Since it was first put forward as an architectural model for enhancing organizational security by Forrester Research in 2010, the zero trust approach has mostly remained the preserve of systems architects and security experts.
In 2014, it was recommended as the model to follow by the U.S. House of Representatives Committee on Oversight and Government Reform, who were responding to a hack that compromised the records of 18 million federal employees. However, apart from that, it has gained little widespread attention.
That is until earlier this year, in response to the long list of data breaches that have affected large organizations in recent years. One of the biggest of these occurred in 2017, when an estimated 145 million people were affected by a data breach at credit reporting agency Equifax.
What is zero trust security?
Essentially, a zero trust architecture is one based on the principle of trusting no one and always verifying. One of the main reasons it is considered advantageous is because it removes lateral movement, a key approach that hackers use to travel deep into an organization’s systems. Even though they may enter through a seemingly peripheral entry point, lateral movement allows hackers to move through a network, searching for important files and data.
It is a major problem for the ‘castle and moat’ approach to security that is so prevalent today. This approach attempts to protect the edges of a system but does little to stop hackers moving freely once they are in.
At a high level, zero trust security works by verifying the ID of the user, validating devices and limiting access to data. It also advocates for only the minimum amount of data required to complete a specific task being provided, and no more. Of course, every entry into the network is done via a verified identity, so that no one is able to participate without a proven ID. For instance, in a commercial setup, one could see an already-connected merchant onboard customers and employees so that they would subsequently be able to interact with other businesses using a ZK setup for digital identities—allowing them to make payments or verify themselves across the board.
Zero knowledge storage and zero knowledge proof
Two technological approaches at the heart of this strategy are zero knowledge storage and zero knowledge proofs.
Zero knowledge proof is a nascent technology that is also much talked about at the moment within blockchain and cryptocurrency circles. That’s because, while cryptocurrency networks such as Bitcoin are able to function with anonymous parties trading with one another, all the members of the network can see the transactions that have occurred and the addresses involved.
For situations where all the data needs to remain private, even when stored on a public blockchain, zero knowledge proof provides an answer. Where two parties want to transact while safeguarding privacy, zero knowledge proofs allow the ‘prover’ to assure the ‘verifier’ that they have knowledge of a secret without revealing the secret itself. Operation on top of a distributed ledger allows token attestations to be leveraged to these ends.
Zero knowledge storage is a similar process for storing sensitive data. It involves encrypting personal information so that only the user can access it while removing the need for root-level admin access, which can act as a ‘backdoor’ for hackers.
In the case of a blockchain network, zero knowledge storage means that data is encrypted on the device before it is stored on a blockchain or on other associated services such IPFS this can again be encrypted on the blockchain. The user has a personal cloud of data that no-one can access apart from themselves. It is only available for decryption via asymmetric keys by those entities that the user chooses.
Zero trust security in e-commerce payments
One of the things that anyone working in e-commerce knows is that a huge amount of personal information is shared and then stored when it doesn’t need to be.
This is partly because the protocols underpinning the internet were designed to make data sharing easy. It is also because a whole range of merchants, banks and payment providers have seen it as useful to collect and sometimes share this information with other organizations, such as credit reporting agencies.
This has resulted in the data breaches mentioned earlier, where huge amounts of personal data were stored, as well as (at least to some extent) data protection rulings such as the EU’s General Data Protection Regulation.
However, e-commerce does not need to work in this way.
The quick and simple payments that we have become used to can continue, without the need for the sharing of masses of personal information. Blockchain technology solutions, which incorporate the benefits of zero knowledge storage and zero knowledge proofs, can enable individuals to store and control their data while also having the option to share it securely with e-commerce organizations.
Chunks of personal data can be encrypted on a device and on the chain, such as a smartphone, and then tokenized so that they can be used with products and services that an individual chooses. Instead of sharing personal data on mass, tokens can ensure that organizations only get the information they need in order to complete the task required of them. In this way, payment providers can receive information required for payment but not a delivery address. Merchants can receive a delivery address but not credit card details and even then the delivery information can be tokenized and revoked after delivery
As such, a new, blockchain-enabled payments and ID network can operate zero trust security that protects individuals, eliminates data breaches and enables the e-commerce industry to continue growing.
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation for writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
Many community colleges forge ahead with major expansions
COVID-19 has impacted community colleges. It is puzzling and sad to see that some community colleges have extremely dire financial...
Apart from the rise of the Ibex35, pharma stocks fell by 2.7% in the second quarter
All listed pharmaceutical companies have advanced on the stock market, but Grifols, whose shares have fallen by more than 12%,...
Why using ESG research in COVID-19 times is important
The Corona crisis presents companies with a variety of challenges. Investors who incorporate environmental, social and corporate governance (ESG) factors...
Bitcoin course rally by 4,500%? BTC signal as before the 2017 Bullrun is back
According to Glassnode, 61.33% of the BTC offer has not moved for 1 year or more, which is a new...
The coronavirus favored the fintech sector and the digitization of Italian banks
The coronavirus crisis has affected all economic sectors. However, the fintech sector managed to thrive, thanks to the confinement measures...
Business6 days ago
How to create a video marketing strategy that gets results
Crypto6 days ago
ECTM Group launches blockchain certified sanctioning
Crowdfunding5 days ago
Two innovative SMEs raised more than €500,000 each with equity crowdfunding in June
Business5 days ago
In the year 2025 if fiat currency can survive