Building Trust by Protecting the Data, not Just the Database
Written by Rich Truex & David Hough
It’s the digital age so do you really know who you are talking to out there on the Internet? Is it the person or business you think you are communicating with? Or is it an imposter, or a fraudster, or someone who has stolen your identity or your business or just your money? The answer is that you don’t, which is why eNotus is proposing a new and innovative solution in response to the G20/B20’s concerns about the lack of trust in the International SME trade community. We call this solution the Global Trust Registry (GTR).
There are many reasons we are having trouble with the trust issue but in our opinion, the one that is most overlooked is the incompatibility of the technology and our continued dependence on the relational database – a dependency that is global and goes back to the beginning of the computer age. We think that the solution is simple – change the database architecture to one that protects the individual data elements and not just the database. We acknowledge that making the change will not be easy. Nevertheless, it must be done. So let step back and have a look at how we got here and what we need to do to make this change.
First we need a “process”. The one I learned in high school, the one that has always worked for me, is what is known as the 5 W’s + H – the evaluation of the Who, What, Where, When, Why and How of the problem. Keep in mind that the order is not as important as the substance of each category.
Who. In the beginning there were only two parties conducting business– the buyer and the seller. They looked each other in the eye, took measure of the “trust”, and if agreement was reached, they shook hands. In today’s world of global trade with many more players, mostly unknown to each other, and very little are face-to-face time, the process has changed. As goods, services, information and money travel greater distances and across international boundaries, the complexity has multiplied. The supply chain is now long and complex with an increasing need to protect both business as well as national interests. It’s the “Wild West” out there and many players, known and unknown, are now involved.
What. Whether it is identity theft, changing the content, or redirecting the financial components of a business transaction, data stream interdiction, corruption and manipulation are on the increase world wide. Digital information can come from anywhere and go anywhere and there is, with today’s data management architecture, little one can do to stop it. Nothing seems to work. Encryption, passwords, firewalls, and certification stamps have all been tried and yet we remain at least one step behind the hackers and the fraudsters – and falling farther behind.
Where. There are two places where we are most vulnerable – in the networks where the data is moved and in the databases where the data is stored. Although both have “firewalls” and other forms of protection, once inside perpetrators have access to all of the data and all the time in the world to do just about what they want. The bigger the database, the greater the opportunity, the greater reward.
When. Sometimes a new way to do things is not introduced in time to keep us from becoming permanently “stuck” with the old way. The best example of this is the typewriter/computer keyboard, also known as the QWERTY keyboard. Introduced in the 1860’s, it was designed, on purpose, to be inefficient . The idea was to slowdown the typist by placing the most used keys opposite the weakest fingers on the weakest hand. By the time computerized technology came on the market, the jammed key problem was long forgotten. It was too late to change the keyboard and we are stuck with it forever.
So the question now before us is “can we make a fundamental change to the way we store data before it is too late?”
Why. Why is this a problem and why is it so hard to fix? The short answer is that it is because we are still focused on protecting the database – the one component of the information age that has not changed in over 35 years. The relational database (DB2, SQL and Oracle), the database that makes big data possible and data storage so practical has become the defacto “standard.” It has not changed because it works. It is what we all use. It is everywhere, which is why our concern is that if it becomes the “QWERY keyboard” of data storage, it will make creating a trusted commerce environment virtually impossible. We have to act now!.
How. Now for the hardest part – how do we fix this problem? By “reversing the telescope”. (Note: hang in there as understanding this concept is very important.) About 500 years ago the astronomer Copernicus discovered that the sun, not the earth, was the center of our solar system. It took another 300 years of denial before the Vatican got on board and agreed to look at our solar system from the opposite direction – hence the expression “reversing the telescope”. A more contemporary example took place during the early days of television. To record a half hour, black and white TV show it required a kinescope machine, a sort of tape recorder about the size of a kitchen table with a fixed head and two 12 inch diameter reels of two inch wide tape. When color TV came along, with its need for a much wider spectrum of “electrical energy,” the reels grew to 60 inches and required a tape strong enough to withstand very high speeds as it moved across the fixed head. It didn’t happen. The problem was finding a tape that was strong enough to withstand the increased stress and higher speed. What did happen was that some enterprising engineer thought it would be easier to slow down the tape and have it, pass over a rotating head. And so the VCR was born. It was much smaller and had new features such a fast forward and slow motion. The engineer “reversed the telescope.” Lesson learned: we need to do the same for the GTR.
