Can the Public Internet Secure Our Digital Assets?
Posted by Mary Clark
There is a lot of talk, and, indeed, hype, these days about the internet of things. But what is often overlooked is that the internet of things is also an internet of shared services and shared data. What’s more, we are becoming too heavily reliant on public internet connectivity to underpin innovative new services.
Take this as an example. Back in April, Ford Motor Company, Starbucks and Amazon announced and demonstrated an alliance that would allow a consumer to use Alexa to order and pay for their usual coffee selection from their car. Simply saying, “Alexa: ask Starbucks to start my order,” would trigger the sequence of events required to enable you to drive to the pickup point and collect your already-paid-for coffee with no waiting in line.
Making that transaction happen behind the scenes involves a complex integration of the business processes of all the companies involved. Let’s be clear: this is about data protection. For this series of transactions to be successfully handled, they must be able to share customer payment data, manage identity and authentication, and match personal accounts to customer profiles.
Because all of that critical data can be manipulated, changed or stolen, cyberattacks pose significant data protection risks for nearly any entity anywhere. The ambition of some of these consumer innovations makes an assumption that the “secure” network underpinning this ecosystem for the transfer of all that valuable personal data is the public internet. And that’s the point – it’s not secure.
As we’ve talked about previously on Syniverse's blog Synergy, the public internet poses a systemic risk to businesses and to confidential data. In short, when we are dealing on a large scale with highly sensitive data, the level of protection available today for data that, at any point, touches the public internet is substantially inadequate.
And this alliance between Ford and Starbucks is just one example of the type of innovation, across many different industry and consumer sectors, that we can expect to see a lot of in the very near future. These services will connect organizations that are sharing data and information about businesses and about consumers – about their purchase history, their preferences and requirements, and also about their likely future needs. This is potentially a very convenient and desired service from a consumer’s point of view, but at what cost?
We need security of connectivity, security from outside interference and the security of encrypted transfer and protection for our personal and financial data. And we need to be able to verify the protection of that data at all times by ensuring attribution and identity – both concepts we’ll explore more deeply in an upcoming blog post. And that’s a level of security that the public internet simply cannot provide.
Last month, an internet-based global ransomware attack took down systems and services all over the world – affecting sensitive personal healthcare data in the U.K. in particular.
Whether it is personal health records, financial records, data about the movement of freight in a supply chain, or variations in energy production and consumption, these are digital assets. Businesses, institutions and government bodies all over the world have billions of digital assets that must be constantly sent to and from different parties. And those assets require the type of high-level data protection that is not currently possible because of the systemic risk posed by the insecure public internet.
As mentioned in my last blog post on Synergy, there is an alternative. Some companies using private IP networks were able to carry on regardless throughout the high-profile cyberattacks that have been capturing headlines in the last year. That’s because those companies were not reliant on the public internet. Instead, they were all using what we are beginning to term “Triple-A” networks on which you can specify the speed and capacity of your Access to the network while guaranteeing the Availability of your connection. What’s more, on a Triple-A network, Attribution is securely controlled, so you know who and what is accessing your network and the level of authority granted both to the device accessing the network and to its user.
The public internet cannot provide or compete with a Triple-A level of security, and nor should we expect it to. It cannot live up to the stringent data protection requirements necessary for today’s critical digital assets. We cannot remain content that so much infrastructure, from banking, to transport and to power supplies, relies on a network with so many known vulnerabilities. And we must consider whether we want to carry on developing an industrial internet of things and consumer services on a public network.
We will continue to explore these issues on this blog, to highlight different approaches, and examine the requirements of the secure networks of the future. And in the process, we’ll take a look at the work being done to build more networks with a Triple-A approach.