Insight Vector: Using Blockchain to Secure Critical Data for IoT

Innovation and market perspectives from leading IoT thought leaders

Insight Vector: Using Blockchain to secure critical data for IoT 

Our conversation with Ian Smith, CEO of Gospel Technology, highlighted how data security within traditional centralized computing models is well architected from the start, but over time the challenges of changes, updates, patches and fixes become extremely difficult to manage.  Ian speaks about his experience with data storage and large-scale data centers provided a jumping off point to incorporate Hyperledger into his latest startup, using a distributed security model for increased trust.

Ian is a serial entrepreneur and experienced enterprise technology executive.  Before founding Gospel Technology, Ian was a founder and CTO of Butterfly Software, a data analytics and migration software company acquired by IBM in September 2012, after which he took on a worldwide Vice President Product Management role for them.  Prior to Butterfly, Ian has been involved in solving some of the largest and most complex infrastructure and data problems in enterprise business. 

Q&A

Could you provide a bit of context around your background?  

My history since the late 90’s is in enterprise infrastructure, building data centers for large enterprises to provide business applications and services. My goal was to build the technologies that aligned with business requirements around reliability, scalability and the need to provide stable services.  During this time, there was a 5-year cycle for the enterprise stack to be refreshed and upgraded.  Through these cycles, I realized that data persists through those changes, and the value of data is persistent in contrast to the transient nature of infrastructure.  In 2009 I built a business around data migration through such cycles and sold it to IBM in 2012.  

Increasingly, the new leap for an enterprise is not another silo but a shift to a distributed model, with clouds, devices, IoT-type businesses and more open solutions like Open Banking in the EU and other initiatives.  There’s been an evolution from incremental tech life cycles to these open business models that are more distributed, more disruptive and in line with the experience that end users have come to expect through smartphones. This is how customers want to access financial services, doctors, solicitors and other businesses.  

This new leap to a distributed world was challenged by the problem of the data. The challenges of inelasticity, the business case of on versus off premise clouds, hybrid cloud etc. were proven – but the trust was missing.  Business customers need to know they can trust the data security once it leaves the perceived safety of their siloes.  This has led to “Shadow IT”- consumer solutions like Dropbox, email and other products that circumvent the tight reins of the siloes.  Because these “Shadow IT” technologies don’t fall under corporate IT compliance policies, this increases risks of data breaches   

How does blockchain figure into all of this?  

In parallel was the rise of Bitcoin and cryptoassets and the logic of building trust through consensus with blockchain.  Technology that builds trust into the payload is an exciting proposition to apply to personal data.  I went through the trough of disillusionment when I discovered blockchain itself was complex and the space was very noisy.  I discovered Hyperledger with the Apache Foundation, and a lot of the challenges of open, unpermissioned blockchains such as Proof-of-Work were not an issue.  The opportunity was for a data platform to build a data payload with security built in – and this would provide an answer to the problem of data security. 

At Gospel, we took Hyperledger to build a data platform. The permissioning allows you to take away the heavyweight aspects of Proof-of-Work.  We introduced Multi Factor Authentication, LDAP and other security functions as plug-ins in order to achieve levels of assurance and trust even before users get access to the underlying framework of Gospel.  It’s not a siloed model.  This means there are new APIs for facial recognition and other ID assurance once they are on the Gospel platform. We move from prescriptive data sharing to a new model where only the data that’s needed is accessible to the users. This is useful to manage access to information for knowledge workers as well as M2M communications. 

What are some of the issues with existing approaches? 

Centralized data structures are usually very secure, and rarely compromised.  However, they are created specifically for the data center environment. In many cases data has become unusable because it’s not accessible -it’s not being utilized for analytics or collaboration.  For that you are forced to put in TLS links or encrypted connections to provide access.  Inevitably things need to be updated - certificate authorities, patches and upgrades need to be managed.   So although these systems start off well, they degrade over time.  This is not a function of the technology, but of the ongoing management and updating processes.

How do you look at solving the security challenges in a different way?  

The most elegant security solution is to bake security in all the way down the stack to be functional and useful.  The traditional silo is good in theory, but impractical in a distributed world.  When there are big hacks such as that on the U.K. National Health Service, Microsoft had already published the patch that would have prevented it, but the hub-and-spoke model was difficult to manage and update in real time.     

Further, changes in regulatory behavior and the need to be compliant creates the need for accountability, adding an extra dimension to data security.  Under regulations such as GDPR, companies are liable for data breaches.  The distributed model gets MORE secure and stronger the more people are using it.  The entire ledger is an immutable store of trusted transactions to ensure identity.   Not only does this by definition provide an immutable source of data usage for the purposes of regulation, it can be used as the basis of providing a reliable source of consent attached to the data itself and therefore prevent its misuse.  I believe it is truly a revolutionary way of distributing data that aligns with the general trend of decentralised infrastructures, rather than trying to fight against the increasing demand for data driven information. 

What are you doing with customers today?  

Gospel has a number of proof of concepts and live customers, with manufacturing, transportation and open banking (consent driven data sharing) the most promising industries   We have growing revenues and operate a Software as a Service revenue model.  One of our clients is a major aircraft engine manufacturer for aircraft – we are providing a blockchain based solution for supply chain management and component traceability.  Their previous processes did not adequately track parts through the entire lifecycle, which led to situations where if there if a fault in a part was identified, there were often several affected engines unaccounted for.  Gospel uses blockchain to provide a distributed data platform that enables all parties in the supply chain to share information with trust and security. Each authenticated party contributes necessary information as parts move through their lifecycle – however each actor is restricted from seeing sensitive information that could compromise any other party’s intellectual property.

To learn more about how IoT can unlock value within your industry, contact us at Momenta.