I’ve had two interesting, and diametrically opposed, conversations in the past couple of weeks on the subject of trust…
Yesterday I met someone who was recounting the experience of a friend working in the visual effects industry. VFX as it’s known in the trade is something of a boom industry in the UK at the moment and many Hollywood studios depend on studios in London to produce their stunning visual effects.
The friend had found that in recent months the fear of footage being leaked during the production cycles had reached such a peak that staff were required to drop mobile phones off at reception and then go to work on computers disconnected from the outside world. Despite there never having been any leaks in the past, creative talent was being forced to work “in a bunker” and were feeling suitably oppressed.
Compare that to a conversation a couple of weeks ago with a senior manager at Google. He was recounting how there was an incredible level of openness within the organisation, with product and other business announcements common knowledge within the business before being released to the outside world. Googlers knew the boundaries of disclosure and kept things to themselves as appropriate. He (and I) couldn’t recall a single leak that had occurred over the years, certainly in the Google for Work arena in which he worked. Compare that to the sieves that appear to be some of the other big, more draconian, tech companies.
There are a couple of things that strike me about these two stories. The first is that, in the case of Google, this implied trust that does seem to be a deep-rooted part of their culture probably explains why for so long they have responded to questions about information security and the like with little more than “trust us”. That’s been a barrier to them becoming more embedded into the corporate world, but interestingly the devices that Enterprise clients are looking for (third-party accreditation, contractual specificity and so on) are in many ways totems of mistrust – “I don’t believe you – I want a third party to verify or the law on my side please”. That’s very difficult to bring into a company who started with a mission of not “being evil”.
The broader point, though, is that trust breeds trust, and mistrust breeds mistrust. If you want someone to trust in you, then the worst way to begin that journey is to start on the basis that they themselves are untrustworthy. And yet when you look at so much policy and procedure that exists within our institutions, it starts with expecting the worst from people – and also in the realms of security intermingles mistrust of outsiders with mistrust of insiders. If you fundamentally don’t trust your staff, and that mistrust is enshrined into the mechanics of your organisation, getting the trust of your organisation’s members is always going to be an uphill battle.