Vice President of Product Management, Chief Information Security Officer, Intertrust Technologies.
The internet, humanity’s most disruptive invention, has transformed industries and revolutionized how people interact. Yet, as in all previous markets, thieves, provocateurs and free riders have sought to profit from others’ labor. To respond, the good actors have built trust models and technologies to protect commerce, such as a secure version of the web protocol (https) and virtual private networks (VPNs).
Likewise, the age of connected things—the Internet of Things (IoT), billions of sensors, actuators and semi-autonomous machines that produce zettabytes of data daily—promises breakthrough efficiencies for homes, industries, supply chains and critical infrastructure. Unfortunately, the old ways of protecting our systems don’t apply with IoT because the bad actors are worse, the systems more complex and the impact of attacks more profound. The need for resilient systems, data ownership and governance has never been so apparent.
Statista shows, however, that data compromises have increased almost twelve-fold since 2005. Just when we have the greatest need to trust data, we have the least reason to. To undo this, we must understand why the internet failed to deliver a trustworthy environment for data and then take steps to build trust back into its data fabric.
How The Internet’s Data Went Down The Rabbit Hole
When the military adopted the protocol Vince Cerf invented in the 1970s to support nuclear deterrence, they used the best crypto and trust models available. Furthermore, as participants were highly vetted, this First Internet Era, in which academics had free use of the most resilient network ever invented, was marked by a trust model that worked remarkably well.
The Second Internet Era allowed point-to-point communication between desktops and other devices, enabling a slew of innovations, from credit-risk reduction to online banking, and saw the rise of juggernauts like Amazon. Stability was maintained through the checks and balances of e-commerce, leveraging existing governance and statutes. Here, too, the trust model worked within its governance framework of secure web protocols like HTTPS.
The Third Internet Era characterized the IoT with vast self-organizing meshes of end-point devices transmitting data with little to no security. The promise of revolutionizing home grids, cars, etc., has proven perilous to our personal lives, businesses and even our critical infrastructure in the face of cybercrime and cyber warfare.
This current chaotic state of the internet lacks a trust model fit for dealing with cyberwar actors and sophisticated hacker societies. Thanks to the cyberhacking technology curve, new kinds of crimes quickly spread before they are fully understood by regulators. Even the best infosec teams are overwhelmed by dreaded “zero-day” vulnerabilities dropped out of the blue that make systems that were secure yesterday hackable today. Aside from the nonstop stream of fraud and cybercrime the average citizen experiences, we endure state-sponsored cyber war and attacks on educational, corporate and government institutions in which a single incident can compromise millions of people’s safety.
All this emerged in tandem with an exponential increase in the amount of data exchanged online, which, according to IDC and Statista, has gone from 2 to 97 zettabytes from 2010 to 2022. More importantly, it occurred as the web’s promise of innovation, convenience and creativity exploded. As the internet grew in appeal, it became more dangerous.
This is worsened by the nature of today’s IoT networks because much of the data generated at the edge will never go to a data center. As the IoT becomes more distributed, the threat model grows in complexity.
The current trajectory of growing reliance on an increasingly untrustworthy internet is unsustainable, particularly when applied to the IoT. We need a trustworthy internet to maintain our momentum and solve our most serious problems. To reap the benefits of today’s billions of hyper-connected devices, we must manage data with granularity and specificity.
How do we usher in the promise of a connected society without exposing us to its dangers?
Emerging From Wonderland: A Next-Generation Trust Stack
We may not be able to recreate the initial model of a safe web today, but organizations can build “trust stacks” into their architectures for users to operate with trust and confidence by taking a few steps.
• Authenticating all devices that exchange data with the network, from personal devices to sensors to servers.
• Creating a secure channel for data exchange that ensures it is not tampered with, whether in transit, in use or at rest.
• Authorizing and preventing certain activities and data from being performed or exchanged and ensuring that only entities with express permission access specific data.
• Partitioning critical operations in a protected processing environment, just as only authorized crew can enter an airplane cockpit.
To create a trustworthy environment, a trust stack must include all of the above elements. Preferably, these should be consolidated into a single data governance and consent management model for an easy flow of data within an organization.
Once the appropriate entities can access data with ease while those who shouldn’t are duly prevented from doing so, organizations can free their resources to develop transformative data-driven business models while maintaining privacy and compliance with legislation such as GDPR and CCPA.
It’s Never Too Late To Be What You Might Have Been
We all lose in our current zero-trust, hyperconnected world of ungoverned data. The individual, to maintain a decent standard of living, signs away their rights to their data, losing any semblance of autonomy. Furthermore, society suffers because the lack of trust bars us from fully deriving the promises of the IoT to improve energy consumption, mobility, safety, communication, etc.
However, with the right technology approach, we can build a “trust stack” into the internet which allows everyone—from large enterprises to regular people and billions of connected machines—to operate safely in a secure environment.