Driving change in the internet age requires enormous amounts of data. Securing it becomes the next big question: the future of industries depends on being trustable
What is Cloudflare?
Most of Cloudflare’s work is centered around blocking cyber threats across their network, especially to do with bots, software applications that run repeated tasks that have become a form of self-propagating malware online. John Graham-Cumming, the CTO of Cloudflare says «we operate on a very, very large scale globally. We provide services like performance, security, privacy to more than 25 million internet properties». As blockchain permanently displays user’s data depending on the level of the transaction and the type of participation, privacy matters. While Cloudflare’s activity may be seen as a background to the day-to-day running of supply chains and services, problems are surrounding the monumental shift to online work and online systems. Coupled with the quick detection of incidents and vendor management systems provided by security companies like OneTrust, data becomes not only safer, but a tool for better business practices that can be more reliable and provide value to business leaders. «What we are most commonly known for are all those cookies notices that are asking users for consent to process your personal data», says Blake Brannon, CTO of OneTrust in a webinar on the topic of Data Privacy, Data Residency and the Modern Data Network.
Graham-Cumming describes the security changes as a shift towards the understanding of security value. «Sometimes, privacy is seen as something that is driven by compliance needs and that it’s a necessary evil. Things have changed and privacy is becoming something that consumers are worried about and something that companies are going to need to realize that is part of the landscape now». Certain companies have now built security features into their software as an essential part of their marketing – some, like Apple, have also enhanced their reputation around it. «It’s not about what is the bare minimum that I can do to make sure that my product is adequate to the law, it is about how do you use the fact that we care about privacy to embed it into our prophesies and actually use of all of that work that we are doing internally to showcase it as a differentiator on the market?» says Brannon. While retail companies have yet to leverage the type of value associated with security and blockchain systems in a real way for everything other than luxury goods like watches, these security features could soon become an essential part of making the user feel safer divulging their data to fulfill the ever-growing demand across platforms. On the supply chain side, this security is a no-brainer component, especially as brands are looking to transparency as a way of certifying that they care and value about their production, especially in respect to sustainability.
With blockchain, the issue of security becomes less troubling than with the spread of data online through other systems. Companies looking to improve their privacy through places like OneTrust usually start in a number of different ways. «Some companies want a TurboTax solution and want to know how they can improve security in a fast way. Sometimes this is about being compliant to a consumer rights process, other times that ties into privacy by design programs and building out a program like that, sometimes you are doing a privacy impact assessment where it is about realizing and being aware of the risk of the use of data». says Brannon. Blockchain is dependent on a number of concepts that define it as a unique way of managing, conducting and tracing transactions. The technology focuses on a distributed ledger technology, which means that all data is shared, instantly accessible for participants and synchronized over a peer-to-peer network. As all transactions are recorded chronologically, this shifts the transactions from a fragmented, untraceable model into a chain in which all participants are aware of the transactions that came before. Previously, administrators would either allow or deny the request to add a transaction to a ledger account – the technology does this differently, validating the transaction through the three means of consensus mechanisms. These are: proof of work, where one party needs to prove that a certain amount of computational effort has gone into the process (as with Ethereum where the act of finding the nonce in dataset for it to be added to the chain); proof of stake, where a larger amount of coins dictates that a participant is more experienced and therefore trustworthy; and proof of authority, where the reputation of a participant forms the value.
Blockchain is split between more business-focused systems where the participation is private and public, where anyone can join as long as they fill the pre-requisites. Public participation is simple – as long as the participants can adhere to the three consensus mechanisms, they are free to use the blockchain. Private, on the other hand, focuses on specific organizations and an internal network that restricts data content and can block certain transactions. Private blockchains are more similar to traditional databases with centralized networks. The main concept of blockchain however revolves around a separate aspect – the transaction immutability, or the fact that it cannot be deleted off the ledger of transactions. As this is the central feature of blockchain, it means that all security questions and risks need to be posed while factoring in the immutability of the ledger of transactions.
However, with traditional data harvesting formats that include things like cookies, data laws are still new, if not completely unwritten. As both the U.S. and Europe grapple with the necessity to impose laws that will define the relationships between users, companies and the user’s data, privacy remains a key concern. Brannon believes that «the privacy landscape is increasingly volatile and definitely will change. For example – in the States, there is no federal privacy law today». California was the first that was created one two years ago (CCPA). On the November ballot this year, they approved the second version of that (CPRA) that will go into effect in 2023. It is not unlikely to assume that there will be a federal law at some point soon in the U.S. On the European side, there was a pretty disruptive event last summer where the EDPB (European Data Protection Board) ruled that the Privacy Shield program that protects transfers of data from Europe to the U.S. was invalidated. It’s a simple way to say that for the citizens of business, they no longer trust data coming to the U.S. The EDPB is planning to put out further guidelines and information on what are the safety protections that they would approve of to trust data transfers. Even companies that store data and data centers that are physically in certain countries, they are still American. So, the Apple or Amazon – who are the top cloud service providers – are still American companies. «You cannot necessarily trust that the data that you store in those data centers is protected from the U.S. government».
Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services. Cloudflare’s services sit between a website’s visitor and the Cloudflare user’s hosting provider, acting as a reverse proxy for websites. Cloudflare’s headquarters are in San Francisco.