Since it was first put forward as an architectural model for enhancing organizational security by Forrester Research in 2010, the zero trust approach has mostly remained the preserve of systems architects and security experts.
In 2014, it was recommended as the model to follow by the U.S. House of Representatives Committee on Oversight and Government Reform, who were responding to a hack that compromised the records of 18 million federal employees. However, apart from that, it has gained little widespread attention.
That is until earlier this year, in response to the long list of data breaches that have affected large organizations in recent years. One of the biggest of these occurred in 2017, when an estimated 145 million people were affected by a data breach at credit reporting agency Equifax.
What is zero trust security?
Essentially, a zero trust architecture is one based on the principle of trusting no one and always verifying. One of the main reasons it is considered advantageous is because it removes lateral movement, a key approach that hackers use to travel deep into an organization’s systems. Even though they may enter through a seemingly peripheral entry point, lateral movement allows hackers to move through a network, searching for important files and data.
It is a major problem for the ‘castle and moat’ approach to security that is so prevalent today. This approach attempts to protect the edges of a system but does little to stop hackers moving freely once they are in.
At a high level, zero trust security works by verifying the ID of the user, validating devices and limiting access to data. It also advocates for only the minimum amount of data required to complete a specific task being provided, and no more. Of course, every entry into the network is done via a verified identity, so that no one is able to participate without a proven ID. For instance, in a commercial setup, one could see an already-connected merchant onboard customers and employees so that they would subsequently be able to interact with other businesses using a ZK setup for digital identities—allowing them to make payments or verify themselves across the board.
Zero knowledge storage and zero knowledge proof
Two technological approaches at the heart of this strategy are zero knowledge storage and zero knowledge proofs.
Zero knowledge proof is a nascent technology that is also much talked about at the moment within blockchain and cryptocurrency circles. That’s because, while cryptocurrency networks such as Bitcoin are able to function with anonymous parties trading with one another, all the members of the network can see the transactions that have occurred and the addresses involved.
For situations where all the data needs to remain private, even when stored on a public blockchain, zero knowledge proof provides an answer. Where two parties want to transact while safeguarding privacy, zero knowledge proofs allow the ‘prover’ to assure the ‘verifier’ that they have knowledge of a secret without revealing the secret itself. Operation on top of a distributed ledger allows token attestations to be leveraged to these ends.
Zero knowledge storage is a similar process for storing sensitive data. It involves encrypting personal information so that only the user can access it while removing the need for root-level admin access, which can act as a ‘backdoor’ for hackers.
In the case of a blockchain network, zero knowledge storage means that data is encrypted on the device before it is stored on a blockchain or on other associated services such IPFS this can again be encrypted on the blockchain. The user has a personal cloud of data that no-one can access apart from themselves. It is only available for decryption via asymmetric keys by those entities that the user chooses.
Zero trust security in e-commerce payments
One of the things that anyone working in e-commerce knows is that a huge amount of personal information is shared and then stored when it doesn’t need to be.
This is partly because the protocols underpinning the internet were designed to make data sharing easy. It is also because a whole range of merchants, banks and payment providers have seen it as useful to collect and sometimes share this information with other organizations, such as credit reporting agencies.
This has resulted in the data breaches mentioned earlier, where huge amounts of personal data were stored, as well as (at least to some extent) data protection rulings such as the EU’s General Data Protection Regulation.
However, e-commerce does not need to work in this way.
The quick and simple payments that we have become used to can continue, without the need for the sharing of masses of personal information. Blockchain technology solutions, which incorporate the benefits of zero knowledge storage and zero knowledge proofs, can enable individuals to store and control their data while also having the option to share it securely with e-commerce organizations.
Chunks of personal data can be encrypted on a device and on the chain, such as a smartphone, and then tokenized so that they can be used with products and services that an individual chooses. Instead of sharing personal data on mass, tokens can ensure that organizations only get the information they need in order to complete the task required of them. In this way, payment providers can receive information required for payment but not a delivery address. Merchants can receive a delivery address but not credit card details and even then the delivery information can be tokenized and revoked after delivery
As such, a new, blockchain-enabled payments and ID network can operate zero trust security that protects individuals, eliminates data breaches and enables the e-commerce industry to continue growing.
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation for writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
BB Biotech: Positive development in a volatile market environment
The total shareholder return in 2020 was 19.3% in CHF and 18.1% in EUR, slightly below the performance of the...
Bitcoin slips back to $53,000 and major altcoins go lower on February 22nd
The fall seen in the price of Bitcoin on February 22 was also strongly felt among exponents such as Ethereum...
The keys to ESG investment in 2021 in the face of growing interest and profitability
While all the data point to the fact that investment under climate, social and corporate governance criteria is increasingly in...
New investments in the Fez-Meknes Region
As part of the industrial revival strategy, the Fez-Meknes Region should welcome 95 potential projects identified in the project bank....
Rebound in pharma and healthcare operations: 14% increase in 2020
The volume of mergers and acquisitions in the pharmaceutical and healthcare sector increased by 25% compared to the first half...
Cannabis6 days ago
The ANMAT will allow the importation of cannabis-based products in Argentina
Featured7 days ago
Banca Progetto prepares to launch instant lending for consumer credit
Featured7 days ago
Repsol hires Linklaters and Uría to list its renewable energy subsidiary
Crypto6 days ago
How LODEpay’s Price Oracle is Tackling Silver Spot Price Manipulation