliers

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s