When two parties interact, they must trust that the information they exchange will be private, accurate, and secure. Since clients are more skeptical and empowered than ever, solutions that facilitate a transport of trust—not just a transport of data—will be key to winning confidence in your business and services.
In an ideal world, the impact of any digital trust roll-out would be zero
Within a well-functioning OTAP environment, errors would be caught and fixed before deployment. By the time employees or clients access a new digital identity system, the tech team would have made sure it was stable enough for mass adoption and supported by a full pack of training, standards, and oversight.
In the real world, things are not always that smooth.
Take the case of the DigiNotar Certificate Authority for example. As a CA, DigiNotar was responsible for verifying encryption and issuing certificates—basically, it decided which websites were trustworthy. But an attack in 2011 enabled hackers to issue over 500 fraudulent certificates for some of the most popular online sites, enabling man-in-the-middle attacks on Iranian Gmail users.
While most cyberattacks impact a single company, the victims here included every single person who accessed a site that had been given a fraudulent certificate, including Google, Mozilla, and Skype. That is a lot of people.
A post-mortem showed that DigiNotar missed basic cybersecurity processes, including patching servers and following password protocols. This is particularly unfortunate for an organization that was responsible for securing a part of the Dutch government’s digital infrastructure. And it shows just how large the impact can be if digital trust goes wrong.
In part 1 and part 2 of this article series, we explored the cryptographic fundamentals that underpin digital trust. And we laid out a transition roadmap from the soon-to-be-hackable encryption standards of today to the post-quantum technologies of tomorrow. With our guidance, we hope you will clearly understand your biggest priority areas and the scope of your digital trust challenge.
In this 3rd part, we focus on the implementation phase—not just for crypto-agility, but in a wider relationship-management context. So, how can you roll out digital solutions that actually build trust and meaningful interactions for people? And in a way that reduces risk for your business, clients, and staff?
Trust is more than just security
Whenever there is a relationship between two parties, trust comes into play. It is the intangible concept that helps us bridge the unknown: Will this person do what they say they will do? Are they going to interact with me the way I expect?
Trust can be very hard to define but, when it is there, it adds real value. We trust that our favorite restaurant will serve us safe food. We trust that our bank will protect our money. We trust that other drivers will act responsibly on the road. And so, we go about our daily routines with a sense of security and confidence.
Imagine living in a society devoid of trust… It would be a dog-eat-dog world. And in the digital world, trust carries even greater weight and is harder to come by.
Without body language and a history of experiences to guide our intuition, it is hard to tell if someone is being honest with us. As a result, people have a general feeling of insecurity about the complex digital world. And it only takes one data breach or cyberattack like DigiNotar to make that insecurity a reality.
Trust is a statistic, not a binary
What is interesting is that we naturally apply common sense in our real-world interactions to figure out how much trust to give. For example, we know believing that a small business makes its own soaps requires a different level of trust than leaving your door unlocked at night and trusting you will still have a TV in the morning. It is the same online. An anonymous customer filling out a contact form obviously requires a lower level of trust, security, and digital identity verification compared to a multi-million-dollar financial transaction.
Yet we often fail to apply this common-sense approach to our digital relationships. The assumption is that trust is an on/off switch: You either have total trust or none at all. This can lead to over- or under-investing in security measures, both of which can damage the trust needed for successful relationships (or throw money down the drain).
In reality, a full guarantee of trust is neither possible nor necessary—at least, not all of the time. Rolling out digital trust in a practical, meaningful, and usable way requires you to first segment customers and interactions along a sliding scale of risk management. Then, you can design your solutions accordingly.
Going back to our real-world interaction example, you may be fine with knowing that your independent soap maker is legitimate with 80% certainty. (If we were to translate that kind of situation into a business context, the equivalent might be: Only passwords and MFA are needed here.)
But if you are opening a bank account, asking a notary to validate your legal documents, or showing your renting eligibility to a landlord, you need to be able to prove 100% that you are who you say you are. On the other side of that interaction, the bank, notary, or landlord needs to have tools to instantly freeze the relationship if anything looks suspicious. These interactions may need to be protected with quantum-safe digital identity solutions, and protocols to shut the system down if the trust rubric you use ever dips below your chosen threshold.
Plenty of vendors have a product to sell; not everyone has a solution to offer
Against that backdrop, we hope you can see how important it is to work with an experienced digital trust partner, and not someone who just wants to sell you a product.
