In the past few years alone, heavyweights like Marriott International, Facebook, Google and Equifax have proven unable to adequately protect their customers' data. When an individual makes a purchase, registers for a website, or undertakes any number of activities online, they greatly broaden the attack vectors that a malicious actor may exploit to compromise their sensitive information.
It's an unfortunate reality, and one that grows more troublesome when trends in IoT and interconnected devices are considered – in 2018, it was estimated that 2.5 quintillion bytes of data were produced daily, a staggering figure that will only continue to rise as more and more information is collected and propagated by appliances, wearables and a myriad of other sensors.
The digital age promises revolution in hundreds of industries, driven by advances in data collection and big data analysis of said information. However, it's a revolution that's currently brewing in a highly insecure infrastructure, which, if left unchecked, will have catastrophic consequences down the line.
The ticking time bomb of the centralized database
The databases that form the backbone of countless business operations today are, on paper, efficient. In practice, there's many reasons for why they should be phased out in favor of more resilient structures: Little to no redundancy, poor scalability, total reliance on the host for uptime and more. The greatest weakness, however, is that which facilitates data breaches: A single point of failure in the form of a single owner/administrator. It forces a user to not only trust that the owner is acting in good faith (not modifying, deleting or reselling data), but also that they're capable of defending the data from unauthorized parties seeking to access it.
Alas, the incentives for hackers and the likes to manipulate loopholes or social engineer their way into such a database are high – harvested personal data sets can be sold on or used for the purposes of fraud and identity theft. To dismantle this incentive system, the cost of attack must be higher than the cost to defend (and the potential rewards to be gained from compromising a database must cease to exist). The best way to do this? By decentralizing data stores.
Harder, better, faster, stronger
The technology stack available to innovators currently differs greatly from that available a decade ago, or even a few years ago. Advances in cryptography and distributed systems have gone a long way in providing layers of privacy and security to data ecosystems previously rife with vulnerabilities.
Decentralized databases are perhaps most interesting in that they leverage public-key cryptography (and in some cases, zero-knowledge proofs) to put individuals solely in control of their data – a user wishing to add information into a distributed ledger would encrypt the data using a private key, break it up into packets, then propagate multiple copies to peers.
The immediate benefit to this is that there's no central repository for a hacker to target – in order to acquire data from a given user, they would need to identify all of the nodes that held encrypted packets, gain access to the packets held by each one and piece them back together. Even then, all they would have access to is the encrypted digest. If military-grade encryption algorithms are employed, reversing this is all but impossible with today's computational power.
What's more, this peer-to-peer topology isn't constrained by the limits of a hub-and-spoke model – instead of requesting or pushing data through channels prone to congestion or downtime, users do so by querying peers in their geographical area (for reduced latency and faster speeds), distributing or downloading packets from a number of sources in parallel. If one is offline, they simply communicate with another. The result is a widespread infrastructure with no downtime, no single point of failure and enhanced security baked in at the protocol level.
Onwards and Upwards
The disastrous consequences of data breaches are a systemic issue that cannot be mitigated by reiterating over the same vulnerable infrastructures. To accommodate the ever-expanding generation of personal data, new foundations for a veritable data economy must be established with security at their core.
Distributed database systems enable enterprises to provide vastly more resilient offerings that empower their users where data security and privacy are concerned, harnessing decentralization and cryptographic technologies to put information back in the hands of those to whom it belongs.