Thinking Security: TRUST
This is the 21st blog in a series about security and how security is about how you think.
With the last six blogs, I’ve examined the six more obvious goals of security: authentication, access control, data integrity, confidentiality, availability, and non-repudiation. We need to talk about the secret seventh one: TRUST. It’s a word that gets used a lot (maybe even overused). We’ve all heard people say “you can trust me” or something similar.
Dictionary.com defines TRUST with many definitions – here are a few of many which apply here:
- reliance on the integrity, strength, ability, surety, etc., of a person or thing; confidence.
- confident expectation of something; hope.
- the obligation or responsibility imposed on a person in whom confidence or authority is placed: a position of trust.
Let’s ask the million dollar question – what does it mean when we trust someone? It means that we will tell this person a fair amount of information and that we are sure that they won’t tell anyone else. We will tell them deep secrets about us (to some level) about our life and trust that they are safe and sound. We can rely on them to be available when we need them (for example, to move or pick you up from the airport). They are trust-worthy.
What does it mean when we trust some item? It means that we’ll repeatedly buy it because it fulfills our needs and we know where and how it was made. Many people buy the same brand because they like it and it’s always exactly what they expect. Retailers know that people trust the brand or item because it’s always consistently what they need. We all have these trustworthy items, whether it be a car, our favorite beverage, or restaurant.
We can combine these two concepts in our everyday life – we trust that no one runs a red light, we trust that businesses and people do their job, we trust that people act the way that we expect, and so on. During this holiday season, we have an implied trust with online retailers that they will ship us the items that we order (and that they’ll be genuine, not knock-offs) and we have an implied trust that they’ll keep our confidential financial information safe and only access it when necessary. We also have an implied trust that the Internet is working correctly (that the ISPs are secure) and that we are actually going to the sites that we have requested and not lookalike sites.
What does it mean when we trust something when we talk about security? It means that we have that high level of assurance that it will be secure and keep our confidential information safe and sound. Trust in security is also about that confidence that every piece of information is kept secure at all times. It means that all of the other six goals of security are done and done well.
This the high level of trust that clients have in the ClearPath Forward computers – they trust the systems and the company that stands behind them. They trust the systems because the systems designers and implementers think security and have done so for many, many years. That’s why they trust their confidential information (and yours) to ClearPath Forward!