The Digital Business Trilemma, Zero Trust, and the ITN

The future of digital business is at a crossroads.

• 40% of internet traffic originates from malicious bots with cybercrime causing $10.5T in damage annually by 2025, almost 10% of the projected 2025 global GDP, with an annual, accelerating growth rate of 15%.
• Approx. 15 billion connected Things in 2022 (doubling every 3 years) lack a trusted, verifiable identity and, therefore, exponentially increasing the vulnerability of digital business activities.

This means that the cost of trust — comprising the sum of security and regulatory compliance costs — is growing exponentially for organizations around the globe, threatening the profitability of new and existing digital businesses.

Why Is This Happening Now?

The answer may surprise you. The cost of trust has been increasing exponentially for a long time, driven by the combination of two key factors: (1) the increasing distribution and decentralization of data and computing resources to achieve better performance (think of the need for virtual AI assistants for example); and (2) the inevitable growth of interconnected devices.

This is the insidious nature of exponential change; humans do not recognize it until it is too late. For example, if 1% of a lake’s surface is covered with water lilies doubling its population every day, the entire lake will be covered in less than a week. However, this change would barely be noticeable until day 4, at which point it would be too late. We are currently approaching Day 4 for the Internet. In other words, we are almost too late to avoid eventual collapse.

Why Is the Cost of Trust Growing So Rapidly?

The cost of trust arises from vulnerabilities in digital business related to regulatory compliance and cybersecurity. Vulnerabilities increase with the square of the number of entities (network size) that can interact with one another and the number of trust boundaries that are crossed when those entities interact (decentralization). As the attack surface of digital businesses grows exponentially, so does the cost of defense.

Given that centrally orchestrated security frameworks do not scale incredibly well and are security/data honeypots (putting aside the likes of massive, well-resourced corporations such as Google and Amazon), it is not surprising that security failures and resulting costs rise with the increase of decentralization of digital services. Any device connected to the internet, or an internal network, is an attack vector on your digital business.

Therefore, we are positing the following Digital Business Trilemma statement:

Only two of three characteristics are achievable for all participating digital service consumers and providers:

(1) Decentralization
(2) Security
(3) Performance

If this sounds reminiscent of the Blockchain Trilemma described by Ethereum founder Vitalik Buterin, it is. However, our Digital Business Trilemma does not stipulate data consistency and integrity requirements across all participants.

Since the rapid increase in the decentralization of digital businesses is outside our control, one can only choose whether to optimize either performance or security. However, this seemingly impossible choice can be made easier by paying attention to subnetworks, which can tolerate lower levels of decentralization (i.e., the number of participants). There, we can improve security and performance by better managing the attack surface of the digital business by shifting computing and storage for digital services to the network’s edge. This is possible thanks to the rapidly decreasing computing and storage costs described by Moore’s Law.

Then the next question is this: What does security at the edge require? The answer is Zero Trust. This means that no entity trusts another entity at any given time, even if the prior transaction was trusted. As a consequence, every participant must minimally be able to authenticate and authorize every other participant for every single digital business interaction at all times. Since this is not possible through centralized means at scale, we need ways to establish trusted identities that are self-sovereign and decentralized.

In other words, we need identities that will be under the control of the transacting entities at all times without relying on any third party such as Google or Okta to maintain the security and integrity of the identity. Until now the adoption of self-sovereign decentralized identities has been slow due to both a general lack of understanding surrounding the concepts and the lack of a trusted, yet sufficiently decentralized group of entities underwriting these identities.

Passport to the New Economy of Movement — Introducing the Integrated Trust Network (ITN)

The Integrated Trust Network (ITN) is the first Web3 infrastructure for trusted, self-sovereign identities for businesses. The ITN is backed by industry consortia and global companies representing over $450bn in annual revenue, spanning across industries representing over 18% of global GDP. The ITN was specifically created to address the threats to highly decentralized digital business transactions. As the first federated Certificate Authority (CA) for IoT, eCommerce, and business automation, the ITN acts as a global trust anchor for digital business.

