My Top Tip for CEOs … Invest in Tokenization for Now and Cryptography For the Future

Creating the security architectures of the future

My Top Tip for CEOs … Invest in Tokenization for Now and Cryptography For the Future

Creating the security architectures of the future

I get invited to present in lots of places around the world — all expenses paid — and often turn them down. But, when I’m asked to present on cryptography, in my beautiful home city of Edinburgh, and to cryptography experts, there is always only going to be one answer .. Yes. Please! It’s the crypto geek in me (and for my deep love of my home city). And, in case you ask, “crypto” means cryptography and NOT cryptocurrency.

I love my subject, and I have finally found a subject that I will never exhaust my knowledge and interest. To me, the subject provides as much beautiful as the great works of arts, and it often does things in the most simple ways possible. It is the heartbeat of your new world. In 10 years time, we will look back and laugh that we passed, processed and stored data on real values, and never gave a thought to integrating security, rights, and consent into every single bit of data.

In virtually every area I’ve studied I reached the point where I pretty much understood most of the subject. But, for cryptography, it has an endless path for the discovery of new knowledge.

And so we now live in a world where cyber security threats increase the day, and we must realise that we need to start fixing the problems that are causing these threats. We need to build a new dam, and not just fixing the hole of our existing one. Our data infrastructures are a disaster waiting to happen, and increasingly our data is being breached. A few lines of JavaScript code reveals the credit card and CVV2 details of over 380,000 people over two weeks … what kind of secure world is that?

And so my advice to a CEO … go and (quickly) invest in tokenization of your infrastructure, and replace real data with tokens that relate to the data. It at least stops the dam from bursting and is about the easiest fix for your problem, and which will keep all of your systems working. It doesn’t change our ways, and just replaces something that is real with a thing that just points to the data. You then just set up a highly secure and trusted environment for dealing with token … your Fort Knox.

All of your internal systems can then keep working happily in their same old insecure way, and blinding pass data, but you’ve just tricked them into being secure. Our world is thus built on putting data into tunnels, and then marking that as insecure. Eventually, your data does pop its head back our … and it’s “Wack a Mole” time.

So don’t store the data in the first place, and if you do, just pass tokens that relate to the data. And then, for the future, properly invest in cryptography (NOW!), so even if your company gets hacked, there’s no way that an intruder can gain any advantage.

What really surprised me about the talk to the crypto experts (many from leading banks), is that there were a whole lot of people at the end of the talk who came up to me and quizzed me about tokenization. You can often tell the impact your talk has made if you have a line of people with queries that they have about the things you have just spoken about … it has twigged something. For an academic, that’s exactly the response we want. They might not agree with you, but you know get viewpoints from other angles and it makes you think about things differently.

For all my talk about elliptic curves, homomorphic encryption, and zero-knowledge proof, it was the tokenization area that brought most queries, and where the experts quizzed me on how these systems would work in real-life systems.

Here is my simplified model of tokenization in credit card payments, but this model could be applied within government services, health care, and virtually every other area where data is used:

Some of the experts were obviously looking for the perfect model, but this does not exist. Every solution needs to be created with the data and the process in mind. For some, we need zero-knowledge proof and challenges build in the system, or others, just the obfuscation of customer data is enough.

So my big tip for CEOs … I am sure that are probably not going to listen to me .. is that they need to learn a bit of cryptography, and invest in the long-term. Our boards of directors need to get more tech-savvy, and learn a bit about tokenization and cryptography:

Towards A Tokenized Data World: A New World Is Being Created
The crazy world of datamedium.com

I actually see a future where the CEO is often the person who has a deep understanding of technology, and not just having a core understanding of the business. That will be the CEO of the future.

For just now, please try and get your CEO switched-on into investing in the future, and help support the building of a more trusted world, and which puts the citizen at its core. We must move to a world, were you will never reveal anything that shouldn’t be revealed … that is not the current world in which we live, and we give away our passwords, and core identity every single time we switch on our computer or our mobile device.