Cloud
technologies
enable
people
to
collaborate,
enhancing
distributed
workforce
models
with
automation.
Organizations
continue
to
invest
in
these
technologies
so
that
they
can
reduce
overhead
and
optimize
revenue.
According
to
Flexera’s 2022
“Tech
Spend
Pulse”
report,
74%
of
respondents
said
digital
transformation
was
one
of
their
top
five
priorities
last
year,
and
69%
said
they
slightly
or
significantly
increased
their
spending
on
software-as-a-service
(SaaS)
technologies.
However,
everything
comes
with
a
cost.
The
asynchronous
collaboration
that
enables
business
operations
generates
new
security
risks.
Historically,
insider
threats
focused
on
malicious
or
disgruntled
employees
seeking
to
steal
information,
often
for
financial
gain.
Today,
insider
threats
more
often
mean
that
people
made
honest
mistakes.
Organizations
owe
a
duty
to
themselves,
their
customers,
and
their
workforces
to
implement
technologies
that
help
insiders
from
becoming
a
threat.
The
Majority
of
Insider
Threats
Are
Not
Threatening
Insiders
When
most
people
hear
the
term
“insider
threat,”
they
think
of
corporate
espionage,
insider
trading,
or
embezzlement.
The
phrase
connotes
theft
and
stealth
that
may
make
workforce
members
feel
their
company
no
longer
trusts
them.
However,
according
to one
report,
while
insider
threats
nearly
doubled
between
2020
and
early
2022,
56%
of
incidents
arose
from
carelessness
or
negligence,
while
only
26%
related
to
a
criminal
insider.
Building
Customer
Digital
Trust
When
companies
focus
on
security
and
privacy,
they
center
the
conversations
on
building
customer
trust.
Whether
in
a
business-to-business
or
business-to-consumer
organization,
customers
make
buying
decisions
based
on
an
organization’s
data
protection
capabilities.
In
the
B2B
space,
customer
due
diligence
and
contracts
validate
security
by
requiring
third-party
audits
and
responses
to
questionnaires.
Companies
recognize
that
to
sell
their
products
or
services,
they
must
implement
and
maintain
security
and
privacy
controls.
At
the
B2C
level,
organizations
have
no
contractual
requirement
to
provide
security
and
privacy
validation,
yet
buyers
do
consider
this
when
making
purchases.
McKinsey reports
that
consumers
consider
a
company’s
security
and
privacy
when
making
purchasing
decisions,
noting:
-
40%
of
all
customers
stopped
doing
business
with
a
company
that
was
not
protective
of
customer
data -
53%
of
consumers
make
online
purchases
or
use
digital
services
only
after
making
sure
that
the
company
has
a
reputation
for
protecting
its
customers
data
To
build
customer
trust,
organizations
implement
tools
that
enhance
their
security
posture.
Unfortunately,
in
the
process
of
protecting
data,
these
tools
create
end-user
frustrations
or
reduce
productivity.
These
usability
challenges
mean
that
insiders
try
to
find
workarounds
that
lead
to
mistakes
and
insider
threats.
Building
Insider
Digital
Trust
Workforce
members
need
to
view
security
as
an
enabler
rather
than
a
burden.
Too
often,
security
and
privacy
professionals
have
been
forced
to
choose
between
protecting
data
and
ensuring
workforce
members
can
do
their
jobs.
In
the
same
way
that
organizations
foster
customer
trust,
they
need
to
build
insider
trust.
By
providing
insiders
with
solutions
that
make
security
and
privacy
easier
for
them,
organizations
reduce
the
likelihood
that
people
will
find
workarounds
that
undermine
data
protection
objectives.
When
organizations
think
about
their
workforce
members
as
consumers,
they
build
internal
trust
that
mitigates
risk.
Look
for
Zero-Knowledge
Solutions
Outside
of
their
jobs,
workforce
members
are
consumers,
meaning
they
consider
privacy
when
making
purchasing
decisions.
They
want
to
know
how
their
employer
protects
their
information.
Organizations
using
zero-knowledge
solutions
protect
themselves,
but
they
also
prove
their
commitment
to
employee
data.
A
zero-knowledge
solution
never
stores
login
credentials
on
its
own
servers.
At
the
organizational
level,
this
mitigates
risks
arising
from
a
supply
chain
attack.
A
vendor
data
breach
compromises
employee
information.
A
zero-knowledge
solution
protects
employee
privacy
as
much
as
it
protects
organizational
security
by
protecting
the
contents
of
these
communications,
since
the
vendor
never
stores
that
information
on
its
servers.
By
showing
commitment
to
employee
data,
organizations
build
insider
trust.
Enable
Security
and
Privacy
Mindsets
People
rarely,
if
ever,
want
to
be
a
data
breach
source.
For
example,
when
employees
use
a
“share
with
a
link”
functionality
in
a
cloud
workspace,
they
just
want
to
be
helpful
or
get
their
jobs
done.
Security
and
privacy
technologies
should
fit
into
how
people
already
think
about
work.
For
example,
end-to-end
encrypted
(E2EE)
workspaces
can
provide
the
security
and
privacy
organizations
want
with
the
end-user
experience
people
expect.
For
example,
an
E2EE
secure
workspace
builds
security
and
privacy
into
people’s
daily
activities
by:
-
Encrypting
data
as
they
create
it -
Enabling
them
to
send
encrypted
files,
emails,
and
links
With
these
solutions,
organizations
implement
security
and
privacy
controls
without
blaming
the
end
user.
Workforce
members
feel
trusted
and
respected.
Leverage
Automation
and
Workflows
To
build
internal
trust,
organizations
need
to
see
security
and
privacy
through
their
employees’
eyes.
People
want
efficiency.
They
want
work-life
balance.
When
security
tools
impact
their
efficiency,
work
time
cuts
into
personal
time.
When
choosing
security
and
privacy
solutions,
organizations
must
consider
how
the
technology
impacts
employee
workflows.
When
faced
with
cumbersome
tools,
workforce
members
will
look
for
more
efficient
solutions.
By
implementing
solutions
that
incorporate
automation
and
workflows,
organizations
build
internal
trust.
Technologies
that
reduce
end-user
frustration
enable
employees
to
build
security
and
privacy
into
their
daily
tasks
without
compromising
their
personal
and
professional
goals.
The
Circle
of
Digital
Trust
People
are
the
reason
technology
exists.
It
enables
them.
It
makes
their
lives
easier.
It
helps
them
make
decisions.
People
use
technology.
Security
and
privacy
professionals
must
consider
people
when
implementing
technologies.
Too
often,
the
industry
focuses
on
external
stakeholders:
their
customers.
Organizations
implement
security
and
privacy
technologies
to
gain
external
stakeholder
trust.
By
paying
less
attention
to
internal
stakeholders’
needs,
they
often
create
security
and
privacy
gaps.
Companies
must
close
the
digital
trust
circle.
They
must
implement
the
tools
that
enable
their
internal
users
to
do
their
jobs
efficiently
and
securely.
In
doing
this,
they
reduce
insider
threat
risk
by
building
insider
trust.
About Author
