Trusted Multi-Tenant Work Group Trust Assessment Framework

As enterprises and individuals move into more complex hybrid environments with services spread across mobile apps, cloud service providers and distributed ecosystems it is imperative that we find a way to manage the trust relationships that make the distribution of responsibility work. This is more than just validation of the identity of an end user or even the state of a single device. Enterprises need a framework that supports assessment in a way that accounts for a dynamic environment whether an action should be taken or not. It is not enough to ask a binary question, “Do I trust this app?” Enterprises must be able to ask a much more nuanced series of questions, starting with “do I trust the ecosystem of participants in this action enough to take the action?”

This document is intended to fill the gap in the industry between the definitions of Risks and Trust. Risk is well defined but trust is not well defined. This document is also a complement to the ITU-T X.1254 “Entity authentication assurance framework” recommendation assurance levels for electronic identity to establish a definition of trust levels. The intended audience of this document is those business and technical leaders who would be involved in or responsible for the decision to utilize a multi-tenant infrastructure or to move a current in house capability to a multi-tenant infrastructure.