From the pillars of a healthy digital trust system to the best approach for organisations to build this system with customers, partners and stakeholders, James Bowman, Senior Director of Security Governance and Compliance at Diligent outlines the evolution of digital trust and how Diligent is empowering its clients to manage unforeseen risks, be compliant and drive efficiencies within their security processes.
What is digital trust and why does it matter in business?
Drawing from my background in security compliance within the organisational framework, I consistently link digital trust to assurance. In my previous role, I focused on providing our customers with the assurance that our systems and platforms not only met high-security standards but also maintained a robust security posture. This assurance was pivotal in establishing trust with our customers that their data was safeguarded.
On the flip side, another part of the digital trust is providing assurance to the executive team and board to reinforce the security posture. This encapsulates my perspective on what digital trust is and why it is so important in any business.
What are the pillars of a healthy digital trust system?
For me, transparency is important. In my previous role, the emphasis on transparency held great significance. Tasked with compliance for global security frameworks and certifications for our cloud platform, I navigated through obtaining and sustaining certifications with a focus on transparency.
Swift acquisition of certain certifications was facilitated by the transparent approach we adopted. Third-party auditors and government organisations reviewing assessments and audits benefited from the clarity in our processes.
Transparency within the organisation extended to reporting to the executive leadership team and the Board of Directors and was a pivotal element which ensured a comprehensive understanding of our security posture and organisational risks.
The recent developments in the US such as the new SEC requirements and legal actions against certain companies underscore the importance of providing an accurate view of our security posture and organisational risks to our CISO and our Board of Directors.
What is the best approach for organisations to build healthy digital trust with customers, partners and other stakeholders?
Here at Diligent, we maintain a dedicated team focused on providing assurance to customers throughout the initial sales process and on an annual basis. This assurance takes various forms including questionnaires, updated annual audits, audit reports and pen testing, all provided upon request to our existing customers.
Extending this diligence to our third-party vendors also contributes to a comprehensive security framework. We extensively use vendors across our global platforms, particularly relying on AWS with deployments in multiple regions. As a major vendor, we consistently assess their security posture, certifications and audits, ensuring continuous visibility.
Operating as a global GRC, our platform allows us to monitor third-party vendors efficiently. This capability is integral to our approach and we leverage partners within the platform such as Security Scorecard and BitSight for added effectiveness. This robust system underscores our commitment to maintaining a secure and reliable environment for our clients.
What are the signs and characteristics that an organisation is operating on a healthy digital trust system?
In my current role, I engage with various organisations, assisting both mature and maturing systems. Continuous monitoring and robust vulnerability management backed by a solid vulnerability management programme and adherence to SLAs for remediation are crucial to a healthy digital trust system. Evaluating security frameworks, certifications and their upkeep during annual audits is part of our focus.
In the US, adherence to SOC 2 is pivotal, while Federal work demands compliance with FedRAMP or DOD cloud authorisations and in Europe and APAC, ISO 27001 holds significance, reflecting our commitment to regional appropriateness. These facets shape a healthy digital trust and reflect an organisation’s emphasis on risk and security posture. Operating in tandem with a proficient security team covering operations, application security and compliance contributes to a robust digital trust programme.
How does Diligent empower organisations and clients to manage unforeseen risks, be compliant and drive efficiencies within their security?
Our digital platform serves as a robust Governance, Risk and Compliance (GRC) solution. We thrive in assisting customers with IT compliance, ensuring adherence to security frameworks and managing third-party risk through collaborations with key partners such as Security Scorecard, BitSight and other experts in IT and enterprise risk management.
Our comprehensive approach involves tracking risks within the organisation and providing visibility to executive teams and boards with a singular viewpoint. This enables these teams and boards to gain accurate insights into both the security posture and risks prevalent throughout the organisation.
How do you see the approach to digital trust evolving with the coming of Artificial Intelligence?
AI is genuinely interesting and my aspiration is to leverage it to enhance and streamline aspects within digital trust and security teams. The goal is to reduce cycles for our team. I anticipate that AI will play a pivotal role in offering predictive analysis and identifying potential risks before they escalate into issues. These developments herald exciting times and I eagerly anticipate their unfolding. For those who have an interest in advancing their security and digital trust programmes, our team is open to having a conversation on how we can contribute to the progression of your organisation in fortifying your security and digital trust initiatives.
Click below to share this article