From Dominos to Netflix, some of the most headline-making data breaches come from weak cybersecurity capabilities of third party vendors. However,…
From Dominos to Netflix, some of the most headline-making data breaches come from weak cybersecurity capabilities of third party vendors. However, once the breach occurs, the brand’s name is dragged through the mud, and the reputation damage is done.
ShoCard’s blockchain-based identity management system (IMS) ShoBadge eliminates user names and passwords within the enterprise and makes it possible to extend their IMS software to a company’s entire ecosystem, ensuring vendors have the same high-level security. Armin Ebrahimi, CEO and founder of ShoCard, sat down with Inside Counsel to discuss how blockchain-based identity management can protect everyone a company works with from costly, reputation-shredding data breaches.
Today’s cybersecurity best practices are designed based on enduring technologies where enterprises hold login and personal data on users in their central databases. This data is often shared with the outside world through username/password based logins or secure ports that allow third parties to access their data. With even the best cybersecurity practices in place, each access point from the outside world is an opportunity for a hacker to breach the system. So many top brands rely on third party vendors to provide them with cybersecurity capabilities. When a breach takes place, it may be the third party vendor’s security capabilities that were breached, but it is the company that employed them.
“The consumers who trust that brand expect it to employ third parties that can protect their data, so the criticism is justified,” he explained. “However, the root of the problem is the dated technologies used that are susceptible to breaches. If there are trusted central databases that hold user credentials, they will be targets for hackers, and those hackers will find ways to breach available ports that give them access to the data.”
Some examples of recent data breaches caused by the weak cybersecurity capabilities include the Equifax breach earlier this year, the 2016 IRS breach, and the 2015 PNI Photo hack that led to compromises of online photo services at CVS, Costco and more.
According to Ebrahimi, blockchain-based identity management uses the same technology behind popular cryptocurrencies, likr Bitcoin, as well as public/private key encryption and data hashing to safely store and exchange data. Through ShoCard, a person’s identity and data are stored on their devices, and they are the sole determiner of which ID details are shared.
Further, ShoCard uses the blockchain as a public, immutable ledger that allows for the validation of the data and ensures the original data or certification has not been altered. Its enterprise solution, ShoBadge, provides identity management for employees, and can be extended to the enterprise’s entire ecosystem, including third-party vendors. These methods do not use user names or passwords, and instead the user’s private key on their mobile device, along with validation codes on the blockchain, are used to identify a user.
“Blockchain-based identity management eliminates the need for large databases of usernames and passwords, for both your internal team and your vendors. Hackers will often look for places where more sensitive information is stored to get the most for the time they spend hacking the system,” explained Ebrahimi. “By decentralizing identity and giving control to the user, a person’s identity is controlled individually, making it less cost-effective for the hacker, because such large databases filled with valuable information no longer exist.”
The ShoBadge solution prevents unauthorized sharing of access credentials with multi-factor authentication, such as TouchID, FaceID, PIN numbers and facial recognition, which add more layers to protect the enterprise and its vendors. Beyond identity of a user, other information can be given to the user to share and is certified on the blockchain by the supplier of the data using the supplier’s private key. This protects user privacy and gives the user control of their data and information, while eliminating external access ports to a company’s internal databases that are targets for hackers.
Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.