top of page
  • Jessica Barker

Digital Trust versus Zero Trust?



Trust. Such a big concept in five little letters.


In 2019, I collaborated with Palo Alto Networks on a global research project exploring digital trust. In 2020, I worked with Okta on a separate global research project addressing digital trust once more. Both pieces of research yielded fascinating insights.


Trust is a human impulse - a precious, beneficial and risky one.

The research with Okta, in particular, came at a very interesting (and challenging) time in terms of trust. As COVID-19 spread around the world, perceptions of trust were turned upside down almost overnight. As we suddenly questioned our trust in the physical world - the air we breathe and the surfaces we touch - many of us were pushed into trusting much more readily in the digital world so that we could continue to work and connect.


This was true for organisations as much as it was for individuals, with many organisations going through a forced digital transformation. Plans to move more fully to the cloud or to deploy more remote working were actioned in days and weeks, rather than months and years.


Q: Who led the digital transformation of your company? A: COVID-19
Popular image from social media, April 2020

The Okta research highlighted the importance of digital trust for organisations and individuals. Findings indicated, for example, that 88% of UK participants were unlikely to purchase from a brand they didn't trust and that 47% permanently stopped using a firm's services after hearing of a data breach. Many respondents were concerned about cyber security threats but unaware of whether their employer had taken proactive security steps.


I've spoken a few times about the importance of trust in the context of security culture. A positive culture is one in which people trust their employer - and their colleagues - and they feel that trust is reciprocated.


Where does Zero Trust come into this?


In a recent cultural assessment for a client, a participant in one of our focus groups commented:


"This idea of 'Zero Trust'... If you don't trust people, there can be no loyalty."

We know that engaging positively with people, building up their self-efficacy and their sense of psychological safety is crucial in a positive security culture. How does this fit with a concept that, in its very name, rejects trust?



On the flip-side, cyber criminals exploit trust in so many of their attacks, from social engineering to identity theft. We have experienced this acutely during the pandemic. The combination of a shift in digital trust, accelerated digital transformation, rapidly changing information and heightened emotions due to COVID-19 created a perfect storm for cyber criminals.


"If it’s human to trust, perhaps it’s just as human to err."

Professor Roderick M. Kramer



The Verizon 2021 Data Breach Investigation Report, for example, highlighted that for cyber criminals phishing is still the top vector (and grew in the last year) and credentials are the most sought-after data. With this in mind, and the increase in remote working, it is hard to argue against the principles of Zero Trust.


Perhaps this is where the problem lies. Not in the principles of Zero Trust - I especially like Paul Simmonds description of Zero Trust as "an architectural state of mind" - but the term itself. Trust is a human concept, with emotional connotations.


Let's say you're a CISO, and you tell all of your colleagues that the organisation is rolling out a Zero Trust approach. To many this won't sound like something that applies to security architecture alone. For most people, arguably, trust is regarded as an emotional state and not something that technology does. And so, "zero trust" sounds like something that applies to people. That the organisation no longer trusts anyone in the organisation. Just as trust begets trust, distrust begets distrust.


The term Zero Trust is also inherently negative, and people generally do not engage with negative messaging. I know many people in the security community agree that we should move perceptions away from security being "the department of 'no'", and yet the term Zero Trust fits very neatly in the department of no's vocabulary.


"It's not what you say, it's what people hear"

Dr Frank Luntz


When it comes to cyber security culture, words matter - and trust matters even more.


I don't know what this means for the future of Zero Trust, but I do think it's a conversation worth having.





240 views

Related Posts

See All

4 Comments


Jeffrey Glenn
Jeffrey Glenn
Oct 19, 2023

I appreciate Henry for making me realise the truth to a certified hacker who knows a lot about what he is doing. I strongly recommend you hire him because he’s the best out there and always delivers. I have referred over 10 people to him and all had positive results. He can help you hack into any devices, social networks including – Facebook, Hangout, iMessages, Twitter accounts, Snap chat , Instagram, Whatsapp, wechat, text messages ,smartphone cloning,tracking emails and also any other social media messenger or sites. It’s advisable to hire a professional hacker.Thank me later. Contact him here., Henryclarkethicalhacker@gmail.com and you can text, call and Whatsapp him on +1(201)4305865, or +1(219)7960574.....



Like

Agnes Lizzy
Agnes Lizzy
Oct 14, 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…

Like

Janet Lucy
Janet Lucy
Oct 12, 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…


Like

Gura
Jul 26, 2021

A concise example of real world and online. I trust my friend "A" in real life, but when I get an email 'from' them saying they found a great product and here's a shortened URL, I don't trust that in the any way - it might be from "A's" hacked account, it might just be fun with a from/reply-to. That doesn't mean I don't trust "A" anymore as a person. So yes, the messaging does need to be clear, and whilst "Zero Trust" sounds exciting, it can sound negative, and shouldn't impact how people feel about people, just about the identity presented. As they saying goes: "I learned trust in a mosh-pit."


Personally, I've only ever thought about 'zero trust'…

Like
bottom of page