Trust, re-imagined

Trust is the ultimate binding agent and accelerant. Niklas Luhmann, one of the 20th century’s most influential social theorists, is often quoted:

A complete absence of trust would prevent one even getting up in the morning.

Niklas Luhmann,
Trust and Power (1979)

The Pew Research Center expands on this concept in a 2017 report:

“A vast research literature on trust and “social capital” documents the connections between trust and personal happiness, trust and other measures of well-being, trust and collective problem solving, trust and economic development, and trust and social cohesion.

Trust is the lifeblood of friendship and caregiving. When trust is absent, all kinds of societal woes unfold – including violence, social chaos and paralyzing risk-aversion.”

In 2015 the World Economic Forum asked me to consider a future scenario about trust and the internet.  At the time the conclusion was simple:

If we don’t come together to solve the challenge of trust in the age of an Internet dependent economy, we risk not only slowing future innovation but also taking detrimental steps backward.
Personally, I refuse to let fear win.”

Today we, along with many of our partners, are celebrating the Machina engine we set out seven years ago to build. Together, our innovative collaborations allow organizations to jump out of their digital bed each morning excited to simplify risk, security, and, ultimately, trust management.

While these collaborations are important to the success of every stakeholder in the ecosystem, we wanted to take a step back to discuss our motivations behind the creation of Machina.

For any organization that is looking to maximize the potential of their people, and the impact they have, leveraging cloud and mobile technologies is an obvious choice. The same is true for individuals looking to leverage their impact on our world. What is not so obvious is either party’s understanding of these technologies, the people and governments behind them, nor the risks associated with this collective. While the potential value of leveraging technology is easy to understand, the unintended consequences are certainly not always apparent.

Ultimately, this has caused most organizations to slowly, if at all, adopt cloud and mobile technologies into their core operations. They have stayed in bed digitally, so to speak. For individuals, many have jumped out of their digital bed and gone “all in” with an implied trust in those service providers. However, society is now beginning to realize some of the insidious consequences stemming from this implied trust model.

At Ionic Security, we see these as two parts of the same problem. For organizations, establishing trust in new technology solutions is hard, slow, and resource-intensive because they have a strong understanding of the risks associated with getting technology wrong. For individuals, trust in new technology solutions is often implied due to being less aware of the risks. Even when there is awareness, trust is often unverifiable until it is too late. Both problems stem from the same root, which is: We continue to use human-scale trust models in a futile attempt to be successful in our now machine-scale world.

Why historical models of human-scale trust will not work

Our world is different in several fundamental ways, even from the recent past. For one, the law, and the constructs that it was built on, were written at a time when the world was not virtual and still highly proximate. Everything you had was near you and could be touched. Those presuppositions no longer exist. The average human in a developed country—and by extension, the average organization—has more virtual data that is in a faraway place than physical assets in a tactile place at home or in the office.

Second, our macro society has never been more interwoven and interdependent. The actions of a few on the other side of the planet in cyberspace can have material implications for many.

Dunbar’s number suggests that the number of stable (trusted) social relationships humans can maintain is around 150. For the 2 billion Facebook users the average number of “friends” is now 338, and the median is 200. For organizations, this theory is manifested in the number of third-party technology providers they depend. Today the average number of distinct third-party technology services an enterprise relies on is approaching 1,500 which is up over 300% from 2013.

Both individuals and organizations are now well beyond the capacity of human-scale trust models to keep up. Antiquated trust models are severely limiting growth and operational efficiencies for organizations and consuming significant waking and resting cycles for many individuals.

With two fundamental societal pillars no longer true for many of us—tactile and proximate—evolution is inevitable. However, for one of the first times in society, we have a choice: Reactive or Proactive evolution.

So far, we have taken mostly a reactive approach to operating in this new paradigm. We continue to bring old techniques, law, and management models to the table.

A United States Government commissioned national security Infrastructure report resulted in the following conclusions:

…can not emphasize enough that ‘patching’ known weaknesses or vulnerabilities [in systems] individually was ultimately ‘futile’.
Creating ‘firewalls’ to stop data spilling between users, encrypting the storage of information and carrying out surveillance of monitoring of activity on machines were all useful but were really just papering over cracks without dealing with the fundamental problems.”

As summarized in historian Gordon Coera’s “Cyber Spies” (2015)

While this may or may not be a surprise to many of those reading this blog it will most likely be a surprise that this report is from 1972. Authored by James P. Anderson, then with the CIA and NSA, on behalf of the United States Air Force. If nothing else, it shows humans continue to resist change even when faced with the obvious.

Machine-scale trust for our machine-scale age

So, what is trust anyway? Merriam-Webster defines trust:


  1. assured reliance on the character, ability, strength, or truth of someone or something

By now, we have concluded both individuals and organizations relying on traditional approaches to trust have lost control or influence of the assurance anchor required for it to thrive.

Traditionally, this assurance has come from observable interactions between two or more parties over time. Language, beliefs and incentives, and proximity have played a critical role in moments where trust ushered in innovation while also paralyzing innovation, even regressing in some cases, when it was not established.

Today, many technologies speak wildly different languages, were built with fundamentally different beliefs and incentive structures, and are distributed across the far reaches of this planet and beyond.

[Let us take a moment to wave to the approximately 1,459 human-made satellites orbiting in space]

We now live in a machine-scale world where data is a valuable commodity, and new valuable data is created from old data without any further human interactions. How this data is managed, tracked, and assured must become seamless for individuals and organizations alike to ensure trust. This will lead to a new form of trust, one that is rooted in the data itself; data trust. Once this is established many of the symptoms caused by human-scale trust models will become irrelevant.

However, to enable this evolution of trust in data certain changes must be embraced by all ecosystem stakeholders:

  1. Scale – To scale, the language we speak to define, establish, and maintain trust must become programmatic and consistent. No longer can we rely on humans asking questions and checking in once a quarter.
  2. Seamlessness – Seams between technology service silos that operate in common ecosystem must become invisible for the individuals and organizations those ecosystems exist to support.
  3. Collaboration – It is what will ultimately enable scale, enable consistency, and enable the most efficient user experiences. Collaboration in the earliest stages among ecosystem stakeholders, even when some form of competing interests exists, must become the norm, not the exception.

To learn more about how Ionic Security is putting these concepts to work please see our strategic partnerships overview.