It is common knowledge that when the Internet was originally designed security was an afterthought. It was the right choice at the time – the scientists who started communicating all knew each other and the Internet inventors could never have imagined that trillion dollar industries would emerge thanks to their invention.
As the Internet started to expand in the 1990s it quickly became obvious that in the digital world just as the physical world trust does not scale. It doesn’t scale across time (its hard to keep secrets for a long time) and it doesn’t scale across number of participants. Modern security address the symptoms of this problem (the need for trust) and it isn’t working – just lipstick on the pig.
This need for trust is also the biggest hurdle for Enterprise adoption to cloud computing. Ask any CIO and the lack of visibility, auditability and verification for what happens to their data in the public cloud makes it very challenging from a compliance, security and business perspective to put mission critical systems on the public cloud.
The Relationship Between Truth and Trust
There have been many trees felled to allow philosophers to write about the meaning of truth. Truth is one of the central subjects in philosophy and has been a topic of discussion in its own right for thousands of years.
For our purposes we can define trust-based systems as accepting an assertion as true without requiring evidence to prove it. Truth-based systems means there exists evidence to prove assertions without needing to trust the people making the assertions. You may choose to trust them but can still independently verify their veracity.
Consider mathematics. No statement or assertion can be taken as true unless it has been rigorously demonstrated. First of all the assumptions (axioms) are stated and then the proof of the assertion is derived using the rules of logic. Even the most plausible, believable, and well-accepted notions remain conjectures until they are proved.
This cartoon makes us laugh because we know miracles don’t feature heavily in mathematical proofs. Yet this is what is required for Enterprise CIOs to move to the public cloud – to believe in miracles – to have blind faith that the public cloud service provider can do a better job of managing data than the Enterprise itself.
Widely Witnessed Evidence
Consider the 2010 World Cup. If an alien had just arrived on Earth and was told that Spain won the world cup he can choose to trust that what he is being told is true but he can also verify it – 100,000 people where at the finals and over 1 billion people witnessed the event live. It may be false – it could be that the United States won the world cup – but there exists a preponderance of evidence to convince the alien visitor that the assertion “Spain won the 2010 world cup” is in fact true.
Widely Witnessed Consensus in the Public Cloud
It is the same principle in the public-cloud – by making events widely-witnessed – i.e. by implementing Guardtime’s KSI system into the fabric of the cloud everything that happens in that environment (every digital event) can be verified independently by every party in the system. Truth is no longer based on trust but on widely witnessed consensus.
Building a Truth-based Public Cloud
For the last 7 years Guardtime engineers have been implementing the building blocks for exactly that – one where the need for trust can be completely eliminated i.e. everything that happens to data can be verified independently – truth based systems over trust based systems.
By addressing the root-cause of security problems on the Internet (trust) we can implement objective truth at a massive scale, eliminating all the security problems that plague our digital society with a profound impact on government, on society and not least on Enterprise CIOs who wish to outsource their infrastructure to the public cloud.
That day can’t come soon enough.