The Technology workstream has been focused on balancing the need for the platform to be secure with the need for it to work at high speed. This is a particularly interesting challenge when blockchain is included in the architecture.
As many people will know, blockchain can add a lot to security and privacy but it is slower than more traditional technologies. To reduce this, we have completely rethought our strategy and we feel that this new approach delivers at least as much privacy and security but with higher performance. Only in exceptional circumstances will the users notice any impact.
So how did the engineers manage this? Our new approach uses the cryptography and distributed nature of blockchain to ensure that all transactions are private, consistent and secure. Our engineers have found clever ways to have blockchain working in the background while users move to the next steps of the work process.
We’ve also been looking at other areas of security. We recognize it takes a village to implement a robust secure software platform, and our team of technology experts, cryptographers, architects, engineers inspect security measures from every angle in order to avoid any potential misses in platform design and implementation.
We follow a layered security approach – a defensive tactic to use multiple security measures in a strategic way to create multiple layers of protection. It is the preferred approach of the military and government agencies, based on a proposition thatno single security solution can protect against all threats.
Think of Covantis platform security approach as a set of bank vaults, opening one door with a key to reveal another that requires the unlocking of a safe combination:
- Application level security measures. Including source code analysis, input validations, and vulnerability scanning. If the underlying code isn’t well written, bad actors can take advantage of this and either disrupt the running of the platform or try to gain access to the data in the platform. All of the Covantis code being written is reviewed for potential security issues both by people and by specialist applications.
- User access management. Many, if not most, security breaches start with a user accidentally giving access to a bad actor. This might be through having a weak password (you would be amazed how many people have ‘Password’ as their password!). To combat this, we will implement stringent user access controls using leading authorization and authentication mechanisms, including complex password requirements along with two-factor authentication. Many of you will have used this with your electronic banking, when you log into your bank account, you get sent a text message or an email and have to enter a code from that message into the system to confirm that you are the approved user.
- Network level security measures. Ensure that we have adequate network level security measures in place to protect platform from intrusion by employing sophisticated intrusion detection and prevention solutions to recognize traffic anomalies and react in real time.
- Data layer security measures Ensure that all parties involved have controls in place to secure and encrypt the data in rest (stored on platform) or in transit (when data is being transferred between users of the platform).
A multi-layered security approach creates a challenging environment for potential intruders as they have to contend with many overlapping layers of security measures. At the same time it is much more difficult to implement as all components must be able to work together not against each other, which can be tricky. We contract independent certified experts in penetration testing and vulnerability scanning to help us identify any of the blind spots in our implementation ahead of launch.
Like the product team we are getting excited about the testing in the following months. It’s fun to build stuff, it’s more fun to see it work!