End to End Trust
By Peter S. Tippett, Vice-President, Security Services, Verizon Business
Scott Charney and Craig Mundie of Microsoft recently discussed (“Establishing End to End Trust,” and RSA keynote) potentially significant security benefits of new identity, trust and audit mechanisms implemented pervasively across devices, systems, applications, users, and data.
Is this another doomed, fanciful promotion of identity for everyone? I sure hope not, because I believe that a small amount of identity sprinkled appropriately almost everywhere would improve not only security, but also privacy. Done well, it will both drive new user trust in the systems we frequent, and might also improve (or at least not diminish) ease of use. Unfortunately, if history is any guide, the odds are against success.
Failure to achieve such a vision would come from two fronts: inappropriate worrying about potential privacy issues, and what I will call the “perfection problem.” I’ll leave the bulk of the privacy argument for another time.
Let’s look at what is possible. Pervasive identity and audit would 1) significantly improve security and thus would mitigate the privacy issues related to overt malice; 2) it would improve everyone’s understanding of where their private information resides and who is accessing it (thus improving user trust in our systems pervasively) and 3) improved identity and other assurance mechanisms would also apply to the “privacy infringers” and their systems so they would be much more easily found out and would therefore be less likely to abuse.
Less understood is the perfection problem. By definition “good enough” identity is good enough. But we, security practitioners, have an incredibly long and consistent history of insisting that only “nearly perfect” countermeasures are good enough.
Practically, one can achieve ten or more “nines” of identity strength (one error in 10 million) with a well implemented PKI solution. We at Verizon Business have implemented hundreds of high-end systems across more than 30 countries. The total cost to implement and manage such systems is not inconsequential, even in large volumes. Imagine the expense if we now think of signing all that is being suggested (10 to 100 times more signatures per individual deployment and use.)
Suppose, however, you could get one to two “nines” of identity strength for an incredibly small fraction of the cost of typical PKI solutions. Would you pay a dollar a year to reduce your spam 10 to 100-fold? If you deployed relatively “simpler” identity measures across devices, systems, applications, people and data -- there would be a synergistic amplification of the overall effectiveness of the collective identity and other assurance mechanisms.
With good identity deployed broadly, in many cases, the criminals would simply not be able to connect to cause the malice in the first place. And if they did commit malice, the investigation would be enhanced, making the criminal much more easily found and prosecuted.
In other words we could achieve much more than 100-fold reduction in computer crime, fraud and privacy issues by sprinkling around a little identity information at all levels.
Perfection is the enemy of good enough. Long before we achieve pervasive deployment of great identity at any level, we would see the very real benefits of good enough applied nearly everywhere.
There’s no time like the present to begin this journey.
By Peter S. Tippett, Vice-President, Security Services, Verizon Business
