Gospel Technology releases latest version of its Secure Data Platform for enterprise

June 28, 2018
Posted in: Announcement

This week represents another milestone for Gospel Technology with the release of version 3.0 of the Secure Data Platform built for enterprise. This significant update focuses on delivering improved user level authentication and authorisation, and granular level encryption. Reuben Thompson takes us through the main features now incorporated into the software.

 

Today marks the official release of the third major version of our Gospel Data Platform. With a plethora of new features and improvements to performance, we’re sure you’ll agree the first digit bump to 3.0 is more than justified!

 

Transforming identity

As you’ll probably know, Gospel operates two levels of authentication – the machine level (ie which computers can act as peers on our network) and the user level (who can talk to those peers and what can they see). As part of this release we’ve totally overhauled our authentication and authorisation systems at the user level.

Many blockchain companies believe that they are going to replace conventional sources of identity and authorisation. Our view is that, whilst many companies have tried to be the one true identity provider, none have succeeded and that is unlikely to change in the near future. As a result, we need to ensure that users can log in using sources of identity that our clients can trust – LDAP, Active Directory, databases of users and sometimes even public providers like Google. What’s different to conventional federated identity is that we need to be able to verify the user is who they say they are from multiple nodes that can’t necessarily see the original identity source across the network, necessitating granular cryptographic proof of the identity claims.

We’ve also built this new identity layer into our Contextual Access Control engine, meaning that we understand that whilst Bob logging in from his home tablet using his Google identity is the same person as Bob logging in from his work computer using AD, we trust him less. We’ve also added an extra layer we call Sources of Assurance to handle conditional security issues like 2FA, IP checking and geolocation. These can, again, be verified across the network and built into security decisions.


One of the major advantages of this approach is that we can manage access from users with whom we have a tangential relationship much more securely.


One of the major advantages of this approach is that we can manage access from users with whom we have a tangential relationship much more securely. That might mean allowing users to view all the data contextually linked to them after they’ve logged in with a consumer identity provider and verified their identity with a system like OnFido, covering your GDPR obligations.

Another use case is those accounts which consumers use rarely and value little, but which contain regulated or personal data. For instance, I log in to my local electricity company’s website about twice a year to enter my meter reading. I don’t value this account at all – the worst that could happen is that somebody logs in and pays my electricity bill. In fact, the password I was using (until I started thinking about this) was in the 2011 Adobe data breach. From the provider’s standpoint, however, there’s sensitive data that they’re legally obligated to protect in that account. The solution is to use something that I, as a consumer, value but which the electricity company can trust to log me in. Gospel’s new identity features can deliver this.

What’s more, like more or less everything in Gospel, our identity providers are totally pluggable. That means adding new sources of identity, authorisation and assurance is extremely easy and we will be adding a large number of new plugins over the next few months. Equally, if you have a super secret identity system you don’t want us to know about, you can write your own.

Naturally, all of this is delivered in an auditable, enterprise friendly way and supports any PKCS#11 compliant HSM as well as signing in software.

 

Granular encryption

We’ve also made a number of improvements to our encryption infrastructure to optimise security, increase performance and help our clients handle the right to be forgotten implications of data privacy law.

Firstly, we’ve rewritten our encryption at rest support to deliver better performance and added a layer of compression. This is totally transparent from a user perspective but increases throughput by about 5% on a typical node.

We’ve also added support for granular encryption of highly sensitive fields both within the Gospel infrastructure and externally. We’ve also developed a system to ensure that you can only decrypt the data in a transaction that has passed our Byzantine fault tolerance meaning that it’s not possible to unilaterally read data without letting the other network participants know, enormously increasing the auditability of the overall system.

This also supports the requirement to ensure that personal information can be removed from data in the future – our granular encryption is built in such a way that it is not possible without the original key to determine if it has been successfully decrypted.

 

In conclusion

These two major areas of improvement combine with a host of improvements to LedgerBridge (our ETL system), search and overall performance to deliver the best and most enterprise friendly version of Gospel yet. Stay tuned over the next few months as we continue to add powerful new features and a wide variety of plugins to continue to deliver trust in your enterprise.

 

Reuben

 

context-based access

Reuben Thompson is Gospel’s VP of Technology

 

For a 90 second summary of Gospel click here.

For an in-depth overview of the Gospel solution click here.