Using blockchain to secure critical data for IoT

A great interview with Gospel’s CEO Ian Smith discussing the impact of blockchain and our unique technology’s approach to securing critical enterprise data, especially with the exponential rise of IoT devices.

This Q&A interview with Ed Maguire was originally posted on 23 January 2018  by Momenta Partners as part of its series “Innovation and market perspectives from leading IoT thought leaders”. You can read the full original interview here.

“Our conversation with Ian Smith, CEO of Gospel Technology, highlighted how data security within traditional centralized computing models is well-architected from the start, but over time the challenges of changes, updates, patches and fixes become extremely difficult to manage.  Ian speaks about his experience with data storage and how large-scale data centres provided a jumping-off point to incorporate blockchain into his latest business, using a distributed security model for increased trust.

Q&A

Could you provide a bit of context around your background?  

My history since the late ’90s is in enterprise infrastructure, building data centres for large enterprises to provide business applications and services. My goal was to build the technologies that aligned with business requirements around reliability, scalability and the need to provide stable services.  During this time, there was a 5-year cycle for the enterprise stack to be refreshed and upgraded.  Through these cycles, I realized that data persists through those changes, and the value of data is persistent in contrast to the transient nature of infrastructure.  In 2009 I built a business around data migration through such cycles and sold it to IBM in 2012.  

Increasingly, the new leap for an enterprise is not another silo but a shift to a distributed model, with clouds, devices, IoT-type businesses and more open solutions like Open Banking in the EU and other initiatives.  There’s been an evolution from incremental tech life cycles to these open business models that are more distributed, more disruptive and in line with the experience that end-users have come to expect through smartphones. This is how customers want to access financial services, doctors, solicitors and other businesses.  

This new leap to a distributed world was challenged by the problem of the data. The challenges of inelasticity, the business case of on versus off-premise clouds, hybrid cloud etc. were proven – but the trust was missing.  Business customers need to know they can trust the data secure once it leaves the perceived safety of their siloes.  This has led to “Shadow IT”- consumer solutions like Dropbox, email and other products that circumvent the tight reins of the siloes.  Because these “Shadow IT” technologies don’t fall under corporate IT compliance policies, this increases risks of data breaches   

How does blockchain figure into all of this?  

In parallel was the rise of Bitcoin and crypto-assets and the logic of building trust through consensus with blockchain.  Technology that builds trust into the payload is an exciting proposition to apply to personal data.  I went through the trough of disillusionment when I discovered blockchain itself was complex and the space was very noisy.  I discovered Hyperledger with the Apache Foundation, and a lot of the challenges of open, unpermissioned blockchains such as Proof-of-Work were not an issue.  The opportunity was for a data platform to build a data payload with security built-in – and this would provide an answer to the problem of data security. 

At Gospel, we took Hyperledger to build a data platform. The permission allows you to take away the heavyweight aspects of Proof-of-Work.  We introduced Multi-Factor Authentication, LDAP and other security functions as plug-ins in order to achieve levels of assurance and trust even before users get access to the underlying framework of Gospel.  It’s not a siloed model.  This means there are new APIs for facial recognition and other ID assurance once they are on the Gospel platform. We move from prescriptive data sharing to a new model where only the data that’s needed is access to the users. This is useful to manage access to information for knowledge workers as well as M2M communications. 

What are some of the issues with existing approaches? 

Centralized data structures are usually very secure and rarely compromised.  However, they are created specifically for the data centre environment. In many cases data has become unusable because it’s not accessible -it’s not being utilized for analytics or collaboration.  For that, you are forced to put in TLS links or encrypted connections to provide access.  Inevitably things need to be updated – certificate authorities, patches and upgrades need to be managed.   So although these systems start off well, they degrade over time.  This is not a function of the technology, but of the ongoing management and updating processes.

How do you look at solving the security challenges in a different way?  

The most elegant security solution is to bake security in all the way down the stack to be functional and useful.  The traditional silo is good in theory, but impractical in a distributed world.  When there are big hacks such as that on the U.K. National Health Service, Microsoft had already published the patch that would have prevented it, but the hub-and-spoke model was difficult to manage and update in real-time.     

Further, changes in regulatory behaviour and the need to be compliant creates the need for accountability, adding an extra dimension to data security.  Under regulations such as GDPR, companies are liable for data breaches.  The distributed model gets MORE secure and stronger the more people are using it.  The entire ledger is an immutable store of trusted transactions to ensure identity.   Not only does this by definition provide an immutable source of data usage for the purposes of regulation, but it can also be used as the basis of providing a reliable source of consent attached to the data itself and therefore prevent its misuse.  I believe it is truly a revolutionary way of distributing data that aligns with the general trend of decentralised infrastructures, rather than trying to fight against the increasing demand for data-driven information. 

What are you doing with customers today?  

Gospel has a number of proof of concepts and live customers, with manufacturing, transportation and open banking (consent driven data sharing) the most promising industries   We have growing revenues and operate a Software as a Service revenue model.  One of our clients is a major aircraft engine manufacturer for aircraft – we are providing a blockchain-based solution for supply chain management and component traceability. Their previous processes did not adequately track parts through the entire lifecycle, which led to situations where if there if a fault in a part was identified, there were often several affected engines unaccounted for.  Gospel uses blockchain to provide a distributed data platform that enables all parties in the supply chain to share information with trust and security. Each authenticated party contributes necessary information as parts move through their lifecycle – however, each actor is restricted from seeing sensitive information that could compromise any other party’s intellectual property.”

Ed Maguire is an Insights Partner and brings more than 17 years of Wall Street experience in equity research and investment banking to Momenta, with deep domain expertise in enterprise software. He has proven success identifying strategic opportunities and articulating actionable insights based on rigorous analysis of technology, operations, competition and markets. Most recently he was a senior analyst and managing director at CLSA Americas covering the software industry, technology and innovation.

About Momenta Partners: Momenta Partners are Connected Industry Growth Partners, providing highly-focused growth services for companies in Telemetry, Industrial Automation, RFID, M2M, IoT, AI/ML and Blockchain. We deploy our industry-leading Advisory, Executive Search and Venture Capital practices to accelerate the growth of and provide optionality for Connected Industry companies.