Web 3.0 – From Buzzword to Security with Schellman
•Télécharger en tant que PPTX, PDF•
1 j'aime•66 vues
Douglas Barbin, Managing Principal & Chief Growth Officer @ Schellman Avani Desai, CEO @ Schellman Blockchain, Cryptocurrency, NFTs, DigitalID, etc. There are lots of topics out there that capture the public’s attention and technology professionals at the same time. The goal of this presentation is to provide a basic understanding of core web 3.0 technologies including blockchain(s) and the role of identity management in a more decentralized computing environment. No buzzwords, no long-winded explanations, just real use- cases and perspectives on where SaaS providers should focus their attention in this emerging space.
Recommandé
Recommandé
Contenu connexe
Similaire à Web 3.0 – From Buzzword to Security with Schellman
Similaire à Web 3.0 – From Buzzword to Security with Schellman (20)
Plus de saastr
Plus de saastr (20)
Dernier
Dernier (20)
Web 3.0 – From Buzzword to Security with Schellman
- 1. Web 3.0 From Buzzword to Security 1 Doug Barbin Managing Partner & Chief Growth Officer Schellman @DougBarbin Avani Desai CEO Schellman @AvaniDe
- 2. Web 3.0 The next major “release” of the Internet 2
- 3. What is Web 3.0? Transformation from today’s Web 2.0 came from the Web 1.0 of the late 90s and early 2000s Heavy emphasis on distributed processing and storage “Defining features of Web 3.0 include decentralization; trustlessness and permissionlessness; artificial intelligence (AI) and machine learning; and connectivity and ubiquity.” Source - Investopedia 3
- 4. What is Decentralization and Trustlessness and what about “the Blockchain” In Web 3.0 a “database” is not a single or centralized store Blockchain technology was built on the premise of no single storage location and nodes are replicated for redundancy Cryptocurrencies leverage this technology to be anywhere or everywhere making it more immutable 4
- 5. What are the Major Use Cases for Web 3.0 Beyond “Crypto” NFT Smart contracts Identity verification Gaming Drone identification Artificial Intelligence 5
- 6. Practicalities of Using Web 3.0 Applications Distributed and permissionless systems does not mean permissionless applications Users still have to interact with applications which communicate with each other on the Web 3.0 back-end Mobile applications are the gateways to all Web 3.0 including cryptocurrency trading 6
- 7. Let’s Talk About Security 7
- 8. What About Cybersecurity – Five Key Security Implications ● Social engineering attacks are backend agnostic (e.g. wallet attacks and enhanced spam) ● The front door is always the easy way in (i.e. mobile applications) ● Compromised creditentials can be reused like today or people impersonated ● Manipulation and disinformation of data including configuration/security data ● Inability to trace/log activity creates challenges for those responding to security incidents 8
- 9. Why Identity is Most Important 9 Identity forms and delivery: ● IDs and passwords ● Certificates ● Tokens and biometrics ● Federated credentials Key Concepts ● Self Sovereign Identity (SSI) with holders, issuers with ○ Verifiable Credentials ○ Verifiable Data Registries
- 10. And It is All About Trust! 10
- 11. What Regulatory/ Standards Bodies are Working On Trust for Web 3.0 Legacy Programs ● AICPA/Canada CPA – WebTrust, SOC ● ISO 27001, 24760, 29003 Growth Programs ● Kantara (Identity/Authentication) US and UK ● Digital Identification and Authentication Council of Canada (DIACC) Emerging Programs ● Trust Over IP ● CIO Council Canada 11
- 12. What Now? Always start with context Do security and privacy by design Work with providers and partners that are investing in the space 12
- 13. THANK YOU Doug Barbin Managing Partner & Chief Growth Officer Schellman @DougBarbin doug.barbin@schellman.co m Avani Desai CEO Schellman @AvaniDe avani.desai@schellman.com
Notes de l'éditeur
- Avani: Web 3.0 is exactly what it sounds like – the next iteration of the Internet.
- Avani: Web 1.0 pioneers the language of the Internet, starting with simple private connections to public webpages using static HTML hosted on simple servers. Web 2.0, our current iteration, moved us away from plain webpages to dynamic content and the whole advent the social networking and its impact on how people consume information. Over the last 15 or so years, Web 2.0 has seen its fair share of technology evolution with the increase use of cloud computing and moving to containers and other forms of more advanced cloud computing services. Still in all of these cases, computing assets were largely centrally located and managed, even when doing so was done across a global footprint. Web 3.0 moves towards a more decentralized or distributed model. Applications do not require a central location for storage and processing but multiple ones. They also do not require a broker to manage permissions for access to these resources. While AI, including machine learning, were present and operating under the Web 2.0 infrastructure, their benefits have only begun to be recognized.
- Avani: Distributed networks: By nature exist everywhere Think “old school” peer to peer networking As “trusted” intermediary is not required, that creates risk The first use case for distributed computing was crypto currency. [Avani to highlight the additional benefits and her experience.]
- Avani There are many use cases for Web 3.0 technology, some of which we have yet to even think about. [Avani to list off and speak to above] Artificial intelligence never really reached its full potential in Web 2.0. It is not only empowered by more distributed computing (think SETI AI) but user will expect it.
- Avani: Regardless of how the data is distributed, users still require a means to interact (or to have a robot interact on their behalf). While traditional Web 2.0 front-ends will continue to remain available, increase use of mobile applications will continue and the convergence between business and social application will continue.
- Transition to Doug
- Doug Sadly, the types of security threats are not unique to Web 3.0 and we saw them very prevalent in Web 2.0. There is some upside – in a distributed storage environment like blockchain, the ability to compromise and encrypt data everywhere by a ransomware attacker could become more difficult. The human factor, social engineering will also be Achilles heel for compromise. Attackers go in through the people to get access to applications where data on distributed environments are stored. As a result, attackers can compromise credentials to access as well as the data itself. While blockchain technology itself helps to reduce the ability to manipulate information, an authorized but compromised credential can be used to manipulate information shared around the world. Last, the anonymity provided by Web 3.0 makes it more difficult for the incident responders and/or forensic professionals to identify who a particular threat actor was.
- Doug: The above forms of identity management are not new. Federated identity relies on Web 2.0 concepts to centrally manage and share credentials. In Web 3.0, users need to have control over their own identity and credentials so they’re not just stored in a “database” Your passport is on your phone controlled by you. It doesn’t sit elsewhere but its been issued by a trusted provider and verified by a trusted registry which validates the credential NOT stores it.
- Doug In the new Web 3.0 Economy, Trust is the Digital Currency. As of today, legacy compliance frameworks are used but not necessarily specific enough to the technologies being looked at. There are several growing and emerging programs, some self-certification that aim to address this issue. Some are government sponsored, while some are self certification.
- Doug What do you do now – continue to wait or plan ahead? It starts with context. Think about your role in Web 3.0, are you a provider, leverage, or user of the technology. Build security and privacy by design, not after the fact. Work with providers that know what they are doing and investing in the space. Avoid buzz words at all cost.