There is no shortage of vendors offering an off-the-shelf security solution, but a true partner will work with you to understand the trust profile of each particular interaction before designing and implementing a trust framework that fits.
To show how a quality partner should approach trust for different types of enterprise applications, allow us to use an example from our own organization:
Consent ID is AET Europe’s flagship product—a mobile-powered solution for digital signature, consent, and authentication. ConsentID provides assurance that a user is who they say they are, and so can be trusted to perform transactions and digitally sign documents. It also shows what is true and stores the evidence. So, our clients benefit from a user-friendly and low-friction digital identity authentication process. And they also receive a fully auditable fraud log that ensures transparency and accountability in every transaction.
That is a broad strokes overview. Every enterprise is different, with a unique set of use cases, regulatory requirements, and risk management protocols. So, with every digital trust roll-out, some of the first questions we ask are:
- How much do the various stakeholders in the transaction trust each other?
- What is the trust threshold we can never dip below?
- What are the regulatory and legal requirements for this type of transaction?
- What specific workflows do the participants in this interaction require, so that the technology becomes an enabler, not an obstacle?
- What are the consequences of a breach—financial, reputation, behavioral?
- How do we balance confidentiality and data integrity with data availability? If access is compromised, or if trust falls below the desired level, will you turn off access? What is your trade-off point between the two?
- How can we build in flexibility and scalability to adapt to changing trust needs?
From there, we design a ConsentID solution that is exactly right for the specific situation.
For example, imagine your CEO is hiking through a forest when you need them to approve an urgent payment of €50,000. ConsentID allows that to happen safely and instantly, while providing a full transaction audit trail. The technology makes it impossible for anyone to log in with someone else’s certificate, making cyberattacks or fraud far less likely.
In the healthcare sector, we have supported paramedics in the field with a ConsentID solution. In emergency situations, it allows paramedics to safely verify a patient’s identity and access their medical history from a smart device. The level of security in a solution like this is very high; patients and regulators are rightly protective of healthcare data. So, our solution accurately identifies medical specialists and provides secure access to medical data. This gives healthcare providers the evidence and accountability to make fast, life-saving care decisions without compromising trust.
Work with the gardener, not the spade
Fundamentally, trusting in the digital world is no different than trusting in real life.
Every collaboration will require a different level of trust, and there are solutions to help you achieve it, in the same way that handshakes and legal contracts help you trust someone in the physical world.
But you will get far more from your digital trust solutions by working with a partner who acts as a gardener, not a spade.
What do we mean by that?
A spade is a tool. It digs out the weeds and provides a quick clean-up, but the tidy garden will not last forever. A gardener, on the other hand, creates a living environment that keeps evolving and improving. They analyze the soil, plant the right seeds, and provide attentive, ongoing care to keep the garden thriving and healthy.
At AET Europe, we would rather be the gardener than the spade. An organization’s digital trust landscape changes every day, with every transaction. If your current solution is not working the way it should, we work with you to understand why, and we make it better. And if our solutions are not the right fit, we show you where else to look.
When your partner puts self-interest aside, as AET Europe does, then you know the trust solutions you are implementing are the right ones for your business, your clients, and your future.
Trust us on this one—we’ve been doing it successfully for over 25 years.
Source: Aet Europe
Are You Doing Digital Trust Right? By AET Europe – Part 1
Are You Doing Digital Trust Right? By AET Europe – Part 2
AET Europe é líder global na área de soluções de segurança digital.
Fundada em 1998, é especializa na criação de soluções seguras em identificação, autenticação, assinatura digital, consentimento e gerenciamento de credenciais
Fornecemos soluções de segurança para identificação de usuários, autenticação e assinaturas digitais. Outras informações https://aeteurope.com
Leia outros excelentes artigos da AET Europe aqui!
INTERNATIONAL NEWS
Crypto ID promotes international articles about a wide range of topics, including information security, cybersecurity, cryptography, digital identification, encryption, biometrics, blockchain technology, and cryptocurrencies, encompassing data and other technologies related to cybersecurity and digital transformation.
During the last ten years, Crypto ID has been providing innovative content about digital security, identification, and privacy solutions. We celebrate this journey with the certainty that trust is the base for a solid and promising digital future.
Advertising at CRYPTO ID, your organization contributes to the dissemination of technological innovations that enable secure and reliable electronic transactions between businesses and people.
+55 11 3881-0053 | contato@cryptoid.com.br
