By Richard Parris, CEO at Intercede
We all know that people, products and places are now more hyper-connected than ever before. Recent forecasts show no sign of this appetite for digital connectivity slowing down, with analyst firm Gartner predicting there will be 20 billion connected Internet of Things (IoT) devices in the world by 2020.
Yet innovation can be a double-edged sword. Whilst businesses and consumers continue to embrace technology, the risks of a world where most corporate and personal interactions take place online pose a threat to our privacy and security.
The media spotlight
In recent times, at least one high profile consumer targeted cyber attack per week has reluctantly found itself in the media spotlight. Companies such as LinkedIn, Tumblr and TalkTalk, and even Facebook founder Mark Zuckerberg himself, have fallen victim to attack at the hands of insidious and opportunistic cybercriminals, resulting in the personal data of millions of customers being leaked or compromised.
Consumers are now quickly losing faith; more than 95% of UK and US Millennials believe their personal data is unsafe and not adequately protected by current security methods [Intercede 2015].
It’s time for businesses to take a more proactive approach to security rather than continuing to use inadequate methods of authentication such as the outdated and vulnerable ‘username and password’ convention, so easily hacked by cybercriminals. Investment in more reliable cyber defence methods is needed in order to build digital trust in today’s digital economy.
The only effective way to reduce the risk of cyberattack is to implement preemptive systems that are resistant in structure and design, ensuring that only trusted people, devices and applications gain access to valuable information and assets in the first place. And this needs us to look at baking digital trust into every layer of the digital ecosystem.
Rebuilding digital trust
Without digital trust, our current digital economy and the quickly expanding IoT will indisputably be predisposed to attack by malicious individuals or organisations. Evidence has proven that hackers are able to exploit vulnerabilities wherever they exist, from online banking to connected cars. Digital trust is therefore fundamental to both the protection of critical infrastructures and e-commerce.
But how is digital trust achieved in the age of the hack? It is accomplished by following the process of ‘Identify – Trust – Connect’. This model identifies and authenticates people, businesses and devices first, before allowing them access to valued resources; be that data, a network, a system, or entrance to a building.
It is vitally important that that the device or user prove that they are who they claim to be, before granting the relevant access and trusting them with valuable information depending on their proven identity.
The future of digital trust relies heavily on weaving protection into the very fabric of each layer of technology, joining the dots between all stages of the digital relationship. From the silicon chips used to power our devices, to the user, the device itself, the connections and services they utilise, apps used and locations where data is stored. This ‘silicon to services’ ecosystem from the point of manufacture through to the end user, enables computers, smartphones and IoT devices to use a basic but secure cryptographic functionality already present in the large majority of silicon processors.
To instil digital trust from silicon to services, the framework needs to be manageable, scalable, cost effective and easily understood by services providers and businesses. A trust and key management infrastructure is built into silicon chips at the initial point of design, meaning they are shipped from the place of manufacture as trust-ready.
Once the chip is ready to use, only secure services within the cloud must be used to personalise the silicon, enabling specific security technology and features. Consequently, the chip then becomes trust-enabled and is ready to be securely implemented in adherence with the service provider’s own policies.
One of the main advantages of a holistic silicon to services security approach is the ability for industry players to benefit from partnership with like-minded or complementary organisations. For example, a small app developer in London’s Tech City can utilise the silicon to services ecosystem to build a secure application cost effectively, without having to navigate the entire ecosystem.
Through this new approach, the app developer is able to use easily deployable software developer kits by partnering with a company who can provide the adequate cyber skills that the app developer wouldn’t usually have access to.
What’s more, the ecosystem is evolved from standards already in place, rather than creating new ones as a fix that might be harder to implement. As a result, the wider community including businesses, services providers and consumers alike stand to gain from its implementation.
Improving consumer experience
Growth and adoption of the approach will lead to improved consumer experiences through increased privacy and safer transactions. Service providers will also be able to generate new revenue streams as infrastructure costs are reduced and the risks of fraud or data breaches are lowered. Finally, by replacing the clunky username and password convention, the user experience is greatly improved, avoiding the need to remember a variety of long strings of convoluted password characters.
The traditional definition of trust suggests connotations of assured reliance, dependence and care. For digital trust to be guaranteed in today’s digital economy, organisations including businesses and governments must no longer take a lax approach to security or neglect implementing adequate systems until after an attack has happened.
For consumers to truly have faith in developments in IoT and for guaranteed safety within the digital world, it is imperative that an across the board approach is used, connecting silicon, devices, users, apps and the cloud. By putting in the groundwork to build digital trust today, we can enjoy a cost effective but most importantly, secure digital economy in the years to come.
Intercede is a UK-headquartered cyber security company specialising in digital identities, derived credentials and trusted application management, to enable digital trust in a mobile world.