Building Digital Trust by Securing Our Cyber Space
by Mr Chester Chua
As policymakers and industry leaders gathered in Singapore last week at the Singapore International Cyber Week to discuss Digital Security: A Shared Responsibility, we were reminded of our common interest in securing the digital world, which transcends physical and political boundaries. This common interest cannot be taken for granted.
In recent years, we have observed the erosion of trust in the digital ecosystem globally. For instance, according to the 2021 Edelman Trust Barometer, trust in the technology industry fell to an all-time low globally, though it rebounded slightly this year. Malicious cyber actors are taking advantage of the lack of cooperation in the digital ecosystem, which further erodes digital trust.
It is therefore imperative that all of us in the digital ecosystem come together to rebuild trust, so that societies can realise the full benefits of technology. SGTech has defined digital trust as the confidence that participants have in the digital ecosystem to interact securely, in a transparent, accountable, and frictionless manner. A core element of digital trust is security.
Google’s transformation occurred after a sophisticated nation-state attack against its corporate infrastructure resulted in the theft of intellectual property and affected at least 20 other companies in 2010. Dubbed Operation Aurora, this was the first time that a major company had publicly acknowledged an attack of this magnitude.
Following that, the company instituted its Safer with Google programme based on three key principles: Secure by default, private by design, and you’re in control.
SECURE BY DEFAULT
Google’s vision is what it calls “invisible security”, under which security features like encryption and malware detection are engineered into its products from the start. In addition, all users, devices, and apps are continuously validated in exchange for access to data. This “zero-trust” approach to security assumes that no single component in a network can be trusted implicitly. It allows legitimate users to access the network while limiting a malicious actor’s ability to move laterally should they infiltrate the network.
Google champions this approach for both its users and enterprise customers. Users are automatically enrolled in two-step verification for identity confirmation. For enterprise customers on Google Cloud, the default configurations are designed to ensure that all users start from a high security baseline. For example, Google is the first major cloud service provider (CSP) to encrypt all data at rest and in transit by default, and at no additional cost.
PRIVATE BY DESIGN
Google is relentless in pushing the boundaries of technology while upholding responsible data practices to protect its users’ and enterprise customers’ privacy. It recently launched a Protected Computing initiative to minimise its users’ data footprint, de-identify their data, and restrict unauthorised access.
This initiative builds on its privacy-enhancing technologies in federated learning and developing the world’s largest open-source library of differential privacy algorithms. The company also collaborated with other major CSPs to establish a set of trusted cloud principles for privacy protection.
YOU’RE IN CONTROL
Google empowers its users and enterprise customers by providing easy-to-use privacy and security settings. Last week, it rolled out My Ad Centre
globally – including Singapore, a new product that gives users more control over the ads they see on YouTube, Search, and their Discover feed, while still being able to block and report ads. Enterprise customers on Google Cloud can use Access Transparency and Access Approval
to gain full visibility and control over Google’s access to their data. As an industry-first, Google Cloud customers can also store their encryption keys outside of Google’s infrastructure with External Key Manager
for sensitive data, for instance.
Cybersecurity is a team sport. Google is eager to collaborate with partners in government and industry to advance internet safety and to help build digital trust. In Singapore, for instance, Google is proud to participate in the SG Cyber Safe Partnership Programme
by the Cyber Security Agency of Singapore. Global co-operation on an open and secure internet, cybersecurity standards, and visibility into cyber threats are valuable tools against malicious actors.
Unfortunately, there has been an emerging trend of countries moving in a different direction by passing measures that limit access to information, restrict cross-border services, and localise digital operations. These measures amount to a push towards digital fragmentation. Some governments believe that “digital sovereignty” or data localisation requirements enhance national security, when in fact, studies show that such policies make it harder to build resilience, disseminate the latest threat intelligence, and share the most advanced technical architectures.
The digital ecosystem needs digital solidarity
among countries, companies, and communities. This will require cooperation and collaboration among governments to establish frameworks and norms that promote innovation, increase competitiveness, spread the benefits of digitalisation, and uphold the promise of the internet for everyone.
This week, as stakeholders in the technology industry come together at the inaugural SGTech Global Future Series: Digital Trust Forum
, we hope they will work hand-in-hand towards securing our cyber space, forging this digital solidarity, and restoring digital trust.
We would like to thank Mr Chester Chua, SGTech’s Digital Trust Committee Exco Member and Head of Government Affairs & Public Policy for Singapore at Google Cloud; as well as Mr Raju Chellam for his insightful editorial contributions.
Pioneering Digital Trust
SGTech believes that there is an opportunity to position Singapore as a global node for digital and data, based on trust.
Learn more or join our upcoming SGTech Global Future Series: Digital Trust Forum at https://bit.ly/digitaltrustforum. Registration closes at 26 Oct, 5pm.
Read the Digital Trust White Paper: https://bit.ly/DTwhitepaper
Published Oct 2022