Using the ITN, businesses will be able to create very secure digital services that are locally highly performant while also decentralized in their use, a fundamental paradigm shift from the current leading identity providers for businesses worldwide such as Google, Amazon, Gemalto, Okta, and Microsoft.

Specifically, the ITN is a federated network of member-owned and operated ITN nodes designed to overcome the security and resiliency failures of centralized systems and organizations by providing decentralized digital infrastructure as the required core trust services of governance, authority, identity, and assurance for multi-party business ecosystems:

• Federated certificate authority based on established standards from the World Wide Web Consortium (W3C), the Decentralized Identity Foundation (DIF), and the Hyperledger Foundation
• Open Source
• Protocol and cloud agnostic
• 100% decentralized control
• Member-owned and operated
• Applicable to any industry and ecosystem¹
• Integrates easily with existing corporate systems²
• Fully security audited³

The ITN is targeting almost 20 initial use cases across the mobility, telecom, and insurance industries, and has already established initial traction across all three industries with over 6 active pilot products utilizing the existing ITN test network over the last 12 months.

The ITN is organized as a cooperative of its shareholders and is legally registered as a US California corporation. ITN governance regarding all financial, operational, technological, legal, and regulatory questions is administered through the ITN Maintainer Council (IMC), which consists of ITN node operators with equal voting rights (one organization = one vote). The operating team of the ITN will be comprised of a small group of executives, operational and marketing experts, as well as a small software development team to build and test new ITN features with all non-core business functions outsourced.

The business model of the ITN is strictly B2B business. The initial customer base of the ITN will be the ITN node operators themselves. They will buy ITN services, typically as service bundles, package them into new digital products, and sell those products to their existing customer base of over 100M individuals and companies for a profit. Note that because the ITN is technically organized as a network, its business value increases as the square of the number of ITN nodes as described by Metcalfe’s Law — faster than any centralized entity can.

Furthermore, based on the technical requirements and the measured and reported operational KPIs established by the IMC, each ITN node operator must:

• ensure the proper operation and availability of its node(s) — an ITN node operator can operate more than one node if desired — , and
• ensure the proper security of its node(s).

The ITN has chosen a highly modular, standards-based architecture to achieve its goal of maximizing business value by significantly increasing the number of ITN nodes, possibly to hundreds or thousands over time. This architecture utilizes only open source components comprising a so-called ‘Self-Sovereign Digital Twin™’ (SSDT™), a core services module, and a security and data integrity layer. The SSDTs™ can be deployed either on devices or servers and act as “universal translators” between company systems and the trust services of the ITN.

The ITN core services component implements ITN services functionality while the integrity layer component comprises initially one private DLT network with each ITN node operator running a DLT validator node, and a public DLT where ITN node operators are not operating DLT nodes but instead only utilize the data integrity and security capabilities provided by the public DLT for the ITN services.

The approach of using standards and open-source software help ITN avoid technology lock-in and provide more network resiliency⁴ through multiple technologies and different network types. The intent is to add more DLT networks over time to further increase resiliency and add technology diversity. Furthermore, the utilized open-source data storage and replication technologies in the ITN core services module have proven to scale to thousands of nodes in production which will allow the ITN to reach its goal of a large number of globally dispersed ITN nodes.

Lastly, it is crucial for the ITN both to gain acceptance and trust within the wider web3 community and to increase ITN adoption by making it easy and transparent for others to join the ITN network and deploy a node. Therefore, the ITN will open-source the ITN core services and the ITN Self-Sovereign Digital Twin with the launch of the production network.

> Read “When Things Know What They Are: IoT in the Age of Self-Sovereign Identity”

[1] Identity and trust services are universal and not unique to any industry.

[2] Integration capabilities are based on a very common computer language and a simple software development kit (SDK) utilizing API types commonly used on the internet without any assumptions made about the connector types to existing computer systems.

[3] The security audit is not yet complete. Several open-source modules have already been audited with an audit planned for the custom ITN code base contingent on the rate of ITN fundraising.

[4] Resiliency with regard to including but not limited significant internet disruptions, zero-day bugs in the code base of either private or public DLTs, rapid technology shifts in the DLT such as the emergence of new privacy or transaction scaling frameworks.