Without trust, innovation stalls

From EU to US, ever more frequent cries are going out for restoration of trust.
Written by John Fontana, Contributor

Trust. It's gone missing.

Privacy is getting all the attention and headlines. But trust is the foundation that privacy, and so much of the virtual world, stands on.

Brennan believes the Internet can't evolve much further without improved trust.

In terms of identity, argue about passwords, tokens, fingerprints, iris, heart beats, brain waves or whatever authentication method your Tarot Cards call for, but without trust it all falls apart.

Why is trust a big deal? For one, the inherent benefits of global connectivity, including secure universal access controls, can't be realized without it.

"It's possible that we never really have had 'trust' yet, but we're starting to understand what trust can and should look like and how to move the ball incrementally to that space," said Joni Brennan, executive director of the Kantara Initiative, a group that helps develop and accredit Trust Frameworks.

"We certainly now see what trust does not look like," she said. Brennan believes the Internet can't evolve much further without improved trust.

Given recent events, evolution may be out of gas.

Last week, European Commission vice-president Neelie Kroes, told the audience at the CeBit tech fair in Hanover, Germany, that "trust can never again be taken for granted." She added that no less than the future of the Internet is based on it.

Also, NSA whistleblower Edward Snowden appeared virtually at the South by Southwest conference and presented the audience with more questions they should ask themselves about entrusting their personal data to third-parties, namely U.S. cloud providers.

Last month, RSA Security CEO Art Coviello stood up in front of thousands of people at the company's security conference seeking to reclaim trust amid accusations of an RSA backdoor-deal with the NSA.

The advertised keynote topic that he abandoned ironically centered on the redefined role of identity, but that had become a moot point. It was the second time in three years Coviello had used the stage in an attempt to regain trust (the first being the SecureID hack).

At the same conference, new FBI director James Comey told the crowd what is no longer the obvious; that the FBI cares about security and civil liberties. His tone was more an admission that the agency understands it is swimming upstream in the modern current of eroding trust.

Trust is the first thing we cling to out of the womb, and it is a basic truth in any lasting connections. And it runs through all levels of the real and digital world.

Access controls that are used across domains can't be effective without trust. In fact, the complexity and liabilities inherent in such trust within the virtual world has been one of the gating factors in the scalability of federating identity credentials across security boundaries.

In today's climate, questions of trust are even more difficult for enterprises as they contemplate accepting access credentials - either for users or for APIs - from a multitude of providers outside their control and their firewalls.

Gartner analyst Gregg Kreizman predicted this week that by 2020 60% of all digital identities interacting with enterprises would come from an external provider. That's a small window for improving trust among a large collection of players.

Forrester analyst Eve Maler argues privacy encompasses context, control, choice and respect. Kantara's Brennan says those terms also frame trust and that users, businesses and governments should work within those parameters.

"If industry can focus in that space than everyone stands to gain as these lacking qualities seem to be integral to establishing trust - in both the digital and real world," said Brennan. "That's a starting visualization to meet on a reasonable playing field for all."

Are trust issues causing your company to alter IT decisions or strategy? Or is this turbulence just the normal course of an evolving digital world? What is trust?

Related coverage:


Editorial standards