How digital content security stays resilient amid evolving threats

With threats evolving and multiplying, it’s essential to understand how technological advancements can serve as both a challenge and an opportunity to safeguard digital content.

In this Help Net Security interview, Rusty Cumpston, CEO at RKVST, discusses blockchain’s role in maintaining the immutability of supply chain history and its effects on digital content security.

We explore how digital security measures adapt to changing threats and vulnerability landscapes and discuss strategies to balance robust protection with user-friendly adoption. Lastly, we look towards the future, probing anticipated developments that promise to elevate data protection and trust in our digital ecosystems.

Immutability is crucial in maintaining integrity, transparency, and system trust. How does the use of blockchain in digital content security software ensure the immutability of supply chain history? And how does it prevent modification, back-dating, or shredding of data?

One crucial thing that blockchain adds to other digital security techniques is transparency. Nobody is under any obligation to make transparent statements and may maintain as much privacy or secrecy as they wish, but once a statement has been made, it’s out there in the auditable history of ‘who did what when’. This give supply chain players much more visibility of what’s going on, and therefore much more confidence to act and take control of their own risk, given a well-informed position.

The other property that emerges from systems using an append-only ledger with transparency at the core is non-equivocation: companies can’t give multiple answers to the same question. They can’t supply one bill of materials or media provenance record to their customers and a different one to their regulator. They can’t change their statements or re-write history based on something that happens (such as a dispute).

Imagine a magician with 52 pockets: ask a guest to predict a card and they could produce any chosen card from their jacket to great applause. But, they’ve not pulled off a great trick. It’s much more impressive if they seal a single card in an envelope first… and this is what ledgers achieve.

These two properties ensure that nothing can be back-dated, shredded, or modified (transparency), and there can be no stuffing of votes/hedging of bets (non-equivocation).

The IETF Supply Chain Integrity Transparency and Trust work group has published an architecture and open source software to create, maintain and share integrity data about digital content using an append-only ledger that can be independently verified adding an essential element of transparency and non-repudiation to enable all parties to determine the trustworthiness of digital content. In many ways this work brings much of the envisioned benefits of Web3 to today’s staunchly Web2 world.

As technology evolves and new threats emerge, how does digital content security software stay adaptable to address the changing landscape of digital threats and vulnerabilities?

Prior to the explosion in prominence of Gen AI, technology leaders across different industries had already started forming communities and organizing to find ways to improve content protection and authenticate data.

AI technology advancements and the great opportunities it provides have also motivated business leaders and consumers to reassess the underlying trust models that have made the internet work for the past 40 years: every major advance in computing tech has stimulated sympathetic updates in the computer security industry, and this recent decisive move into a world powered by data, and auto-generated data, is no different.

Provenance will become a key component in determining the trustworthiness of data. The changes though extend beyond technology. Rather than continuing to use systems that were built to assume trust and then verify, businesses and consumers will change and use verify then trust systems which will also bring mutual accountability into all processes where data is shared. Standards, open APIs and open-source software have proven to be adaptable to changing technology previously and will continue prove adaptable in the age of AI and significantly higher volumes of digital content.

Are there any limitations or challenges associated with implementing digital content security software, particularly when integrating with existing systems and workflows?

The market is evolving quickly from a Problem Unaware state to a very problem-aware state regarding the problems with protecting digital content with existing tooling and workflows, and the challenges of verifying and validating data authenticity and provenance in those tools. The biggest challenge ahead is educating and generating awareness that tools to solve these issues exist and can be used today with simple, low-friction integrations.

Integrating solutions with existing systems and workflows will require some behind-the-scenes changes, but fundamentally the job of the creator doesn’t need to change and the job of consumers and relying parties will actually get easier with these new techniques implemented. The bigger challenge is getting broad awareness that tools like those that have emerged at the IETF and CAI are available and can help every business protect content and verify provenance and authenticity today.

One of the challenges in implementing security solutions is user adoption. How does digital content security software balance providing robust protection while ensuring ease of use for all stakeholders?

The user adoption challenge is very much related to the need for broad solution awareness. Businesses and individuals already want to know if data is trustworthy and are ready now to adopt tools and methods that empower them to increase their safety. The communities that have formed to address the issues of provenance, integrity, transparency and trust are making free tools and software available to ensure ease of use for all stakeholders.

In a highly interconnected and rapidly changing digital environment, what are some best practices for organizations to ensure the ongoing effectiveness and relevance of their digital content security measures?

There’s no going back: businesses will exchange more and more data with their partners and they will make increasingly important decisions based on that 3rd party data. We hear of a few companies trying to row backwards on digital transformation and bring up the drawbridge on their silos but these are the Neds Ludd of the cloud era. Businesses must embrace movement of data, embrace their digital supply chain, and implement integrity, transparency and trust measures that apply authentication to the data that enters their systems just as strongly as they apply 2FA to the users and machines who enter them today.

Getting connected with communities that are working on these issues, connecting with the standards groups that are moving forward with solutions and proposals that will provide the open and interoperable methods for protecting digital content and verifying data authenticity should be on the radar of all organizations. Most already do this today for other parts of their business: AI safety is rapidly becoming a top concern for all businesses and consumers. Satya Nadella identified AI safety as the #1 concern at MS Build and provenance a prime solution to that problem.

Looking into the future, what advancements or innovations can we expect in digital content security, and how might these developments further enhance data protection and trust in digital ecosystems?

In the near future, we will have enhanced trust models that enable strong provenance to be incorporated alongside strong security and strong identity. We won’t trust data that doesn’t have provenance and can’t be verified before we use. Governments will eventually catch up.

If the projections are even close that this market is a $7 trillion dollar opportunity, there’s never been a time when governments have not found some way to make sure they find the money and will to make these changes happen and we should all expect that regulations and laws will be put in place for better or worse.