Trust. It’s a funny thing, really. And, maybe it’s something that we don’t really think about too much…or often enough. Yet, trust is really at the foundation of what we do every day as security professionals.
Trust is our currency.
On one level, our organization trusts us to keep them safe what they’re off slaying the dragons, or whatever it is they really do. If we don’t know, then that’s a problem, because part of the thing they trust us to do is “the right thing,” and we can’t do the right thing, if we don’t know what they’re trying to accomplish.
Trust is our yardstick.
I might trust you to buy the next round, but I might not trust you to take out my sister (if I had one). Same word. Different…what?
What is it that’s really different when we’re trying to measure this slippery thing called trust?
I don’t know if you’re a Star Wars fan, or if you’ve been keeping up with the new Jon Favreau take on the franchise in Mandalorian, but so far, the underlying theme of all 3, far too short, episodes is the concept of trust.
You see, The Mandalorian is a bounty hunter, sporting armor similar to the legendary Boba Fett from the first movies, and, apparently a member of a society of bounty hunters. Without giving away any significant spoilers, secrecy of the identities of any individual Mandalore is pretty important:
“Our secrecy is our survival. Our survival is our strength,” is the way it’s put by the armorer.
So, if you’re part of the club, then you’re trusted to uphold its secrets. If you’re wearing the armor, you’re trusted to not reveal your true identity.
And then there’s the whole Code of being a bounty hunter. You’re expected to abide by the Code. There are “traditional” rules of engagement, like how you identify the bounty target, and who is entitled to the bounty.
Basically, it’s a bit like playing baseball in Little League: if you call it, you got it.
The show is actually quite brilliant, and it’s so far redeeming the franchise in my opinion after the re-hashed, milquetoast and, frankly, kinda boring set of new movies. But, aside from that, it’s chock-a-block a study on trust.
At the end of the day, the real reason trust can’t (yet) be established by technology is that it boils down to belief. I have to believe that something has the characteristics that I desire, and that those will be delivered as I expect.
Trust is expectations…of something.
Sure, you can define those things, and you can attempt to define sensors and instruments to detect whether they may or may not exist—but, as we well know, sensors can be fooled.
Trust is our level of belief that the agreements we make will be upheld. But here’s the thing about agreements:
Everyone has the right to veto. At any point.
When is that point?
Well…that’s about belief.
When The Mandalorian asks the Guild leader in response to his request, “How do I know if I can trust you?”
They’re negotiating an agreement. The Guild leader’s reply?
“Because I’m your only hope.”
Let’s just say that “Mando” decides to exercise his right to veto…you’ll just have to watch to find out what happens.
However, if you want to understand how the human aspects of trust intertwine with the technical aspects of cybersecurity to define whether we ultimately deliver value anyone can actually recognize…
…so we get our shiny toys
…and we get our mythical cybersecurity unicorns
…and we collect our bounty of trust from our customers
then head on over to this link:
Because in 4 days, the package will disappear, and you’ll have missed the deadline to get the December issue of the Security Sanity™ print newsletter that talks all about both the true nature of governance relationships within your organization and how that throws a mudhorn in the midst of some of the traditional guidance on implementing security governance.
Andrew S. Townley
Archistry Chief Executive