“Digital trust” was the big theme at the 2022 ISACA North America Conference – but what does that mean?
ISACA took time throughout the conference to discuss this in more detail and, for those who were not able to attend either the in-person or virtual conference, they also released a white paper on this topic. In it, they state: “digital trust [is] the confidence in the integrity of the relationships, interactions and transactions among suppliers/providers and customers/consumers within an associated digital ecosystem.”
As we’ve seen over the last few years, businesses and services have moved online at an exponential rate. In fact, in 2020 61% of businesses migrated their workloads to the cloud. Digital transformation that would have taken years to adopt was happening in months. Some services or processes that were often handled in-person only are now easily available online.
With innovations in cloud technology, from computing to storage, having to have everything owned and on premise seemed to add up quickly in terms of capital budget and continuing operations. By 2025, global digital transformation spending is forecast to reach 2.8 trillion U.S. dollars. LookingGlass has been seeing an increase push in digital transformation happen across all sectors.
ISACA notes this enhanced environment in the white paper: “Shaking hands with a customer or service provider is nearly obsolete in a digital world where people can purchase products online and even visit a doctor virtually.” Digital transformation emerged like a phoenix from the ashes bringing hope and promise of improved efficiencies.
The Dark Side of Digital Transformation
Just because everything is seemingly now online, though, does not mean that trust is inherent in the relationship, transaction, or engagement. This is where digital trust comes into play – by ensuring there is confidence in the interaction.
But that also means there are potential pitfalls, too. One major consequence of digital transformation is shadow IT. Shadow IT is the dark side of digital transformation and undermines digital trust.
Shadow IT describes the tools, systems, software, applications, and infrastructure that are used throughout a company that the IT team does not know about. Because we are more interconnected than ever before, we have a greater reliance on the internet. But it also means teams are able to acquire and use digital tools more easily, opening your enterprise to dangers from the unknown.
The pandemic only exacerbated shadow IT issues. In 2021, a survey by ManageEngine showed that 80% of IT executives noticed an increased use of cloud due to the need for remote work. Gartner estimates content collaboration tools were the main culprit in a surge of shadow IT.
With the theme of digital trust at the center of the conference and the LookingGlass view into uncovering shadow IT and providing greater asset visibility, our team was excited to be part of the conversation and bring their perspectives to the table. Below is a recap of some key sessions and what we took away from our conversations.
What happens when we are all sensors?
Day one of the conference kicked off with a fascinating keynote from Dr. Poppy Crum. Titled “How Personalized Data Will Change the Way We Experience the World—and Why Not to Fear It,” Dr. Crum explored the way our five senses produce biometrics that can uniquely identify and predict an array of information. For example, Dr. Crum shared those differences in the modulations in how we speak can be used to detect dementia, Alzheimer’s disease, heart disease, bipolar disorder, and a bevy of other medical conditions.
In another example, Dr. Crum used the documentary about Tommy Caldwell’s attempts to free solo climb El Capitan in Yosemite National Park to demonstrate that our breath can be used to identify how we are feeling in any given moment. By tracking the CO2 in one’s breath and galvanic skin response (GSR), researchers were able to map changes in one’s breath to the most thrilling and emotional moments of the documentary.
Dr. Crum’s keynote was eye-opening for many at the conference, including LookingGlass staff. The idea that we are all active “sensors” emitting signals means there is the potential and possibility to intercept those signals – increasing one’s “attack surface.” The term “attack surface” is defined by the NIST glossary as: “The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.” As people or teams within an organization buy services without alerting IT or procurement teams, there are more potential entry points for an adversary to exploit to get into an organization. Just as Dr. Crum uses biometrics to identify dementia information, at LookingGlass we use an outside-in view approach to identify vulnerable points in your ever-growing digital footprint.
Each day at ISACA brought new stories about the ways technology and data can be, and has been, misused. In her keynote presentation, Dr. Crum explored why we should care about – and how we can build digital trust in – personalized technology; what current uses of personalized data and ubiquitous sensing are working well now; and what future uses of personalized data will allow us to experience the world differently.
ISACA highlighted how its empowering security, risk, and compliance professionals to advance digital trust. Digital trust is given to organizations who have shown that they can provide safety, privacy, security, reliability, and data ethics. It is behind every online exchange—and it’s critical to know how it works in practice.
From the LookingGlass perspective, to build that trust, you need visibility. Know where there may be holes in your defenses, so you know how to implement the right security controls to protect it. If you’re unsure of how your attack surface looks, find out how we can help.