Earn trust, earn trust, earn trust. Then you can worry about the rest.”
Seth Godin
Like Seth Godin’s quote, we position trust as a foundational component of our Mutable Business™ framework. What is it and why is it essential for all characteristics of an organisation, its business practices, the technology it uses, and the commercial transactions it makes? Trust can be defined as belief in the reliability and integrity of something or someone. It is society’s most precious and fragile asset. It is at the heart of all trade. For thousands of years business has grown up with some sort of trusted intermediary overseeing or involved in the value exchange, be it a marketplace, bank, lawyer, accountant, or regulator (and often all of them). For hundreds of years every party in the exchange has been keeping their own double entry bookkeeping systems to keep track. The money those systems and processes record in the commercial exchange is itself a transactional form of trust, but the concept touches much more than just the currencies involved. Every organisation must engage the trust of its employees, customers, business partners, shareholders, investors, advisors, and other stakeholders, in order to be successful. There are many, overlapping, necessary conditions for Trust.
The key characteristics of good governance and trust for an organisation cover:
- Authority
- Competence
- Reliability
- Consistency
- Transparency
- Integrity
- Accountability
A successful and Mutable Business™ needs to create a shared consciousness that addresses and builds on all of these elements, but more trust shouldn’t be the goal. The emphasis should be on more trustworthiness . The organisational culture must include transparent and consistent information sharing, a networked, distributed management style rather than command and control, and an intent on building genuine relationships and trust between all stakeholders. The business case for Diversity and Inclusion is well known and should be actively promoted as part of the mix.
Successful companies have a strong identity. The founders knew the organisation’s “why”, the reason for being, the core purpose of the venture they started. Purpose is a crucially important ingredient in attracting, keeping and getting the best out of today’s workforce which is more Millenial and Generation Z oriented. It’s the crucial starting point for the business practices and issues a Mutable organisation needs to be seen to be addressing which are:
- Purpose
- Values
- Ethics
- Cultural and religious factors
- Sustainability
- Reputation
- Corporate Social Responsibility
- Independent Assurance
- Business Continuity
The Mutable Business’s™ strong identity should go hand in hand with a trusted brand or brands that demonstrate the values, ethics and reputation of the organisation. It will have processes and procedures in place for managing that reputation when it comes under threat. They will have security and risk management embedded in their planning and design processes. The organisation should have a clear position on how it balances risk management and risk elimination. Crucially, this approach to risk should be seen as a business enabler, rather than a cost. The Mutable Business™ should have robust and regularly tested business continuity and business resilience plans, and work with partners to ensure that its processes and approaches are independently assured.
From a technology perspective, the Mutable Business needs to address its management of:
- Identity
- Governance
- Resilience
- Security
- Quality
Post pandemic, with increasing use of digital technologies and the big shift towards home working the traditional perimeter is dead, creating an ever-expanding attack surface for more and more sophisticated cyber crime. The smart and agile companies will recognise that the majority of attacks start with the human factor. To be truly Mutable in protecting your products, services, business systems and the people that operate them we advocate adopting a Zero Trust framework that is implemented holistically and built in by design. In all of your internal or customer facing apps never trust, always verify. With this approach access is granted individually for just one event on a just-in-time basis and is then revoked when that task has been performed. You focus on individual identity and only what you need when you need it, rather than generic classes of users.
In order to maintain a state of trust in your processes and procedures your threat detection and response needs to go beyond traditional preventative measures. The aim is to uncover both known and unknown, hidden or emerging threats as quickly and efficiently as possible in order to limit the damage that they can cause. All network and data activity should be monitored, logged and then evaluated. The Mutable Business™ uses automation, applies behavioural analysis and keeps their teams well trained, with robust and regularly tested plans for managing data breaches. The organisation must be able to trust that sensitive information is adequately protected. People associated with the organisation must be able to trust that their information and privacy are adequately protected with good governance.
Should trust and trustworthiness be on the balance sheet? It has that level of importance. It is hard to engender and easy to lose. No business can operate effectively without it. Our research confirmed by Leading Digital by George Westerman, Didier Bonnet & Andrew McAfee shows that the digitally savvy organisations generate more revenue, more profits and are worth more on the stock market, but none of that success will happen without trust being considered end to end across your application of the Mutable Business™ framework.