In our previous blog post about The Evolution of Digital Trust, we shared the trust challenges that organizations face as technology scales and new devices and systems launch. But where are we now? And what is next as digital trust continues to evolve?
Here we take digital trust a step further and examine the important trends that dominate trust discussions today and how organizations can leverage the impact of these concepts to build strong digital trust that supports innovative new products and business opportunities.
1. Quantum-resistant cryptographic algorithms
The first is the transition to quantum-resistant cryptographic algorithms. This will be without overexaggerating the largest technology migration in the history of IT security and possibly the entire internet.
As a comparison – imagine a scenario where we knew that oil fuel available from the year 2030 would be “contaminated” and may explode, causing significant damage. Hence, everything from scooters, grassmowers, personal automobiles, ambulances, police cars, trucks, and motorboats to airplanes and helicopters – all of them are becoming unsafe, and we need a method to replace the engines for each and every one of them. Yes, in the digital world, updating software is easier than building a brand-new car engine, but still, we will have a large number of devices that are so “legacy” that they will not be upgradeable and will be as secure as leaving your front door wide open.
There is huge ongoing work to bring our digital society to “quantum readiness” – for the digital trust in our societies, this change will be comparable to what the world did when moving from steam power to internal combustion engines. It just needs to be done in, say, five years instead of 50+ years.
2) Zero trust
The second trend is “zero trust.” This is actually nothing new. It has just emerged as the predominant marketing term after the blockchain has been used beyond any reasonable sense. In technical terms, this is just properly implemented authentication and authorization technologies with continued enforcement. I must admit, the marketing people have a nicer and catchier description!
Nevertheless, this is quite important – it essentially means that every device and each system should never assume that something that was valid/correct a short while ago is still true. For example – your smartphone would never re-connect to your banking app without assuring that you operate the phone, that the app is updated, and that the bank service is properly identified … many of the elements are already there, offered by many vendors.
The problem is when it all scales, to say, a family or to an enterprise. Unfortunately, you can not allow that grandma to keep using the ten-year-old smartphone that she loves so much, and within an enterprise, you can’t trust the air conditioning system. I am not making this up. There were serious attacks on systems that we normally do not think are important, such as air conditioning in a building. From this system, the attackers were able to penetrate other mission-critical systems … it is almost like in movies where someone penetrates a building by squeezing through air conditioning conduits. Here, the attacker may be on another continent and still get access to the crown jewels.
3)AI
The third is AI. From the perspective of IT security, there is nothing inherently wrong with AI. The problem is us, the humans. We already see many examples where media content is changed so it conveys a different message than the original, yet for us humans, it is hard to perceive the modification. This is just the beginning of the abuses, and there will be some serious challenges. Imagine the situation where a parent hears their child in distress and does not know if the call is true or false, but who could resist not acting?!
Thankfully, there are already companies that provide the services of authenticating the original media content. I am sure that before long, the AI will be used to help us detect if something was modified or not. So, in a sense, we circle back to the problems and lessons learned in the past – how to scale and how to preserve the data integrity (i.e., to detect if the content is “original” or modified).
Discover how to start building digital trust in an untrusting world – and, just as importantly, how to maintain it. Download Keyfactor’s white paper here.