About Guardtime, Fixmo, and Data Integrity
Mike Gault, CEO of Guardtime
It is shaping up to be a great week for Guardtime. On Monday we announced our partnership with Fixmo, a Canadian company that effectively created a new category, Mobile Risk Management, designed to ease the path for Government agencies and Enterprises in a BYOD (Bring Your Own Device) and post-RIM world.
Guardtime and Fixmo have several things in common including sharing one investor, Horizons Ventures, and being part of the Joyent ecosystem for mobile cloud infrastructure. More importantly, both companies were born out of an understanding of the importance of integrity. Guardtime is targeting general data and application integrity – that your data and applications are what you expect them to be. Fixmo is targeting mobile device integrity – the same as above, but for your mobile devices.
Traditionally, the “Integrity” component of the CIA triad of data security has focused on protecting the integrity of data. But proving the integrity of data – knowing you have not been compromised – is equally important. We have been nibbling around the edges of this with checksums and other one-way hash algorithms but have yet to create truly scalable, rock-solid mechanisms to guarantee integrity. It’s kind of like we have taken a car that holds our most precious cargo (our children and ourselves) and wrapped it with increasing layers of protection but failed to create a way to monitor the onboard computers for tampering or other untoward acts.
The cyber security market in 2012 is estimated at 60 billion USD, yet adding more and more layers of perimeter security may lead to a false sense of security and be completely useless against a determined system administrator working on the inside. The end result is that your data might be secure or it might not – you simply have no way to prove it.
Shawn Henry, FBI veteran of 24 years and now President of CrowdStrike Services had this to say about integrity at Black Hat this year: “These days, you can’t just protect the information from being viewed, you also need to protect it from being changed or modified.” This leads to the question: Would you know if an attacker or your own system administrator got to your data?
Data is the new perimeter
Many experts have come to the conclusion that all networks will eventually be compromised and focus of security should be on the data not the perimeter – i.e. what is required is a data-centric focus on security. Estonia came to that conclusion a long time ago and Guardtime was founded to meet the challenge.
Our invention is an infrastructure designed to deliver digital signatures for data at scale ensuring that verification of the signatures does not require trusting Guardtime.
Donald Rumsfeld famously compared the difference between known unknowns and unknown unknowns. Guardtime allows you to convert one unknown: “Is my security working?” to a known: “I have proof that my applications and data have not been compromised and that proof is independent from the people operating those systems.”