The Oxford dictionary defines Trust as a “firm belief in the reliability, truth, ability, or strength of someone or something”. Putting this definition in a business perspective – “customers trust business when they have evidence that business and its services are reliable, consistent, financially stable, transparent and can protect their information and data.”  To achieve competency on these elements is not an easy feat, but to use that information to build stronger relationships is even more difficult.

Trust not only sets the foundation for a strong relationship with customers but also plays bigger in the long-term success of any business. The cybersecurity industry is based on the principle of “never trust, always verify” and that adds a layer of challenge for the Trust Office – customers need evidence and third-party attestations before they will trust the business. Trust-as-a-Service, as provided by the Chief Trust Office (CTrO), sets out to do just that – fostering trust by providing transparency

As shown in the figure below, the Trust-as-a-Service (TaaS) is based on four elements or pillars - Compliance, Security, Privacy & Transparency.

The goal of TaaS is to showcase to customers that the business is Compliant with industry standards and government regulations, has Security controls in place, has implemented Privacy safeguards to protect data & information and is Transparent.

TaaS is not limited only to the technology industry but goes way beyond VPNs and firewalls and many industries have started to embrace the concept of TaaS. However, with the boom in public cloud usage over the last several years, the issue of trust is at the forefront of the tech industry. After all, it is not easy to sleep well at night when your data is managed by someone in the other part of the globe.

Trust Model: Elements of Trust

Gaining customers’ confidence in each of these pillars of trust takes a lot of time and resources. Like other business areas, we also experience resource limitations, but state-of-the-art tools and cutting-edge technologies like Artificial Intelligence (AI) and Machine Learning (ML) come to the rescue in helping the Trust Office foster and scale trust.

Privacy

Data privacy is the ability of any business to collect, use and share customer data – primarily Personally Identifiable Information (PII) and other sensitive information. Data privacy focuses on laws and regulations around sharing and using customer data. Privacy tools powered by AI/ML technology make this task very effortless. These tools run on data sources and even on plain text documents to identify if data has any PII or other sensitive information. These tools highlight or list the use of PII and then the business can decide if any of these data should be masked, removed or continue to be used within the data source. Most data breaches in recent years can be contributed to the misconfiguration of data storage or inappropriate access to data storage. Both issues can be eliminated using AI-based tools to verify the configuration and access to the data storage.

Security

Data security on the other hand protects data from unauthorized access. Data security is responsible for protecting data from external and internal threats. Defense-in-depth or having various layered security controls around customers’ data and information is part of the security pillar in the trust model. Artificial Intelligence plays an important role in the security pillar. Intelligent firewalls and state-of-the-art SIEM tools are examples of AI/ML use in security controls. AI is also used in embedding security in the development process and automating the DevSecOps pipeline. ML-based pipelines are iterative and develop models that can be used later in improving security and development processes. AI technology is also used in Threat & Risk Analysis - predicting an attack and analyzing the logs after any suspicious activities. Endpoint security tools use AI/ML-based models to predict and control the exfiltration of data.

Compliance

One of the most effective uses of AI technology in fostering trust is compliance. Compliance is a third-party (usually auditors) attestation and validation, that the business is in line with various standards set by industry and government regulations. Security tools can implement policies around the usage or restrict the usage of any data using AI-based tools. For example, to be GDPR compliant, AI-based tools can allow access to data from EU users only. Access will be denied to users who are not located in the EU - no error-prone manual configurations are needed. AI based compliance monitoring tools save a lot of time and resources for businesses with compliance checks. These automated tools run through the environments and provide a scorecard of the compliance status.

Transparency

Providing transparency is the foundation of fostering trust and a core function of the Trust Office. Through transparency, the business can showcase how effective its security, privacy and compliance postures are! Businesses use AI to power due diligence tools and dashboards. Customers can find out about privacy, security, compliance, availability, and many other important information about the business on this dashboard. Another AI-enabled tool the Chief Trust Office has been proud to implement is the Self-Service Due Diligence Tool, available on demand, to customers seeking information about product security, data privacy and compliance.

The Chief Trust Office acts as a command center for Trust-as-a-Service. CTrO collects all the artifacts about privacy, security, compliance, and transparency from various groups within the company consolidates and makes it available to customers, partners, and vendors. CTrO is also instrumental in generating documentation, such as whitepapers, blogs, and videos regarding privacy, security & compliance processes and status.

TaaS is a proactive way to foster trust with customers, vendors & partners.  SAP Chief Trust Office keeps stakeholders informed by podcast from our Chief Trust Officer, Security Advisory Board, Whitepapers, and dedicated Customer Information and Security Advisory team in addition to regularly published SAP Notes about software releases and patches!  SAP Trust Center has a place on SAP’s home page and provides information about all elements of trust – security, privacy, compliance & transparency – in one place.

Tools such as artificial intelligence make it far easier to achieve trust. Customers and partners have more trust if the business is transparent about its business practices, particularly about security and privacy practices. More trust creates stronger relationships which makes customers happy. Happy customers translate into a healthy bottom line.