NinjaOne Exec on Why AI is Changing the Concept of Trust

At the intersection of AI demand and security best practices lies a relatively simple concept: trust. We spoke with NinjaOne’s Chief Trust Officer, Mike Arrowsmith, about the evolution of his role and why other companies are also embracing the new title and focus areas.

How the c-suite is evolving and why Chief Trust Officers might be in most companies’ futures

Arrowsmith’s title is still less-used than more traditional roles such as CIOs or CISOs, but as he explains it, the evolution of executive-level security and tech operations has pushed more companies to prioritize a trust-based approach in their leadership.

“I absolutely think more and more businesses are going to move to a trust officer model,” Arrowsmith said. “I always tell people to think of me as a security-focused CIO, because the CIO role is so well-established in people’s minds that it’s an important starting point.”

Arrowsmith describes his role as one that weaves trust into every decision made across product and other internal operations. This includes data and risk management work in addition to more standard security leadership overseeing the various attack vectors NinjaOne might have.

“I am ensuring our products are being built from the ground up with the forethought and focus on the trust our customers are placing with us to keep them secure,” Arrowsmith said. “We worry a lot about command and control and also think a lot about what we do with the data we collect. We are very strict about only collecting data we need to make our products better.”

As Arrowsmith describes it, his role is to shape and maintain the “trust ecosystem” between NinjaOne and its partners and customers.

In an AI-driven world, security remains critical

That trust ecosystem has perhaps never been as important to organizations as it is today. The widespread adoption of AI tools has opened up new opportunities (and new risks) that leaders didn’t have to consider just a few years ago.

“AI is probably the single most popular topic I get asked about,” Arrowsmith said. “Most of the time we look at AI as a beneficial tool for productivity, and it definitely is, but there are also significant risks that companies need to consider.”

Those risks compound and complicate the lengthy list of security issues businesses already faced. To Armstrong, even though more people are talking about security than ever before, there are still many who do not approach every facet of their business with risk foundational to the approach.

“As much as I would like to say everyone intrinsically as an awareness of risk, that just unfortunately is not true,” said Arrowsmith. 

To counter this, Arrowsmith says organizations should understand their risk posture, including both what they are willing to tolerate in terms of potential risks and what they absolutely must secure themselves against moving forward. 

He also says practitioners and leaders need to break down the so-called “ivory tower” mindset that makes other parts of the business often feel disconnected from the security operations. Open communication and transparency between everything from security and IT to legal, finance, and others are crucial to corporate success, Armstrong said.

“Most CIOs I speak to have this, and we’re seeing more and more MSPs picking this up as additional services they offer to customers,” Arrowsmith said.

The AI maturity curve requires deliberate oversight and leadership

With the security and data issues top of mind, partners and customers are increasingly voicing concerns about their AI implementation processes. While Arrowsmith still sees opportunity in leveraging AI for a variety of reasons, he also says companies will increasingly see regulatory actions aimed at ensuring AI is deployed securely.

“Through more of this regulatory work and ultimately just increased awareness and training, the Wild Wild West days, as I call them, I think are going to be a thing of the past. I hope we’ll look back on this moment and see a shift,” Arrowsmith said.

As regulatory actions continue to shift what organizations must do, Armstrong says they don’t have to wait for laws to address best practices internally. To him, bringing a trust-first approach similar to NinjaOne’s throughout the c-suite is one way to do so.

For Armstrong, the need for a chief executive dedicated to trust will only grow over time, and he sees the leadership model as the next evolution of security leadership.

“It would not surprise me if the CIO is eventually a thing of the past,” said Arrowsmith.