Sunday, 5 August 2012

Implicit Trust of The Cloud & Third Parties

I find 'Implicit trust' fascinating to observe, equally within business information security and within society. 'Implicit trust" can be defined as having no doubts or reservations, being unquestioning.  For example most people implicitly trust their doctor, just because the doctor wears a white coat, exudes authority and has 'Dr' in front of their name. No one ever asks the doctor to validate their medical credentials. Perhaps we should.
Implicit trust can be lost and gained, a decade ago most people would implicitly trust bankers, having someone from the banking profession witnessing legal documents and signing passport applications would be seen as a highly thought of and credible witnesses within society, not so these days, and we all know why.

Police is another profession which has very interesting polarisations to observe, implicitly trusted by some and implicitlydistrusted by others.
Then there is paradox of politicians, nearly everyone distrusts politicians while at the same time trusting them to run the country.
In the world of information security, businesses which implicitly trust third parties with their information is a hallmark of either complacency or lack of an ability or expertise to properly vet and question. Trust must not be implicitly made but must be earned based on prior vetting and building a trusted relationship through experience. Just because your cloud service provider wears the doctors white coat of Amazon, Google or Microsoft, does not mean they should be implicitly trusted with your business's information and critical IT services.

1 comment: said...

There was sure a misunderstanding :))