Distributed security — A New Hope?
Cyber security has rapidly become a critical issue for anyone operating online. In the last year alone, the cybersecurity firm Norton reported that hackers stole a total of £130 billion from 978 million victims. In our increasingly interconnected world, with organisations embracing complex digital technologies such as the Internet of Things (IoT), cloud computing and more recently tokenised value such as cryptocurrencies, this raises the question of whether a better approach to online security is required. As a response to the many growing threats, we explore how “distributed ledger security” could grow to become part of a wider solution.
Emerging views from industry veterans would appear to support the distributed approach. “Having been a fintech entrepreneur from before it was called Fintech, we built a credit card fraud prevention solution called Adeptra in the 90s and worked with most of the western banks. At that time we became highly aware of the security challenges faced by financial services players who are amongst some of the most attacked industries”, says Eric van der Kleij, CEO of the Centre for Digital Revolution (C4DR.com) and founder of world-leading Fintech hub Level39. “Distributed ledger-based security is exciting because it can combine the power of byzantine fault tolerance with the effectiveness of secret sharing algorithms to create resilience and security similar to that of digital cold storage (DCS) without the inconvenience normally associated with DCS.”
Distributed systems offer a superior architecture for security as they are composed of multiple independent nodes, connected through a distributed network that sends encrypted messages to each other. One major benefit of a distributed system is fault tolerance, meaning that if some of the nodes are hacked and act as “bad actors”, the system will still come to the right consensus and continue to operate, regardless of those actors.
Those already immersed in the distributed economy are being quicker to adopt this technology. Crypto exchanges, whose very business depends on the proper custodianship and management of their clients’ public/private keys, are interested in the approach, as many of the early players suffered from security breaches the moment they centralised keys by storing them on the exchange, making them natural targets for key-stealing attacks. (See article: How to Steal $500 Million in Cryptocurrency)
However, traditional financial institutions are naturally going to be slower to embrace this technology — for now. The majority of banks currently operate under centralised security systems with siloed but backed-up data stores, which have repeatedly proven to be fallible. David White, former Head of Technology Innovation at the Royal Bank of Scotland (RBS) describes his experience: “I have spent a good part of my career protecting centralised systems for major financial institutions and in doing so realised that in the long-term, it is futile. Creating a distributed security solution will ultimately be seen by the industry as the right way forward for the next generation of banking and financial service operators.”
So what is needed for the world to wake up and adopt distributed security systems? According to Eric van der Kleij, it comes down to best practice and the regulators. “As the crypto industry starts to prove that distributed security is more resilient than centralised systems, regulators need to start signalling to the banks that it is ok to consider distributed security architectures. This is similar to how they have started to signal to banks that they can use the Cloud in their operations. There was a time when no bank would even dream of touching the Cloud, and now it is becoming an essential part of many banks’ operating strategy. There are still some challenges to overcome, but regulators could encourage the exploration of distributed ledger security to allow banks to benefit from improved security resilience, while at the same time utilising the ‘trustless trust’ inherent in these systems to also help them meet some of their data privacy/GDPR requirements.”
Whilst not yet universally acclaimed, the benefits of a distributed approach to digital security are a valuable evolution and we should expect to see more organisations such as exchanges and institutions such as banks adopting such technologies as one measure in the fight against cyber crime.
