“Our investigations indicate that the total period during which the cyber-attacker(s) were able to access our systems was less than one month,” SITA said in an email.
I was reminded about the perils of centralized databases, which continue to draw hackers like moths to a flame, with the recent announcement that SITA’s Passenger Service System (PSS) became the latest victim.
SITA says in late February it confirmed a “highly sophisticated” cyber-attack that took place over multiple weeks – but “less than a month” – and involved passenger data stored on its Horizon Passenger Service System.
Millions of travelers have enrolled in frequent flier programs of more than a dozen global airlines and some of them have had their data compromised, according to messages they received recently from the air carriers. Details of the breach are still being investigated.
These sorts of breaches are not unique to the travel and hospitality space. This is an endemic problem across all sectors of IT, in general, and identity management, in particular. Single points of attack are always tempting to hackers, especially when they yield data, such as passwords, on millions of people.
Since the first release of Mobile Passport more than 6 years ago, Airside has always architected its applications to eliminate single points of attack. We have intentionally taken a decentralized approach to put control of data with our customers, not us or our partners’ systems. Taking this distributed approach to our customers’ data severely limits the exposure risk of their information as compared to centralized data architectures.
Our approach not only places the user in control of where their information is sent, but it uses our patented approach to both distributed data and distributed cryptography. With this approach, even a single breach of a content encryption key does not compromise the integrity of the remainder of the system or put our other customers’ data at risk.
Further, as part of our Airside Digital Identity Network membership agreements, our partners are held to similar standards of practice, prohibiting storage of customer shared information beyond its’ intended purpose(s). Instead, they must use our distributed system to access our (and their) customer data.
Simple confirmation of security audits and the regular questionnaires are clearly insufficient. So, what should an enterprise relying party do when selecting technology vendors and partners in managing sensitive user information? When choosing a trusted partner with such an important task, ask them the following (and, see how I’ve commented on how we’ve architected our system to safeguard against such attacks):
- Do you have a centralized database where you store customer data, be they passwords or legal documents? Further, does use of your solution necessitate use of a centralized database on our (the relying party’s) part?
- This one is easy: Airside does not have any centralized databases.
- Who “owns” customer data in your opinion?
- At Airside, we believe that the customer owns their data. This is realized through our distributed data architecture.
- What measures are in place to prevent socially-engineered or insider threats?
- Note, as Airside neither creates nor manages cryptographic keys protecting sensitive information, our engineers have no way to access sensitive information.
- When (not if) a breach of a user’s sensitive system(s) occurs, what is the additional threat to other users in the system?
- At Airside, since every user’s data is protected with keys the user controls, compromise of a single key does not increase the risk to any other user’s data.
- When a user shares information with you, what tools are available that provide you with protections against loss of sensitive information?
- Airside provides APIs that enable the data to be accessed, making it possible for our customers and partners to not store sensitive information. Rather, they are able to request this information repeatedly, negating the need for local storage.
One recent trend in identity management architecture is the application of zero-knowledge proofs and distributed ledgers (commonly called blockchain). The problem with this approach, however, is it is not going to happen overnight, and is not a panacea to remediate these threats today. Making the shift to verifiable claims (aka zero-knowledge proofs) will take many years of slow adaptation of IT systems, and significant maturation of trust networks, verifiable claims, and distributed data systems.
Authentic user data is critical for many industries. Government and enterprises spend millions every year on adding additional security perimeters around sensitive information, only to see them quickly thwarted. Clearly, the old way of securing, storing, and managing sensitive data in centralized systems does not work. That’s why we chose a distributed data and cryptographic approach, one that is unique in the industry.
It’s time for the IT industry to reconsider how they maintain sensitive personal information. Otherwise, enterprises that need authentic identities will continue to store sensitive information, making them vulnerable to attacks that inflict business and reputational damage.