Addressing the Issue of Trust in the Digital Era
Today's technology conversations seem to be dominated by questions around digital transformation and the ensuing era of disruption. Such discussions are being spurred by the fact that a whole new set of players are coming to the fore, leveraging mobility, software, and data to disrupt established industries like never before.
Airbnb and Uber are obvious examples, but no industry has been left unscathed. And in this new era, the task of attracting and retaining customers has become ultra-competitive, with customer loyalties shifting easily based on outside influences and their own digital experiences.
This new digital world is going to be far more open than anything we have previously seen. Systems will have to be much more integrated, there will be a more fluid exchange of information, and we can expect increased communication between devices with minimal human interaction. This unprecedented level of openness requires organizations to urgently address issues such as protection, privacy, and trust.
The need to ensure data protection and privacy is clearly not a new concept for organizations to grasp, but it is an imperative that is rapidly moving up the list of priorities as more and more breaches occur. It is important at this stage to understand that the meaning of data protection and privacy can vary. In some parts of the world, data privacy essentially looks at how the personal information of customers, employees, or users is managed. In other parts, privacy and protection are viewed as interchangeable.
But semantics aside, it is becoming clear that organizations are increasingly being held responsible both for how they protect sensitive customer/employee data and for how they use it. Trust plays a crucial role in this regard, with organizations investing heavily in defining processes and usage policies aimed at minimizing insider risk. Solutions such as data access and authentication controls can be used to this end, but IDC believes the issue of trust is only going to get more complicated as robotics, wearables, drones, and the Internet of Things continue to proliferate.
Take smart TVs, for example. Providers can ensure a seamless experience across the board, enabling viewers to watch online content and share content from other devices. But this increased connectivity means that smart TVs can easily be compromised. Likewise, healthcare sensors can become a target, leading to major issues around patient care. And we have already seen that driverless cars can easily be hacked.
Clearly, there is a need to secure the way devices engage with each other. The most popular method for achieving this is the use of public key infrastructure (PKI), which essentially allows for the safe transfer of information between devices. PKI uses digital credentials to identify users and devices and determine access to data. Each credential or certificate involves a set of cryptographic keys that need to match. There are many forms of PKI currently in use, including encryption, authentication, and mobile signatures.
These methods have long been used to secure banking transactions and websites, but given the pervasiveness of the Internet of Things, it would be prudent to create a strategy whereby proper protocols are put in place to ensure trust across the IoT network. This is because a compromised PKI can result in fake certificates being created, which then puts both data and the device itself at risk.
They are various ways to address this weakness, with the concept of blockchains gaining considerable momentum. Blockchains are interconnected chains or blocks of data. These blocks are created at regular intervals and contain information on which changes have been made to the ledger (i.e., transcation) since the creation of the previous block. By linking each block of data to the next block, a blockchain becomes an irreversible record of all transactions and changes ever made to the ledger.
Blockchains can either be public or private. A public blockchain allows for open access to anyone that wishes to contribute to the network, while private blockchains are limited to a certain number of owners who can further restrict their use to those with the necessary permissions. But regardless of whether they are public or private, the linked blocks create a secure, transparent method for record keeping and auditing.
Blockchains are already working well within the financial sector, where transactions can now securely take place without the need for third-party involvement. But given the distributed, autonomous, and trusted capabilities of blockchains, IDC believes there are numerous other use cases that could be explored across a broad spectrum of industries where trust is becoming a key issue, including healthcare.
As the disruption of industries ramps up and devices become more connected than ever before, the ability to ensure trust and privacy across all interactions will become key to remaining competitive in the digital era. In short, traditional standards and guidelines for data protection must evolve, because gains in efficiency, automation, and innovation will simply not materialize without a trusted ecosystem that enables a seamless and secure experience for all.