It’s the data, not the database!
Isn’t it interesting that while new ways do doing things and new technologies in the information age are seemingly introduced every day, yet we are still using SQL, DB2, or Oracle relational databases and have done so for so many years! Consequently, our focus has been to protect the database and not the data. Opps! Is it too late to reverse the telescope? Or has the relational database mindset become our next QWERTY keyboard?
At eNotus we believe that it is not too late. We also believe that not all data is the same. There is transactional data, personal data, unstructured data, research data, conversational data, protected data, Big Data and Small Data. The variety is almost limitless, which is why you can’t provide the security and protection required for each type by only protecting the database. You have to reverse the telescope! You have to look at the problem from the data side.
There is precedence for this in the way we do paperless business today. Since the late 1970’s Electronic Data Interchange (EDI) has steadily become the global standard for conducting computerized B2B business. EDI is highly structured and transactional. Each message/transaction has its own codes and syntax provided by specialized translation software. Hacking a company’s database is not possible without knowing all of the “rules.” Furthermore, each transaction requires a specific acknowledgement of receipt and content thus immediately alerting both parties if there is any intrusion. In other words, it is the data that is being well protected as it moves around the world, not the database.
Now let’s have a look at how we store (and protect) the other business data we care about – the details of the business relationship that are need to establish and protect the trusted relationship. We can do this by reversing the telescope. To explain…
Suppose there are 100 million small and medium enterprises (SME) around the world each with their own website, apps, and associated (relational) databases that provide information about the company, their products and services, and how they conduct business. Supporting these businesses are banks, customs and shipping, government, tax and insurance, and other participants in the global supply chain that also have their own databases. In other words, SME data is everywhere in millions of databases, known and unknown, and with varying degrees of protection. No wonder we are having problems with trading partner trust.
Now, let’s reverse the telescope and create a system where each SME has all of its data in a single, protected location. Using the concept known as the “single version of the truth” the objective is to have only one “secure place” to source and store the original and only version of that data. There may be other versions of that data in other locations but their accuracy is not or cannot be validated as correct, up-to-date, and tamper free. Thus, only the original data can be trusted and only those with proper authorization can use it or replicate it as needed. All of the data sent, received, and stored is kept in a unique database known as a single-object datastore (SOD), which unlike a relational database, has object-level security for each independent and separately managed grouping of SME data.
The typical business cycle would be as follows. A SME’s wishing to do business with another SME must first be granted access to the SOD through a special identification and registration validation registry (in this case the Global Trust Registry or GTR) operated by the independent SOD administrator (in this case the ICC or its designee.) The architecture would be closed ended and transactional so each structured contact/request would require acknowledgement, recording and review by the receiving SME – all in real-time. As the owner of that data, the receiving SME would have full visibility of the process knowing that the sender was who they said they were and that they were actually at the other end. The result would be fewer databases (only one for each SME), less data maintenance, greater security, greater accuracy, greater awareness, infinitely more control, and far less expense.
The GTR and the SOD are the first two technology steps . eNotus is in the unique position to bring together the two separate and innovative technologies, the GTR and the SOD, to address the SME trust problem. The GTR architecture will be based years of experience developing the leading fraud detection solutions for the card-not-present (CNP) detection and prevention for the on-line retail retail industry. The SOD architecture will be based years of experience with the Lotus method of folder-based storage – a methodology quite different from that of the relational and SQL database technologies that dominate current data storage and management and that are the cause of much of their current privacy and security problems. The SOD is quite similar to the recently emerging NoSQL database architecture.
Education – the analog foundation for our digital lives
Earlier today the World Bank released the 2016 World Development Report.
This widely read World Bank flagship publication explores a topic of broad relevance in the fields of international development and development economics. This year’s report, ‘Digital Dividends,’ examines the impact that the Internet and mobile networks are having (and not having) around the world.
