Operations are a core part of the Digital Trust Ecosystem Framework (DTEF).1 The Enabling and Support domain has elements around process and technology. The Direct and Monitor domain includes governance, sustainability and resilience. Part of any organization’s reputation, which effects others’ trust in said organization, is the ability to deliver services consistently at an acceptable performance level.
The reality is that customers and partners care when operations are down. Organizations do not get a pass because an outage happens digitally instead of in the physical world. It is useful to look at several examples of how operational failures impact trust from the physical world, then delve into the digital world with several more examples.
The Telephone: Landline vs. Cellular
I grew up in the era before the cellphone and our expectation was when we picked up the handset on a physical landline, it just worked. Outside of a disaster or some unexpected incident such as a truck knocking down a telephone pole, we were caught by surprise when we picked up the phone and did not get a dial tone.
Outside of an unexpected event, when we received a fast busy signal because either the local exchange or the one where we were calling (e.g., for a long distance call) was overloaded, most telephone corporations (telcos) knew that as customers, we would not tolerate that situation for very long and capacity was something that was quickly addressed.
That same expectation initially carried over to cellular phones. However, users learned quickly that coverage was not equal across providers or consistent across locations in a particular metropolitan area. For instance, on a recent forum, I saw a post from a military member who was moving to a new location and asked what provider was best there.
With that said, if we start to experience operational issues outside of coverage and dead zones, as with the physical landline, we start to lose trust in the cellular carrier. A consumer who has a bad experience in a cellular providers brick-and-mortar store may be inclined to change providers, no longer trusting the carrier to deliver a reasonable experience. This is why both cellular service and purchase experience are considered.2 This certainly happens in the corporate world. If a cellular provider does not measure up, when the contract comes due, the organization will likely make a change.
A Hard Freeze and the Loss in Confidence
The US State of Texas, and especially the city of Houston, has had its fair share of hardships during the last decade, but the most surprising was the deep freeze Texas experienced in February 2021. The power grid for most of the state was ill-prepared to handle extreme cold temperatures, and for that, the Electric Reliability Council of Texas (ERCOT) took the brunt of the blame. Many Texas residents were left without power with temperatures below freezing. A large percentage were also without running water. And, in some of the most vulnerable areas of Houston, food was scarce as well since those communities are considered food deserts. Without operating infrastructure, it was nearly impossible to get needed food supplies.3 After such a catastrophic event, it was unsurprising that many Texas residents lost confidence in the ERCOT and the state as a whole to provide proper utilities in the event of another deep freeze. However, the power company has an edge in these situations because of its monopoly status. Consider if consumers had another reasonable option. Would they have stayed with ERCOT? Likely not.
On the other hand, this crisis did boost the profile and trust of a particular product, the Ford F-150 hybrid truck with electrical generator. Some truck owners were using the vehicle to provide electricity to their homes. When the reports went viral, Ford asked its dealers in the affected areas to loan the trucks with onboard generators where needed.4 Ford, and the F-150 Hybrid with generator, in particular, received a great deal of positive media attention as the reports went viral.
Distrust with one area of a government can lead to distrust with every area of that government.
From Physical to Digital
It is often easier to better understand trust when considering physical world situations, because it is more tangible and is often what we first experience. However, there are operational concerns in the digital realm that greatly affect trust as well. One common example is the biggest shopping day of the year in the United States: Black Friday.
Black Friday Issues
"Black Friday" is the common term for the Friday after the US Thanksgiving holiday. Traditionally, it is the start of the holiday shopping season in the United States. Many brick-and-mortar retailers offer highly publicized sales with deeply discounted prices and open early, sometimes as early as midnight, to generate shopping excitement. Black Friday 2022 saw a data quality issue arise with Amazon ad reporting, meaning advertisers were getting bad data from Black Friday afternoon to sometime on Sunday.5 The ad expenditures were significantly less than what advertisers expected, yet the ads were still successfully running. This meant that advertisers had no accurate information on how much money they were spending. Their only means of gathering data was the system Amazon provided, and it was providing data that could not be trusted. It is not difficult to understand why advertisers lost some trust in Amazon’s ability to deliver.
