Centralized data networks, ones that are owned and/or managed by a single entity, have been structurally broken for years. Why? Single points of failure. If one entity (or even a few) has access to a database, then there is only one “point” to compromise in order to gain full access. This is a serious problem for networks holding sensitive data like customer information, government files, and financial records, and those with control of infrastructure like power grids.
Billions of digital records were stolen in 2024 alone, causing an estimated $10 trillion in damages! Notable breaches include nearly all of AT&T’s customer information and call logs, half of America’s personal health information, 700 million end-user records from companies using Snowflake, 10 billion unique passwords stored on RockYou24, and Social Security records for 300 million Americans.
Source: Statista, 2024
This is not just a private sector issue — governments and crucial national infrastructure also rely on centralized networks. Notable recent breaches include records on 22 million Americans stolen from the U.S. Office of Personnel Management, sensitive government communications from multiple U.S. federal agencies, personal biometric data on 1.1 billion Indian citizens, and the ongoing Chinese infiltration of several U.S. internet service providers.
Although hundreds of billions of dollars are spent each year on cyber security, data breaches are getting larger and happening more frequently. It’s become clear that incremental products cannot fix these network vulnerabilities — the infrastructure must be completely rearchitected.
Source: market.us, 2024
AI magnifies the issue
Recent advancements in generative AI have made it easier to automate everyday tasks and enhance work productivity. But the most useful and valuable AI applications require context, i.e. access to sensitive user health, financial, and personal information. Because these AI models also require massive computing power, they largely can’t run on consumer devices (computer, mobile), and instead must access public cloud networks, like AWS, to process more complex inference requests. Given the serious limitations inherent in centralized networks illustrated earlier, the inability to securely connect sensitive user data with cloud AI has become a significant hurdle for adoption.
Even Apple pointed this out during their announcement for Apple Intelligence earlier this year, stating the need to be able to enlist help from larger, more complex models in the cloud and how the traditional cloud model isn’t viable anymore.
They name three specific reasons:
Privacy and security verification: Providers' claims, like not logging user data, often lack transparency and enforcement. Service updates or infrastructure troubleshooting can inadvertently log sensitive data.
Runtime lacks transparency: Providers rarely disclose software details, and users cannot verify if the service runs unmodified or detect changes, even with open-source tools.
Single point of failure: Administrators require high-level access for maintenance, risking accidental data exposure or abuse by attackers targeting these privileged interfaces.
Fortunately, Web3 cloud platforms offer the perfect solution.
Blockchain-Orchestrated Confidential Cloud (BOCC)
BOCC networks are like AWS — except built completely on confidential hardware and governed by smart contracts. Though still early days, this infrastructure has been in development for years and is finally starting to onboard Web3 projects and Web2 enterprise customers. The best example of this architecture is Super Protocol, an off-chain enterprise-grade cloud platform managed completely by on-chain smart contracts and built on trustless execution environments (TEEs). These are secure hardware enclaves that keep code and data verifiably confidential and secure.
Source: Super Protocol
The implications of this technology address all of Apple’s concerns noted earlier:
Privacy and security verification: With public smart contracts orchestrating the network, users can verify whether user data was transported and used as promised.
Workload and program transparency: The network also verifies the work done within the confidential TEEs, cryptographically proving the correct hardware, data, and software were used, and that the output wasn’t tampered with. This information is also submitted on-chain for all to audit.
Single point of failure: Network resources (data, software, hardware) are only accessible by the owner’s private key. Therefore, even if one user is compromised, only that user’s resources are at risk.
While cloud AI represents an enormous opportunity for Web3 to disrupt, BOCCs can be applied to any type of centralized data network (power grid, digital voting infrastructure, military IT, etc.), to provide superior and verifiable privacy and security, without sacrificing performance or latency. Our digital infrastructure has never been more vulnerable, but blockchain-orchestration can fix it.
from CoinDesk: Bitcoin, Ethereum, Crypto News and Price Data https://ift.tt/yVHRKXg
0 Comments