Overcoming the paralysis of trust management across a fractured IT landscape

Trust is a state of being, an emotion and a fundamental way of operating.

For modern enterprises, the process of establishing trust in new information technology (IT) systems, along with maintaining trust in existing ones, can be an anchor or a sail, with diverse stakeholders holding equally diverse definitions of trust.

What does trust mean in our digital world? I believe that trust in all things digital is pillared by four critical and quantifiable concepts.

Security is the governance of the right, or lack thereof, to access something. Digitally, this usually involves encryption and policy management.

Privacy, like the higher-order topic of trust, is a very personal topic. I believe it can be boiled down to the appropriate use of information. What constitutes appropriate is not static and is subject to change at any moment.

Accountability is more straightforward; people want things to behave consistently and to be provable. As global enterprises have evolved, they must also now be able to prove what did not happen.

Integrity appears straightforward, yet increases in complexity. When enterprises rely on thousands of separate IT systems, from storage to processing to networking to analytics, the integrity of the data supply chain becomes daunting. Integrity applies to both data and governance of the data-handling process. Applying the appropriate security and privacy policies through the data life cycle is a dubious task at best.

This adds up to an increasingly complex set of challenges, experienced differently within the enterprise. For business units, trust means that their technology solutions are predictably available; deliver the expected functionality without surprise; and do not adversely affect client relationships. The data they’re using to make their decisions must be accurate and up-to-date.

For workplace individuals, trust in IT systems means they can reliably access the tools and stable workflows needed to be exceptional at their job. For governance, legal, security or risk, trust means that those systems will explicitly assure, while also not violate, the internal and external compliance and regulatory requirements of the enterprise.

For human resources, trust means IT systems enable them to serve the needs of their employees without violating the human-to-human trust relationship. For IT, trust means the systems deliver precisely what is expected of them with no surprises in functionality, costs or information handling. Ultimately, for the Board of Directors, trust in IT systems means enabling the enterprise to execute on their growth plans without introducing unforeseen liabilities.

While these definitions may appear different, they are each grounded in three simple qualities: consistency, predictability and simplicity. Considering these qualities, IT solution providers are marching in the right direction to adopt cloud services and consolidate disparate internal systems to common platforms.

Major providers of software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service daily announce new capabilities designed to enhance the consistency, predictability or simplicity of their offerings. Most growing enterprises are considering consolidating their strategic on-premise IT platforms, providing more as-a-service offerings for the explicit purpose of enhancing consistency, predictability and simplicity.

Despite many successful and innovative solutions, one often overlooked problem is rapidly becoming a major challenge: cross-environment data trust management. Specifically, the currently inconsistent and operationally inefficient management of trust across systems.

While the efforts discussed above consolidate and simplify processes to a degree, most enterprises will always have a healthy portfolio of IT systems both in-house and cloud-enabled. Within this heterogeneous environment, data is the resource in common. Regardless of what system the data resides in at any given moment, the mere fact it moves, or is replicated to another system, does not change handling requirements.

The information itself remains the same, even if the bits and bytes are in motion. Managing the state of trust for information across many different, changeable systems is already preventing predictable outcomes. Many approaches to this challenge cause considerable disruption to employee processes, if not inhibit the business outright from using the best tools for the job.

Enterprise IT tackled a similar challenge a decade ago with user identity and authentication. The proliferation of multi-tenant and as-a-service applications compounded the replication and management of common user populations. The users were the same, and the policies governing them were equally common. However, each system required its own copy of user identities, governing them in proprietary ways.

The untenable management of this model at scale suggested a solution that flipped the problem upside down. Enterprises converged on a new architecture, establishing a system of record for user identity and authentication, making it available just in time via APIs.

This platform architecture enabled consistency, in onboarding an enterprise user population; predictability, in how that population would be managed; and simplicity, in user governance. Most importantly, with identity and authentication managed in one logical place, enterprises could more rapidly onboard new solutions.

The value that this architectural inversion helped create should not be understated. Without it, the broad adoption of SaaS and PaaS solutions would not have happened. This new IT platform catalyzed the Identity and Access Management (IAM) market, which is now worth more than $10 billion annually and is estimated to grow to $25-30 billion annually by 2023.

The similarity between this identity challenge and the rising challenge of data trust management is that common business information is replicated across multiple systems requiring proprietary governance and management. The difference is the sheer scale. User populations are large, but they are dwarfed by the number of unique data objects within even a modest enterprise. Firms with 10,000 employees may have several billion unique data objects.

The volatility of an enterprise’s data estate is also drastically higher than its user population. Regulations such as European Union General Data Protection Regulation (GDPR) complicate ongoing data governance. Looking forward, as more lines of business depend on connected systems, such as IoT enablement, each device-as-user exacerbates the problem.

The explosive growth of data, as well as rapidly changing regulations, has led to analysis paralysis. The need to manage the state of data trust separately in all these systems anchors and stifles innovation and efficiency. Enterprises must perform a human-scale review of a machine-scale problem that can take upwards of a year to complete, and their results are soon outdated. New vendors must complete such reviews before they can possess, process or otherwise handle sensitive data, and the review processes don’t scale down for innovative small vendors.

It didn’t happen overnight, but several global enterprises began pioneering this idea internally and with their IT vendors. The concept of establishing a system of record for how data trust is established and managed within the fractured IT landscape is gaining prominence. As the CIO of a major financial service enterprise told me: “we had no hope of getting this right in 50+ systems. Our best bet was to get this right in one place and make it very easy for the rest of our vendors to make use of that knowledge just in time”.

When organizations remove human-scale gates from machine-scale opportunities, the pace of innovation dramatically increases. This has been proven across the IT landscape over the last three decades. The internet fuelled federated communication and commerce; IAM platforms enabled mobile and as-a-service revolutions; and today’s rise of the digital enterprise translates data into growth.

This next wave of innovation and growth will only be achieved through the collaborative efforts of an ecosystem of stakeholders focused on trust management. I am excited to see where the trade winds of trust will take us, when organizations bridge this fractured landscape and achieve machine-scale trust for our machine-scale age.