Immutability is the third key to the continuous assurance of critical assets in a zero-trust world. Knowing where assets come from (Provenance) and creating fine-grade control over who can access what (Governance) are vital, but without full confidence that an asset has not been falsified, tampered with, or otherwise altered by accident or design, real assurance cannot be delivered. Immutability goes beyond security. It is perfectly possible to receive bad data via secure pipes or share false information along secure supply chains. What’s required is a tamper-proof golden thread of evidence that provides an indelible record of every event and change to any element of an asset.
Knowing that the metadata you rely upon to manage a critical asset is both accurate and true is essential. But that data changes constantly in today’s dynamic world where assets are shared, and collaboration is essential. Changes are made all the time, and mistakes happen – spotting them in complex documents that can run to hundreds of lines, or spreadsheets with thousands of cells are just the first challenge. Establishing who made a change, when and why is just as important. Was the change necessary, authorized, an error, or a malicious attempt to corrupt an asset? Answering these questions is impossible without an unalterable record of events.
WEAK AND INFLEXIBLE
Today, many organizations rely on relatively weak measures to prevent unauthorized or undocumented changes to critical assets. Password-protected or encrypted documents emailed between parties and spreadsheets with cells protected or hidden are typical but incomplete approaches. Alternatively, key critical data is locked away and not shared. Each of these solutions creates its own problems. An inability to share crucial asset information destroys the opportunity for collaboration and agility – but failure to precisely track changes can introduce massive risk. Version control between documents shared with multiple parties, establishing who exactly made the most recent changes, and time-stamping changes to establish precise order of events is all but impossible using these approaches. And that’s just tracking changes at a whole document level. To be trustable, any changes must be recorded with far more precision.
More granular and robust approaches that could provide the necessary level of assurance, including using distributed ledger or blockchain solutions are hard to create and even harder to implement and manage. In most cases, they undermine the benefits of collaboration by adding excessive friction and cost into the system.
PERMANENT, UNBROKEN RECORDS
What’s needed is a complete, unbroken permanent record of every event that has touched every asset. It should be easy for developers to integrate into the applications that the business uses to manage assets every day, and easy to use – both by the business itself and all the partners that need to interact with an asset up and down the supply chain. Fundamentally it must record exactly who did what when to every asset.
RKVST is built to provide exactly that. A complete, unbroken, and permanent record of every shared event transaction. An event is any interaction with the asset – a change to its status. RKVST records when it happened, what was changed, and who made the change. There is no delete function or button, so every change is permanently recorded. If mistakes are made or errors corrected there will be a record of exactly what changed and when as well as the users that made the updates. Other events include user access to information, alterations to the asset as well as access rights, sharing permissions, versions – anything and everything that affects the status of the asset. Developers can be sure they are getting the data they need and can see the complete history highlighting how it came to be in its current state.
NO DELETIONS, NO CONFUSION
The metadata about the asset is held in RKVST and is sharable to all those with the necessary rights to view and/or edit it. Using best-of-breed cloud services, the solution is fast and can scale to any number of users interacting with any number of events for any number of assets. RKVST makes no judgment on the assets themselves, so any ‘thing’ that can be described by a series of attributes can have its integrity assured by the RKVST system. This includes tangible assets, data, and software code.
As a single shared repository, with granular permission rights but identical event hashes, all parties can be assured that they are discussing and interacting with exactly the right data they need. There can be no arguments around which version was used by whom.
RKVST is built on a blockchain further guaranteeing the immutability of assets through cryptographic techniques that seal each block and make it impossible to delete, remove or tamper with the chain of evidence. RKVST APIs deliver all the advantages of blockchain without the need for expert cryptographic and distributed ledger skills and experience which can take years to develop. Developers can simply access the RKVST services with a single-line API to take advantage of the immutability and assurance of a private blockchain dedicated to recording the history of their critical assets – whatever they may be.
Knowing and proving that the assets they rely upon are tamper-proof gives confidence not only to compliance and risk teams who need to show evidence of the integrity assets but to the business users that depend on the data being correct. Producers can demonstrate proof of immutability to continuously boost assurance for users, partners, and collaborators throughout complex supply chains and cooperation across and between organizations in the digital economy. As zero-trust becomes the default for interactions in this dynamic market, proof of immutability will be the fundamental key to cooperation. RKVST provides it with a simple to implement, easy-to-use service. To find out more, see our documents and try it for free.