Decentralized security model
Traditional IT systems and security solutions are highly centralized. Management and storage are all concentrated to a central server that becomes a single point of failure. This is still OK when you can protect the full system behind firewalls in a private network. But this is no longer the case. Data is being stored in public clouds, transported over open networks and soon maybe in public blockchains. Data is also managed in multiple cloud applications that perform different tasks, like sales and CRM systems, support systems, file storage, email providers, and so on.
When decisions about risk are made at the organizational level in a centralized model, all risk is more easily understood, defined and measured. Yet, this approach also requires that all parts of the organization meet a single set of standards, which can be clunky, cumbersome, and sometimes even preventing the innovation and rapid organizational changes that need to happen to address a changing market. Centralized security can in this perspective be a competitive disadvantage. It is also one of the driving forces behind Shadow IT.
The infographic above explains why you might not want to give full control to a central server. But, there are also cases where you don’t want full control in the end nodes either. An example could be an enterprise communication platform where a decentralized security model with elevated control for middle managers could be desired.
The picture below illustrates the differences between centralized, decentralized, and distributed systems.
Hyker handles all these conflicting models by using delegated access control, making a combination of distributed, decentralized, and centralized trust models possible.
Delegated access control is a concept where an end node can voluntarily delegate permission of key sharing to any other node. If an employee delegates the decryption key responsibility to the nearest manager, that manager gains the possibility to let other employees access the data. Another example is an IoT sensor which should not have any say in who can access the information. That sensor can delegate the access control to the sensor owner or a group of owners.