For the internet of everything (IoE) to realize its full potential, digital trust is paramount. Trust decisions among digital ecosystem partners must be supported by a common language and standards for information, capabilities and open application program interfaces (APIs).
This is the third article in a three-part series summarizing TM Forum’s new technical report Digital trust challenges and opportunities. It looks at the roadmap of challenges communications service providers (CSPs) and their partners face. Previous articles have covered the definition of digital trust and a vision for the future.
TM Forum has identified seven important digital trust challenges.
1. Establishing a common digital trust framework
Challenge: How can businesses and standards-development organizations (SDOs) establish common digital frameworks to realize the potential value of digital trust capabilities?
Developing a common digital trust framework requires a common vocabulary, information models, business process models, APIs and metrics. Using TM Forum’s Frameworx suite of standards-based tools and best practices, which includes the Business Process, Information and Application Frameworks, can be a good starting point.
Identifying, cross-referencing and leveraging other de facto standards that address portions of the digital trust framework is also key. Key SDOs include: International Organization for Standards, the Cloud Security Alliance, the Online Trust Alliance, the OpenID Foundation and the QIY Foundation, among others.
2. Regulatory compliance
Challenge: How can businesses, regulators and SDOs collaborate to address the increasing demands for regulatory compliance while creating a regulatory environment that enables and supports digital trust capabilities?
Through regulation, governments are demanding that businesses protect customers, end users, marketplaces and suppliers from rapidly increasing threats including data, and identify theft, fraud, denial of service, ransomware and terrorism. The EU’s General Data Protection Regulation (GDPR) and the EU-US Privacy Shield are good examples.
The primary objectives of the GDPR are to give control back to citizens over their personal data and to simplify the regulatory environment for international business by unifying regulation within the EU. The regulation lays the foundation for near-term digital trust capabilities and raises the issue of conflicts between balancing privacy and transparency (for example, data portability and the right to be forgotten).
The graphic below shows the relative strength of data protection laws worldwide.
SDOs and technology providers are deepening their collaboration with regulatory bodies to influence future regulations to address cybersecurity, privacy, transparency and other issues in a balanced way. A digital trust framework can provide a common language for doing so.
3. Digitizing business rules
Challenge: How can the digitization of business rules be accelerated to increase the efficiency and effectiveness of digital trust decisions?
Trust decisions are made based on business rules (for example, ‘do not offer this product to a consumer with a credit rating less than X’; ‘do not acquire a service from a supplier with a response time greater than Y and defect rate greater than Z’). The speed and accuracy with which business decisions can be made increases as business rules are digitized.
Business rule decisions that require human intervention can take much longer than digitized business rule decisions, and in the IoE where many ecosystem participants will be devices or machines, digitized business rules and automation will be necessary.
Digitized business rules require digital specifications and verification methods to ensure that decisions are accurate and fast. Smart contracts and computational law are examples of efforts to digitize business rules. The Object Management Group has also published a Decision Model and Notation (DMN) specification.
4. Information governance and provenance
Challenge: How do businesses improve information governance and provenance capabilities to provide more trustworthy digital information?
Trust, privacy, security, revenue management, customer experience management, analytics, platform businesses, digital ecosystems, and managing and monetizing the IoE all depend on the availability of accurate, precise and timely information. This information often comes from a long chain of sources, and trustworthiness of the information is based on the originating source’s information governance and provenance capabilities.
The GDPR requires basic information governance and provenance capabilities. Blockchains also offer capabilities for information provenance and immutability. The Dublin Core Metadata Initiative is an example of an open metadata standard which enables high-level information governance and provenance. In addition, the Worldwide Web Consortium (W3C) has published provenance recommendations for the Semantic Web, a proposal for structuring and tagging web data so that it can be read directly by computers.
5. Balancing privacy, security and transparency
Challenge: How do businesses balance privacy, security and transparency?
Balancing the privacy of individuals’ and organizations’ information with the ability to use the information to develop better products, services and experiences for customers is key to creating long-term, mutually beneficial, sustainable trust relationships among all the members of a digital ecosystem. Customers will be more willing to share their information for different purposes with businesses they trust.
Security is the foundation of digital trust. Without the ability to reliably control who gets access to what information for what purpose, privacy is impossible to maintain. Transparency is a critical capability for achieving digital trust, yet it is the most counter-intuitive to common business culture and practices. A key example of this is the need to turn difficult-to-understand, deliberately ambiguous legal agreements into simple to understand, unambiguous, computational contracts or smart contracts.
This change in contract writing and management requires a 180-degree change in legal risk-management approaches. Stanford Law School’s CodeX organization is researching computational law and collaborating with academia, government, the legal profession, businesses and technology organizations to develop these capabilities.
6. Digital trust decision computational capabilities
Challenge: How can businesses develop digital trust decision algorithms and implementations that can be computed in a timely manner (‘right-time’) to realize the full potential of digital trust capabilities?
The timeliness and accuracy with which digital trust decisions can be made are partially determined by the performance characteristics of the algorithms and implementations used to make these decisions. Timeliness requirements will be different for different scenarios (for example, people- to-machine trust decisions may have longer decision-time requirements than machine-to-machine trust decisions).
The need for automation and real-time access to information will bring digital trust decision computational capabilities to the forefront. Smart contracts and new decision-modeling standards like the Decision Model and Notation (DMN) specification will help deliver these capabilities.
TM Forum’s Customer Centricity Program has been working on the issue of timeliness in trust decisions. A recent Catalyst proof-of-concept project called APPEX omnichannel management showed how CSPs can use persona-driven, real-time decision-making to provide a consistently good, seamless experience across all customer contact channels, regardless of the type of channel or time of use. The team used a ‘next-best action’ knowledge-based analytics engine, which combined predictive and adaptive analytics with proven best practices to capture historical data for simulation and learning. It then was able to deliver appropriate decisions, offers and suggestions in response to real-time events.
7. Managing autonomous digital trust decisions
Challenge: How can businesses establish safeguards and provide transparency to digital trust decisions based on artificial intelligence (AI) and machine learning?
Autonomous digital trust decisions made with no human involvement require safeguards to protect against incorrect or questionable decisions. Using AI and machine learning to make these decisions increases the difficulty in ensuring proper decisions because of the complexity, dynamic nature and potential opacity of these decision-making technologies.
Enhanced digital decision-monitoring capabilities and decision-tree traceability will be required. It is especially important that customers can ask for an understandable rationale for the decision to gain confidence in these technologies.
The next step is to flesh out the challenges and then prioritize and map them to multi-year goals and annual objectives. Many of the goals will build on existing TM Forum assets and activities such as the Privacy Dashboard and API, the GDPR Catalysts project, Customer Experience Management Metrics, the Digital Maturity Model, and blockchain activities.
If you’d like to get involved in the Forum’s work on digital trust, please contact Craig Bachmann.