Managing access in a collaborative data sharing platform

Part one

Collaborative data sharing is the next revolution

There is a paradigm shift in the way people think about data access and data sharing. The current working model typically has organisations retain data behind the safety of their own firewalls and security silos. The discussion of collaboration and data sharing brings up fear of the value and integrity of the data being destroyed, and it is only natural for businesses to want to protect their sensitive information.

Data collaboration is a powerful step forward in sharing data in a secure way. When businesses combine data-driven insights it creates a need to collaborate on such data in a safe and secure environment. This enhances partnerships, alliances, customer relationships and strategic initiatives – to name a few.

Immutability, privacy, security, and transparency make collaborating on sensitive data safer and more controlled. Data owners, partners and 3rd parties gain access to broader insights without the commercial, privacy and security risks associated with traditional data sharing. This creates the opportunity to achieve more with your data and ensure you’re doing so in the right way.

As the world continues to shift towards a more distributed model, demands around the privacy, security, integrity and accountability of shared data continue to rise. The platforms and methods implemented to collaborate and share this data are under more scrutiny than ever before by both businesses and consumers alike.

In light of our recently published patent, we’re taking a closer look at the state of data sharing platforms to break down the tech in a two-part blog series. This series of posts covers what collaborative data sharing actually means, why there’s a need, and how to get all the right components into your tech stack to start securely sharing sensitive data.

For today, let’s take a deep dive into how to implement a collaborative data sharing platform with examples in the Financial Services industry, and how to build trust based on consensus and contextual access.

How to implement a collaborative data sharing platform

Financial Services & Banking

The results are in: conventional solutions are out

Conventional solutions to data sharing rely on a combination of secure transport and contractual trust. Historically, organisations have relied solely on taking one another’s word for it that neither party will misuse, leak or compromise the data that’s being shared.

This method of building trust no longer suffices. It is necessary to look for a stronger form of trust underpinned and enforced by technology. Cryptographically assured trust – a method by which it can be made mathematically extremely difficult to subvert data from its intended purpose – provides a significantly more robust alternative.

In financial data we trust

Consensus and contextual access control

The Gospel Data Platform enables organisations to share sensitive data (such as PII, bank details, health records, and more) with external partners and 3rd parties while still maintaining control. With Gospel, trust is never assumed but rather obtained through collective agreement amongst everyone within the network.

Contractual trust, on the other hand, relies on your belief in the competence, intent and willingness of a person or application to safeguard your data (you promise not to sell it, right?) Contractual trust provides a strong disincentive to misfeasance from the partner itself; it does not adequately address the risks from individual bad actors and others who might be tempted to misuse the data.

In cryptography, the use of the term “trust” is used with a certain specificity. The “trust” has nothing to do with the reliability, intention, or personal character of the person. Trust does not depend on what the person does, says or wants, but is instead driven by consensus. Cryptographically assured trust provides a significantly more robust alternative to contractual trust.

What is the consensus algorithm?

The consensus algorithm determines if there is collective agreement amongst the peers, nodes or other subsystem of the blockchain. It permits the read or write to take place only if consensus has been reached. There is no central authority present to validate and verify the transactions, yet every transaction is considered to be completely secured and verified. This is possible only because of the presence of the consensus protocol which is a core part of any blockchain network.

The consensus algorithm is byzantine-fault-tolerant (BFT). Each node defines rules or policies providing granular access to the data. The transaction request is submitted by a 3rd party user located externally to the blockchain nodes. Then the consensus algorithm checks to see if consensus has been reached amongst the network before granting the request.

The consensus algorithm permits the read when a quorum of signatures for the blockchain is reached using a proof of authority algorithm.

The challenge Our solution
A customer has applied for a new credit card and the credit card company is requesting access to their financial records to verify the customer’s eligibility. The customer’s primary bank (and the customer themselves) need to provide consensus in order for the credit card company to gain access to view their financial records.
Permissions with contextual access

Right data, right person, right reason

Access control of data within the Gospel platform is based on context. An example of context would be the IP address or browser type of a user. Gospel builds up a view of the user’s context, tracking different behavioral patterns and then determining access based on these patterns. For example, a user’s access to certain data is only achieved if they are using a work-based IP address and browser, which is limited if they are outside this context – such as logging on from a home PC. Exposing the underlying data rather than sharing only the information a particular user or application needs to see, is not actually required or necessary. Doing so means supplying an outside organisation with too much information instead of granting select views of only the necessary data.

Gospel implements select view functionality much as other data storage systems do, but with the added capability of contextual access control. Coupled with careful data processing, companies can finally restrict the amount of data exposed on a strictly need-to-know basis.

The challenge Our solution
An employee at a major bank submits a help desk ticket when they run into an issue processing a customer’s loan application. The help desk employee who picks up the ticket is only granted access to the data in which they need to see in order to resolve this particular ticket. Once the issue is resolved, the help desk person’s access is then automatically revoked
Are you ready for the revolution?

Whether you’re responsible for storing and managing vast amounts of financial data, banking details, healthcare information or otherwise, the time is now to implement a secure data sharing platform into your digital transformation strategy. Data protection regulations such as GDPR and CCPA, hundreds of data breaches globally, and a stronger push for ethical data management are putting the onus on us as data custodians to do right by our customers and their sensitive information.

Want to see it in action? Click here to check out our short demo video to learn how to spin up your own secure, compliant data sharing app with Gospel in minutes.

For questions, a free workshop or to find out more, give us a shout at [email protected].

Related blogs & news

Announcing Gospel's first virtual hackathon

21 January 2020

Announcing Gospe

Managing access in a collaborative data sharing platform

21 January 2020

Managing access

Announcing Gospel Data Platform V5.0

21 January 2020

Announcing Gospe