By John Chen
Trust is the fundamental building block of human connection, whether in business, life or networked technology, such as the Internet of Things (IoT). Yet in today’s digital economy, trust is increasingly threatened.
The numerous data breaches experienced by organizations over the past several years has made trust a topic of discussion in policy circles. This week, Andre Boucher, deputy minister and an official with the Canadian Centre for Cyber Security told the House of Commons public safety committee that “we cannot be complacent” when it comes to security.
The U.S. Defense Innovation Board last week issued a whitepaper calling for the Pentagon to implement “zero trust” architecture to fight cyber security threats.
It might sound sound counter-intuitive, but organizations must move to a zero trust model in order to create connectivity consumers can trust. A move that compliments the essence of trust rather than contradicts it.
The number of connected endpoints is growing every day, and in parallel so too is the risk of security being compromised. The common denominator, and therefore the biggest hazard, in each connectivity scenario is the consumer’s identity. Almost every connected endpoint today requires identity information to operate, meaning that once identity is compromised, the opportunities for a bad actor span the entire work-life connectivity network.
Naturally then, identity must be the network boundary — it is no longer sufficient to think only of the physical network, of an office or home. What’s more, the identity perimeter must be constantly verified because of the high-risk of identity theft.
A zero trust model continuously authenticates a user’s identity and has its default set to trust no-one. The technology verifies multiple authentication criteria on a constant basis, not just at login. These criteria include traditional security features such as passwords, as well as situational factors such as location and role, and behavioural biometrics such as hand-eye coordination, individual scrolling patterns and other user norms.
So how is zero trust consistent with trust? Zero trust is as necessary for advancing connectivity as trust is. It is imperative that there is credible trust between technology and people, for the massive potential of being increasingly connected to be realized. That trust is built on a framework consisting of three pillars — security, privacy and control — which is where zero trust comes in. With zero trust every one of the three pillars of trust can be grounded to build a solid foundation upon.
There are a number of regulations in existence today that give importance to the need for cybersecurity. The regulations outline high-level requirements and accountabilities for cybersecurity, data privacy and process controls. However, given that the question is no longer if a security breach attempt will occur but when, regulators must enforce zero trust as a basic security requirement.
Trust is a precious commodity and it is the key to extracting value from the Internet of Things. The most meaningful way to build trust in a digital economy? Take a zero trust approach.
John Chen is executive chairman and chief executive officer of BlackBerry Inc.