In information security, trust is a cornerstone in all that we do. We trust the technology we use to help defend our systems, we trust our staff to comply with policies and not to fall victim to phishing emails, we trust those we appoint to manage our sensitive data not to divulge it to others, we trust our business partners to take the necessary steps to protect information we share with them, and we trust our governments to provide a safe business environment and to protect our rights.
The recent revelations by former NSA employee Edward Snowden that the US government has been snooping on the Internet traffic of innocent people and placing bugs in the embassies of the European Union highlights the damage caused by breaking the trust. As a result of these allegations, the EU has suspended trade talks with the US and has also threatened to suspend any data sharing with the US.
The above revelations have not come as a surprise to many in our industry. However, it has brought the whole issue of trust to the fore. Many businesses are now thinking twice about engaging with cloud service providers, especially US based ones.
Others are now looking with distrust at the operating systems, software, and hardware they use. And, of course, Edward Snowden’s actions have highlighted the insider threat and how much can employees with privileged access to key data and systems be trusted.
When we examine the different elements that we need to trust in order to enable our organizations conduct business securely, we can only conclude that there are many links in that “chain of trust”.
Like any chain, the chain of trust is only as strong as its weakest link. For most organizations that chain will be made up of the software and hardware their systems run on, providers who provide them with services such hosting, telecoms and support, partner companies and their staff, companies to which they outsource some of their work, the users in the organization, and even government(s).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.