If there is one thing the world’s global financial institutions understand, it’s risk. Decisions based on their potential risk are taken every minute of every day. And if there is one thing those institutions fear, and want to avoid at all costs, it’s anything that represents a systemic risk.
A systemic risk is something that doesn’t just threaten one element of the business, or one department. It’s a risk that could bring the whole operation to a halt and cause a total failure of the business – and it’s not just the financial community that loses sleep over that prospect.
With that in mind, it seems somewhat strange that financial institutions, and businesses across every sector of industry, put so much faith and trust in the public internet.
The internet is the eighth wonder of the world. The genius of the internet has driven connectivity; it has driven innovation, services and change. Global, evolutionary and revolutionary change. But it wasn’t really designed for that, and today the public internet represents a systemic risk to business.
The public internet now underpins countless billions of personal and mission-critical business exchanges and transactions every day. And soon, as the internet of things really begins to impact our lives, the reach and influence of the public internet will become even greater, even though that scarcely seems possible.
In fact, the genius of the public internet is that despite how we use it today, it was never designed to be a secure or trusted environment. It was conceived as a network for academics and researchers to exchange data. It was more of a “best endeavors” network than a best-of-breed one. As effectively the only network of its kind, it has become the best of its breed by default.
But the reality is that while it is a miracle that the public internet has been able do the job, global businesses should be asking themselves whether they should even be asking it to do the job. This topic keeps coming up as a hard problem when we talk to customers. Should global financial transactions, critical national infrastructure, highly sensitive business and personal data, vital public services, and mass transit systems actually be underpinned by a public internet never conceived with that load in mind?
Just last year, we saw the largest distributed denial of service (DDoS) malware attack in the history of the internet, and it took down business web servers worldwide, impacting some of the largest banks, retailers, media companies, social networks and news outlets in the world. Until the attack was beaten, many businesses were simply and effectively halted. That is the very definition of systemic risk. And the global ransomware attack the world suffered in May of this year is yet another example of an event that causes the global financial community and business leaders worldwide to collectively break out in a cold sweat.
But it doesn’t have to be that way. Some companies and networks were able to carry on throughout that DDoS attack completely untouched. And that’s because they were on secure, private IP networks. Going forward, the businesses that avoid systemic risk are the ones that run on what we call “Triple-A” private networks. These networks are like the internet, only safer – because the businesses that use them can control Access, Availability and Attribution.
These systems are being built to minimize business risk by running completely independently from the public internet, and each of the three A’s plays a critical role:
- Access means controlling exactly what you are buying in terms of the speed and latency of your connection.
- Availability means that connection is guaranteed through independence from the public internet.
- Attribution means knowing not just the rights and privileges of the devices accessing the network, but also knowing that individuals or machines behind the keystrokes or actions are exactly who or what they are supposed to be.
Business continuity across vital industries and services cannot be placed into the trust of the public internet. Only a network underpinned by the Triple-A principles can offer business continuity and assurance while avoiding systemic risk.
Over the coming weeks, we’ll be using this blog to explore the challenges of delivering business assurance in age of public internet uncertainty; of connecting an industrial internet of things that securely drives critical national and business infrastructure to deliver both improved services and improved efficiency. And we’ll look at the safe management of identity and authentication, the application of what we call behavioral biometrics, and above all, the delivery of business assurance through a Triple-A-based network.
Mary Clark is a former Chief Corporate Relations Officer and Chief of Staff at Syniverse.