We now live in an “Allternet” world, where all people, products and places are hyper-connected and fundamental shifts in how we interact and trust each other are emerging.
However, as the boundaries between people, machines and experiences become increasingly blurred, technological innovation brings risk. In the last 12 months, a staggering number of consumer-focused cyber breaches have seen businesses held to ransom by cybercriminals easily circumnavigating outdated, antiquated methods of authentication, such as passwords.
Recent cyber-defense investment has focused on monitoring existing systems for evidence of compromise. While prudent, it’s the cyber equivalent of installing alarm monitoring systems and CCTV to notice burglars because it’s easier than changing all the locks to keep them out.
Yet consumers are fast losing faith: in 2015, research revealed fewer than 5% of UK and US ‘Millennials’ trust the safety of their digital identity and personal data. It’s time for a new approach that rebuilds digital trust into today’s digital economy; we need proactive systems that are cyber resilient by design, and the only effective way to do this is to ensure that only trusted people, applications and devices gain access to protected assets in the first place.
What is digital trust?
A cornerstone of both enterprise and national cybersecurity strategies, digital trust is a prerequisite for e-commerce and critical infrastructure protection. Without it, our current digital economy and the emerging Internet of Things will be prone to attack by malevolent forces.
Digital trust is achieved by properly identifying, verifying and authenticating individuals, organizations and devices before granting access to valuable assets: data, a network, system or building. This framework follows the sequence of Identify – Trust – Connect and aims to tackle the questions: are you who you say you are, can you be trusted and what access should you be granted depending on your identity?
Digital Trust from Silicon-to-Services
For digital trust to provide the required protection, we need to embed it into every layer of the digital relationship, from the silicon chip, to the user, their device, the connections they use, services and apps they consume and the places where their data is stored.
Digital Trust from Silicon-to-Services is an ecosystem and a framework; an interoperable stack of technologies, products, services, policies and standards, enabling computers, smartphones and IoT devices to use the standard on-board cryptographic functionality already embedded into most core silicon processors.
This ecosystem needs to be practical and scalable, using secure cloud services to personalize the silicon according to rules defined by reliable parties, service providers and regulators. Trust and key management infrastructure is built into silicon chips at the point of design, shipped from the factory as ‘trust-ready.’ Once a chip has arrived at its destination, the security technology and features on the chip can then be activated by trusted cloud service providers. This allows the chip to become ‘trust-enabled’ ready to securely transact in line with the service provider’s own rules and policies.
The benefits of Digital Trust from Silicon-to-Services
The Silicon-to-Services ecosystem is highly distributed; product, standards and protocol agnostic. It is evolved rather than designed, leveraging existing standards rather than imposing new ones as a fix.
By providing a framework, industry players can position and partner for mutual benefit. For example, a small app developer in London’s Tech City without the required cyber skills to build a trustworthy application, will be able to use easily deployable software developer kits (SDK) simply and cost-effectively to readily ‘trust-enable’ their apps.
The benefits of a Silicon-to-Services ecosystem don’t end there. Growth and adoption will lead to better consumer experiences, more secure transactions, enhanced privacy and superior interoperability between proprietary vendor systems and deployment scalability. It will also help to generate new revenues for service providers, diminish infrastructure costs and minimize fraud.
Building trust today for tomorrow’s digital economy
Trust takes time to build, a moment to destroy and forever to repair. Businesses and governments can no longer afford to approach security in a silo or as an afterthought in the wake of an attack, and then wonder why they lose revenue and customers.
For innovations in the IoT to really take off, we need an approach that joins the dots of silicon, devices, users, apps and the cloud, providing comprehensive security within each layer of the digital relationship. By building the foundations of a digital trust framework today, we can enjoy a digital economy tomorrow that is safe, secure and profitable.