As a primer on the uses of ‘informational and communication technologies for development’ (what’s known as ‘ICT4D’ by those in related fields who like acronyms), the 2016 World Development Report is quite comprehensive. Surveying and exploring how ICTs are impacting fields such as agriculture, finance, government services, education, energy, the environment and healthcare (and many others), ‘Digital Dividends’ is a World Bank report written for people who don’t normally read (or perhaps even care about) World Bank reports.
It is relatively catholic in its worldview, although not surprisingly there is a decided focus on things the Bank cares about (e.g. economic growth, jobs), but thankfully in language a bit more accessible than what one often finds in publications put out by an institution which employs over 1,000 PhD economists. Happily, there’s not a single mention of a ‘production function’, for example; and I really like the cover!
But I don’t mean to ‘bury the lead’, as journalists say. Here, quickly, are the main messages from the 2016 World Development Report:
Digital technologies can be transformational (no surprise there, but …)
Benefits often remain unrealized (indeed …)
The digital divide is still wide open (and it is important to acknowledge that …)
The largest barriers are not in technology (and that …)
The digital revolution needs a strong analog foundation
While there’s nothing particularly subversive in these findings (that’s not the role of something like the World Development Report), the authors are pretty clear in conveying one general, overarching point, which the official related press release summarizes quite succinctly:
“The benefits of rapid digital expansion have been skewed towards the wealthy, skilled, and influential around the world, who are better positioned to take advantage of the new technologies.”
Over the course of 330 information-dense pages (which include 74 boxes, 142 charts and figures, 14 maps and 29 tables), the authors document and examine what this ‘digital expansion’ looks like in practice, with lots of specifics. In few other publications will you find details about such varied topics as the sequencing of e-health development in Montenegro, evidence of internet content filtering around the world, spectrum assignment in Latin America (in MHz blocks), or African tech hubs.
For those with a specific interest in education, there is much here to consider. The report itself has a short section on education, a much longer one on ‘skills’, and brief highlights about a number of initiatives and trends (MOOCs, Khan Academy, Rio’s Educopedia, One Laptop per Child) that are enabled by education technologies.
More fundamentally, though, considering the report as a whole, it is clear that education is one of the central connective themes that sits at the heart of what the 2016 World Development Report is about, and its relevance for decisionmakers going forward. Digital Dividends calls for the “strengthening the analog foundation of the digital revolution.” Going forward, development success will not be so much about technological advances (which will no doubt continue to occur, at an increasingly dizzying rate, in all sorts of exciting ways), it argues, but rather as a result of success with two things: policies and people.
The report states (see figure 3.17, for those who like citations) that “digital technology projects funded by the World Bank are more successful in countries with higher-quality institutions.” This perhaps shouldn’t be a surprise to anyone, but it highlights that beliefs about technology being a simple ‘silver bullet solution’ to so many of the most pressing challenges facing communities around the world today are misguided. As the historian Melvin Kranzberg observed (and as Kentaro Toyama likes to remind me), “technology is neither positive nor negative – nor is it neutral.”
Those most likely to benefit the most from the emergence and use of new technologies are those already advantaged in many ways. This isn’t to contend that advances will only accrue to such groups – certainly not!
New technologies will continue to emerge that offer exciting potential applications to help address many long standing ‘problems’ around the world (and along the way introduce a few new ones, presumably). Recommendations such as those found in the 2016 World Development Report about “making the internet universal, affordable, open, and safe” can be important guiding principles in ensuring that these technologies can be utilized to their full potential.
However, we face a “changed world with unchanged classrooms,” and it is the young people who emerge from such classrooms, together with those who continue to learn after their formal schooling has ended, who will chart the course forward. They may increasingly be aided by algorithms, and some of the roles they would have performed in the past may be performed by machines in the future. However, in the end, it is the extent to which our educators and education systems are able to support and nurture the development of the analog foundation of our increasingly our digital lives that will be critical.
That’s the real challenge if the ‘digital dividends’ analyzed and celebrated in the 2016 World Development Report are to realized — not only for the ‘elites’ in economies and societies around the world, but rather for and by all citizens, no matter where they may live and the circumstances into which they were born.
Source: Submitted by Michael Trucano – Written for The World Bank On Wed, 01/13/2016