Of course, operational issues on the biggest US shopping day of the year can have a significant financial impact on the organization due to creating a trust issue. Costco opened sales on Thanksgiving Day but had a lengthy site outage, which was estimated to have cost the company nearly US$11 million.6 While Costco extended its promotional sales into Friday due to the outage, there were likely some consumers who did not give the retailer a second chance, meaning lost sales. While others may have stepped in to seize the opportunity, a dissatisfied customer can have a significant impact on an organization’s perception, hurting its relationships all around. Inc. compiled statistics from various studies that indicate a dissatisfied customer is 91 percent likely to be a permanently lost customer and will also tell nine-15 people about the poor experience leading up to it.7
Ransomware and Government
While I have focused primarily on retail, the DTEF is applicable to any organization that is active in the digital world. This includes governments. A government entity has similar relationships with customers and partners as with retail organizations, but the nature of those relationships is different. There are different trust factors involved when it comes to government organizations. A consumer can choose to go to another retailer, but unless one moves, one must interact with the government where one lives. So, if a city government’s services and capabilities suddenly go down due to a ransomware attack, where do you go to pay your water bill?8
As with the Texas deep freeze, the uncertainty of when services will be restored can lead to a growing distrust in the government entity, be it municipal, regional or national. Distrust with one area of a government can lead to distrust with every area of that government. While a government is not going to have statistics such as lost revenue, this lack of trust can manifest as lack of engagement and lack of cooperation or in people leaving the area altogether. Ransomware is possibly the worst digital issue that a government may have to deal with-for example, when the US city of Dallas, Texas, was hit with a ransomware attack and many municipal services experienced serious disruptions or went down altogether.9
The worst thing the city could have done was to implement what was effectively a black out policy, which was what the city chose to do. By providing estimates, even if those estimates had to be updated to reflect new information, the city could have done a better job of maintaining its public trust with constituents. That lack of transparency exacerbated the trust issues cause by the operational outage with residents stating that they did not know "what’s going on with the city."10
Neglect Operations at Your Own Peril
A failure in operations can lead to a loss of trust in relationships for any enterprise. This is true both with physical and digital interactions. Part of what determines an organization’s digital trust in a digital world is its reliability. Issues with reliability will cause customers who have relationships with the organization to look elsewhere. This is why the DTEF has trust factors focused on operational capacity, monitoring, reliability and sustainability. Keep in mind that when we talk about an operational failure, a physical failure can impact an enterprise digitally, especially in the retail sector. For instance, if an organization cannot ship the orders it has accepted, that is going to affect customer confidence in the organization. The reality is that any operational issue can affect an organization’s digital trustworthiness. Therefore, the warnings in the physical world apply to the digital one as well: neglect operations at your own peril.
Endnotes
1 ISACA®, Digital Trust Ecosystem Framework (DTEF), USA, 2022. The DTEF is currently in limited release. The most up-to-date information on ISACA’s digital trust offerings can be found at h04.v6pu.com/digital-trust.
2 Cox, D.; "Report: The Best Cellphone Providers in America," Clark.com. 15 June 2023, http://clark.com/cell-phones/best-cell-phone-providers/
3 Stewart, S.; "Remembering Houston’s Deep Freeze of 2021," Houstonia, 21 December 2022. http://www.houstoniamag.com/news-and-city-life/houston-storm-uri-deep-freeze-february-2021
4 Gorgan, E.; "2021 Ford F-150 PowerBoost Is a Life Saver in Texas Freeze, Powers Up Appliances," AutoEvolution, 19 February 2021. http://www.autoevolution.com/news/2021-ford-f-150-powerboost-is-a-life-saver-in-texas-freeze-powers-up-appliances-156390.html
5 Goldman, J.; "Amazon Ads’ Reporting Mishap on Black Friday Gives Retail Media a (Temporary) Black Eye," Insider Intelligence, 29 November 2022, http://www.insiderintelligence.com/content/amazon-ads-reporting-mishap-on-black-friday-gives-retail-media-temporary-black-eye
6 Goldman, M. C.; "Costco’s Thanksgiving Day Website Crash Cost It Nearly $11M," TheStreet, 30 November 2019, http://www.thestreet.com/technology/costco-thanksgiving-day-website-crash-cost-it-nearly-11million-15185344
7 Thomas, A.; "The Secret Ratio That Proves Why Customer Reviews Are So Important," Inc., 26 February 2018, http://www.inc.com/andrew-thomas/the-hidden-ratio-that-could-make-or-break-your-company.html
8 Brumfield, C.; "Ransomware Attacks Pose Communications Dilemmas for Local Governments," CSO, 21 June 2023, http://www.csoonline.com/article/3700488/ransomware-attacks-pose-communications-dilemmas-for-local-governments.html
9 Ibid.
10 Ibid.
K. BRIAN KELLEY | CISA, CDPSE, CSPO, MCSE, SECURITY+
Is an author and columnist focusing primarily on Microsoft SQL Server and Windows security. He currently serves as a data architect and an independent infrastructure/security architect concentrating on Active Directory, SQL Server and Windows Server. He has served in a myriad of other positions, including senior database administrator, data warehouse architect, web developer, incident response team lead and project manager. Kelley has spoken at 24 Hours of PASS, IT/Dev Connections, SQLConnections, the TechnoSecurity and Forensics Investigation Conference, the IT GRC Forum, SyntaxCon, and at various SQL Saturdays, Code Camps and user groups.