Securing data with multifactor encryption, role-based access, and firewalls is table stakes today. Without these protections in place, every business is a target, simply waiting to be attacked. And the likelihood of an attack is high: In 2021 alone, 62% of companies in the Americas experienced a data breach or cyber incident, according to a KPMG study.
While these precautions are a must for all companies, those in the business of protecting their customers’ valuable digital assets must take data security much further. What these sensitive assets need is a digital vault – an online security vault that functions much like a physical vault, but instead of storing physical assets, it stores and protects digital property. In addition to digital currencies and financial data, digital vaults can store everything from wills and tax documents to videos and sensitive login information.
Vendors are now specializing in providing digital vaults. That’s the idea behind VeroWay, a 5-year-old company that stakes its reputation on the protection of its customers’ digital assets. VeroWay uses digital vault technology for its customers to store, transfer, and exchange digital assets and data securely and verifiably, employing as many security measures as possible. It does so in a self-custody manner, powered by blockchain, where only the owner of the data can control it. VeroWay itself has no way to access the data.
The goal is to be so secure that “anybody using or white-labeling the infrastructure isn’t in danger of being ‘FTX’d,’ ” said Sean Prescott, the CTO of VeroWay Group. FTX promoted itself as a safe crypto asset trading platform with strong security but was charged with stealing its own customers’ funds.
The Emerging Quantum Security Threat
But even a forward-thinking company like VeroWay can be affected by the continued ingenuity of cybercriminals. In addition to the constantly evolving threats hackers can devise, the rise of quantum computing is poised to jeopardize even the strongest security. The quantum security threat compelled the White House to issue a national security memo instructing federal agencies to develop new algorithms to boost protection.
“The big strategy right now for attackers is to pull in the data, even if they can’t decrypt it now, and then gather more compute power over time until they can crack it,” Prescott said. “We needed to stay ahead of the curve to ensure that the data can’t be decrypted for the next thousand years, and the only way we can do that is by being secure against quantum computers. We had to match power with power.”
Quantum computing has become more accessible, giving hackers the power to crack key encryption schemes. It’s a thorny and growing problem, so big that the National Institute of Standards and Technology has spent years developing standards for postquantum cryptography algorithms.
VeroWay Implements Quantum Security Protection
For VeroWay, these realities meant finding a way to incorporate quantum cybersecurity protection into its platform. By adding quantum-resistant encryption and cryptography, VeroWay aims to thwart attacks by quantum computers.
“We have more than 15 million users on our platform, including white-label solutions, and that means that we need at least 15 million keypairs – and that’s just on the surface,” Prescott explained. “Inside, there is even more going on. If it takes you even one second to generate a key, with that many keys, it will take a while to get it all running. That’s why we had to branch out into specialized hardware built to generate those keys while adhering to our security mechanisms and encryption-based policies.”
VeroWay chose QuSecure to help handle these requirements. QuSecure’s technology enables VeroWay to use quantum-resilient entropy with established algorithms like RSA. As a result, VeroWay can generate long asynchronous keypairs to protect data in a self-custody fashion. Entropy is a process in cryptography used to produce random numbers, which then are used to produce security keys.
VeroWay also combines QuProtect’s QuEverywhere module with QNAP’s software-based Q-VPN to create an additional layer when users access the platform. Q-VPN interacts with VeroWay’s hardware to generate the keypairs for the Q-VPN tunnel. This combination of technologies essentially provides more secure private and public keys for machine-to-machine communication.
“Think about something like bitcoin,” Prescott said. “If you plug a USB hardware key or nano ledger into a hot laptop to generate a transaction, you have just exposed something that should never be connected to the internet or a hot laptop.” VeroWay uses a system that ensures cryptographic transaction signing can only happen in an offline black box. Once the transaction is signed, it is moved to the hot side of the system, where it is broadcasted to the blockchain, ultimately initiating a transfer of the underlying digital asset, he said.
About the authorKaren D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek and Government Executive.