Trusting Trusted Systems

Who can you trust is a popular saying in the security community, but at some point, some time, people and systems need to trust each other to send and receive information, store it, use it and update it. In many cases, systems exchange critical information every few seconds (like the Wall Street markets) using a series of encryption keys or validation tokens that verify their identity to each other. Corporate e-mail systems often verify their identity to each other before replication of their contents to ensure confidential messages are not being transferred to an unauthorized server. Because of the continuously growing amounts of spam e-mail messages being sent, several proposals are being discussed to have e-mail messages identify themselves prior to user acceptance. Undesired (i.e., untrusted) messages would be rejected.

How does a system become trusted ? There are usually two approaches used:

1. The software on the system has been installed with a known good image that has been checked for viruses, worms, Trojan Horses and other defects that would cause it to become untrustworthy. In addition, it is loaded with special encryption or validation software that permits a valid response to security queries from systems that need to share information with it. In most cases, frequent testing of the systems security software occurs to ensure it can continue to be trusted.

2. An independent and trusted authority, such as Etrust or Network Solutions has examined the system, and verified the organization s policies and procedures concerning the protection of customer information and their trust is serious and credible. An independent group as part of that examination may also verify the systems security software integrity.

Just as with paper documents, businesses and organizations must protect customer information to the maximum degree reasonable or practical. Information in digital format is far easier to illegally obtain, easier and faster to use for multiple purposes, and can be taken without the owner s awareness, at least for some time. All of these factors ” plus government regulations on customer privacy and illegal use ” converge at the management level as requirements to protect customer provided information against unauthorized access and misuse.

How this task can be accomplished (or if it can be accomplished) requires the expertise of computer software experts, network administrators, facilities designers, security engineers , management and many others. Section Three of this book contains information on the various technologies and concepts available to protect data ” this section describes the why .

The simplest reason for why involves the expectation of trust between a customer, shareholder, supplier and the organization they provide information to. Should the trustor believe their proprietary or private information is being shared without their knowledge or approval ” or has been stolen ” from the trustee, they have several avenues of legal and financial redress to restore damages incurred by the breach of trust. Protection of information provided in trust for legitimate transactions bears both a risk and benefit. The risk is that it could be stolen or misused in unplanned ways, incurring legal and financial penalties. The benefits usually outweigh the risks and are derived in financial profits from increased transactions, cross-selling and up-selling opportunities, and a very low cost to service and manage the customer s account information.

Lewicki and Bunker (1996) detailed three primary forms of trust in the business marketplace :

1. Deterrence-Based Trust: Exists when people or organizations do what they say they would, with consistency established by a threat of punishment when performance fails. This type of trust in found in the medical, legal and financial communities when the cost of breaking that trust is so high, the cost forms deterrence against it.

2. Knowledge-Based Trust: Exists when the trustor can understand and predict the behavior of the other party by knowing something about them, such as when agreement is reached for customized equipment or personalized jewelry .

3. Identification-Based Trust: Exists when similar views, beliefs, interests, goals or financial investments bind trustee and trustor. There is a common bond that is created based on knowledge about each other. An example would be membership in a political party, or in affinity credit card sponsored by a non-profit organization for its members .

Trust is broken when customer provided information is stolen, lost, corrupted, or misused. Of course, technology fails from time to time, and information is lost, usually temporarily. However, in the case of information being illegally copied , lost, exposed to the public, or misused for private benefit, management is often the first line of communication concerning questions on how such an event could have happened , and what the plans are to stop it from ever happening again.

Should a security breach occur, regardless of size or impact, a very thorough investigation and root cause analysis must be done to identify exactly what happened, why it happened, who did it, and what can be done to stop it from happening again. Executive and senior managers must be involved with these activities to understand the degree of financial, political, media and competitor risk inflicted in the organization by the breach, and how the impact can be either contained or mitigated.

As increasing amounts of business utilize the Internet, less person-to-person contact exists to actually know who is purchasing products or services. Technology now exists that emulates keystrokes and other actions that a person would normally perform, thus leading to situations where computers could appear to be people to other computers, based on the information sent to them. For legitimate purposes, this may be acceptable, but for illegitimate purposes such as identity theft and deliberate consumer fraud, businesses could bear a tremendous financial burden that may not be covered by insurance or financial reserves .