A trillion dollar problem
With an estimated 95% of all enterprise networks having been compromised it is no surprise that every day the news headlines inform us of a new data breach, a new loss of intellectual property, more damaged reputations and increased legal liability.
Indeed, the loss of intellectual property from Fortune 500 firms has been described as the biggest transfer of wealth in history. A study published jointly by the World Economic Forum and McKinsey
in Jan ’14 estimates the cost of ineffective cybersecurity to rise to three trillion dollars by 2020.
Davos ’14, Cyber Security… The 3 Tn Dollar Problem for Governments & Corporations
Our answer to Peter Thiel
Our answer to his question "What important truth do very few people agree with you on?
”" and the reason that we founded Guardtime is that we believe that integrity
, not confidentiality is the answer to the trillion-dollar cybersecurity problem that plagues our society. It is a big statement and one that provokes a strong reaction from the Silicon Valley encryptionistas whose mantra is "encrypt everything
If Integrity is defined as the absence of corruption
, in systems, networks, processes and data then it's importance for security becomes clear. You can have all the firewalls, malware detection, sandboxes and big data analytics in the world but if you can’t prove they are working – if you can't verify the absence of compromise, then your strategy ultimately comes down to hope that the attackers aren’t one step ahead. Unfortunately they always are.
Our answer to Peter Thiel: in order to build secure systems you must start with integrity. Confidentiality is what you get when your systems have integrity.
Further ReadingOur Answer to Peter Thiel
A security dog that barks
The challenge with all modern security solutions is that the dog doesn't bark; you have no way to verify if they withstand unforeseen attacks. Whether firewalls, anti-virus, sandboxing, IDS or multi-vector virtual execution you are given no choice but to trust that the security measures are working and hope for the best.
Geer's Law: Any security technology whose efficacy can’t be empirically determined is indistinguishable from blind luck.
Our technology, Keyless Signature Infrastructure (KSI), was invented to address Geer's law by instrumenting the digital assets that make up a network or system (binaries, configuration parameters, routing tables, data stores or events logs). Our philosophy is that you cannot prevent a breach from unforeseen attacks, you can only react when an attack leads to a change in an infrastructure state which implies a breach. In other words you need a security dog that barks.
Implementing Data Governance at Internet Scale
KSI was invented in the world’s leading digital society - Estonia
Based on experiences from being the world's only true digital society a team of Estonian cryptographers, network architects, software developers and security specialists got together in 2007 to design and build a data authentication system that could authenticate the entire world’s information set within a single second. The result is KSI.
In Estonia Edward Snowden could not have committed his unauthorized act.
His attempt to cover his tracks would have raised an alert and he would have been held accountable for his actions.
Wired: Tiny Estonia Hailed Best E-Gov by UN