Building the high-trust enterprise
Trust is a hot topic these days. In politics. National security. Food and drug safety. Business and finance. It’s hard to find any area of life that doesn’t rely on trust.
We’ve been grappling with the concept since the early days of KM. For example, knowledge sharing, especially when learning from past mistakes, requires a great deal of trust. In a low-trust organization, people are afraid to share what they know. Knowledge flows are stifled.
To succeed in a world filled with deceit, you need high levels of trustworthiness. That means considering human nature as well as technology.
The trust footprint
Trust footprint = (custodians + systems) x (volume of information).
In the above expression, “custodians” represents the human element, which is built primarily on culture. For example, travelers in some parts of the world marvel at how shop owners leave their doors unlocked when they go for a break or to a nearby room for prayer.
In other parts of the world, you’ll find the same types of stores with an array of security cameras, thick metal doors and multiple locks. That’s the “systems” or technology component attempting to compensate for bad behavior.
“Volume” represents the explosive growth in the number of information workers, along with the millions of lines of code and petabytes of data with which they are entrusted. All of which present far too many opportunities for unscrupulous individuals to hide in the shadows.
One of the reasons trust is at an all-time low is because the trust footprint is literally spread all over the place. It should come as no surprise that as an organization grows more powerful and less transparent, incidents of trust violations increase. We’ve seen this in complex offshore corporations, secretive intelligence agencies, large news networks and media outlets, and massive government bureaucracies.
Take, for example, the recent WikiLeaks Vault 7 release exposing the CIA’s “global covert hacking program.” Its alleged weaponized malware arsenal can potentially affect millions of consumer electronic devices including smart phones, tablets, desktop computers and even some television sets.
As many as 5,000 people with security clearances are believed to have had knowledge of the program. As this article is being written, officials are scrambling to conduct interviews and are sifting through massive volumes of log files and other data in hopes of identifying the leaker(s).
But the damage has already been done. Trust has been violated not only with regard to guarding a secret, but also regarding what was being done in secret.
In many instances, detecting and responding to trust violations happens too slowly. For example, the compromise of the U.S. Office of Personnel Management database containing the private records of millions of U.S. government employees and contractors holding security clearances is believed to have continued undetected for more than six months.
Given that backdrop, let’s take a look at some of the ways you can create greater trust across your enterprise.
Reducing your trust footprint
It may sound counterintuitive. But when it comes to trust, less is more.
In the world of trusted systems, you’ll find frequent use of the term trusted platform module (TPM), formerly referred to as the trusted computing base. TPM is defined by the Trusted Computing Group as: “the set of functions and data that are common to all types of platform, which must be trustworthy if the subsystem is to be trustworthy; a logical definition in terms of protected capabilities and shielded locations.”
Essentially, it boils down to this: The smaller the size or “footprint” of the TPM, the fewer the opportunities for compromise. That applies to both the human and technological aspects.
On the human side, we know that as organizations become very large, they often break down into smaller, isolated compartments that end up competing against each other. When that happens, the local missions of the various compartments ultimately take precedence over the broad, strategic mission of the enterprise. As a result, integrity and accountability are weakened, and it actually becomes harder for the organization to hold onto its secrets.
To prevent that from happening, you should always be on guard against “mission creep” and the creation of localized, competing factions. As a KM leader, make sure your enterprise stays focused on the overall mission, along with the values that must be adhered to while achieving that mission.
On the technology side, there are many options. Here are three potentially groundbreaking game-changers you need to watch closely and include in your future plans:
- Blockchain. We first introduced it in the April 2015 issue of KMWorld in our article: “All aboard the blockchain express.” Blockchain is an excellent example of reducing the size of the TPM. The algorithm is open source. The rest consists of little more than an encrypted journal entry stored on a relatively small number of peer-networked computers. The need for a trusted fiduciary such as a bank or accounting firm is eliminated.
- Homomorphic encryption. Before encrypted data can be processed and analyzed, it must first be decrypted. When the analysis is completed, the finished results are re-encrypted for secure transmission and storage. The longer the data remains unencrypted, the more vulnerable it is to compromise. Homomorphic encryption solves that problem by allowing data to remain encrypted while it is being processed, including in the cloud. Although currently processing-intensive, it should become a viable technology within the next decade.
- Double Helix. Funded by DARPA and currently under development at the University of Virginia and the University of New Mexico, Double Helix is an autonomous reasoning system that increases assurance not necessarily by reducing the trust footprint, but by making the TPM a moving target. It does that by rapidly altering the protected system’s binary code, keeping any attackers continuously off guard. While autonomous reasoning systems can actually increase the size of the TPM, they more than make up for it in speed of threat detection and response. Still in the early R&D stage, it’s worth paying close attention to this and similar efforts underway at DARPA.
Protecting your enterprise and its reputation
Creating a high-trust enterprise requires that well-known triad of people, processes and technology, with the ultimate goal of eliminating any and all opportunities for violating trust. That means doing everything you can to minimize the trust footprint, which in turn means leaving nothing to chance. The best way to do that is through transparency.
It doesn’t involve exposing sensitive information. Rather, it entails exposing performance by consistently maintaining open and honest accountability.
As we’ve discussed in previous articles, more than two-thirds of the U.S. population is on some form of social media. Monitoring the public discourse helps you discover clues of possible trust erosion ahead of time and take corrective action before it’s too late.
Finally, be clear about your mission and values. Most of all, be congruent. Nothing builds trust more than saying what you mean, and doing what you said you would do. Trust and accountability go hand in hand.