It is time to adopt the zero-knowledge model
Posted on June 19, 2023 • 3 minutes • 501 words
The news of data breaches creates a sense that no data can remain protected. Hacks will continue happening as software is getting more complex, but data breaches can be stopped.
The zero-knowledge security model is the most mature technology to help protect sensitive data, even in the case of hacks. While it is not protecting from the hacks directly, its adoption will drive the value of hacks to nearly zero, thus protecting the adopters of this technology from breaches.
What would be the value of medical data to the hackers if instead of ‘Bob’ and ‘Alice’ they would see ‘F9B21DE7’ and ‘3E805B31’ with the only way to recover the original data costing hundreds of millions of dollars and a few years of time?
The adoption of the Zero Knowledge model requires investments from the companies. Software has become a driver of businesses, and investing in safer and more secure software equals investing in more robust business.
Besides increased security, the Zero Knowledge model opens new opportunities and removes existing obstacles. For example, sharing data with internal and external parties becomes much easier, avoiding inadvertent exposure of unrelated data. This model also automatically gives businesses visibility of who has access to certain portions of data.
While the Zero Knowledge model shares a half of its name with the Zero Trust approach, these two are very different. The Zero Trust model operates on the network level, protecting servers and other devices, the Zero Knowledge model protects data itself. The two approaches are complementary and do not replace one other.
The name of the Zero Knowledge model comes from the fact that it encrypts every piece of sensitive data using unique keys, making data only accessible to the users that are given an explicit permission. This way, the servers do not store or process the actual data, but only the encrypted data.
If it sounds complex, then you understand it correctly. While Zero Knowledge is not a simple model, the progress in protecting data using this model has been steady and successful. There are Zero Knowledge messaging applications, file sharing platforms, e-signature applications, and even videoconferencing solutions with zero-knowledge recording and screen sharing.
What hinders the wider adoption of the Zero Knowledge? One reason is the novelty of this approach for the wider cybersecurity industry: this model must become the first requirement for any data product.
The other reason is the lack of investment by governments and big businesses. The current research of the Zero Knowledge model is supported by academia (the theoretical part) and small startups (both theoretical and practical aspects). Even the government-sponsored cybersecurity programs do not include any aspects of the Zero Knowledge model.
The good news is that some government agencies and security-conscious businesses already are using the zero-knowledge enabled products. They are protecting very serious and sensitive data within and outside of their organisations.
The wider government and business community needs to follow suit and adopt zero-knowledge solutions for their sensitive data. Especially when it is the customers’ data.