Introducing The IAP: A New Blockchain Platform 100% Focused On Cybersecurity
- A 100% cybersecurity focused platform providing a solution to information assurance challenges currently costing companies over $3 trillion.
- Led by a team including the former Heads of Cybersecurity and Development at Omise and the former Group CTO of Telenor (Asia)
- Already secured multiple partners and platform users including BDO, the world’s 5th largest accounting firm, as well as multiple technology companies such as Movaci, GoPomelo and Aperio
- 35 use cases already identified, with its first app — Blockliance — already under development on top of the IAP
I. The Scale of Cybercrime
In 2017, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This figure is larger than the nominal GDP of Germany and the UK combined, according to data from the International Monetary Fund. It is not surprising then, that Ginny Rometty, the chairman, president and CEO of IBM, called cybercrime “the greatest threat to every profession, every industry, every company in the world.”
This only accounts for crime. No less worrying is the danger posed by data leakage and poor information assurance, as exemplified in the case of Verizon, who due to a third-party configuration oversight, exposed data of 14 million customers to public view last year.
Since the beginning of 2017, serious hacks and breaches have struck Deloitte, Cex, Equifax, AA, OneLogin, Chipotle, Bell, Deep Root Analytics, Edmodo, Guardian Soulmates, HandBrake, Debenhams, Wonga, Facebook and many more, yielding not just huge financial cost for the companies, but reputation damage, loss of consumer trust and increased regulatory pressure.
The challenge for firms to prove their compliance to security standards and keep data secure is only increasing as hackers become more sophisticated and technological innovation leads to more complexity. While AI, IoT and Wearable Devices are boons for futurists, they provide fresh headaches for those responsible for protecting large volumes of data.
II. Enter DLT and the Information Assurance Platform
In recent years, much has been made of the security features of distributed ledger technologies (DLT) such as blockchain. Yet while plenty of hype has brewed around how DLT can be underpin privacy-focused currencies, prediction markets, VR property markets, IoT connectivity, supply chain visibility and much more, little has been done to apply this technology to the domains it can benefit the most: information assurance, regulatory technology and cybersecurity.
This is where the Information Assurance Platform (IAP) comes in.
III. So what is the IAP exactly?
The IAP is a 100% cybersecurity focused platform tackling some of the most pressing concerns in information security. It is a decentralised and open platform for both public and private use, with an open standard and community governance. The IAP team are themselves building applications on the platform that can tackle the information assurance challenges that most heavily rely on trust. Meanwhile, through the IAP standard and toolbelt, the platform will provide developers with low-cost, high efficiency opportunities to use blockchain technology to solve hard information security challenges.
For its first initiative, it is building an application to support governance, risk management and compliance (GRC), called Blockliance. GRC is arguably the fastest-growing area in the corporate information assurance space, with current global spending of $80 billion set to rise to $120 billion in the next three years.
Key areas that the IAP will be primed to tackle include:
- Governance, risk management and compliance (GRC)
- Change management and auditing
- Internet of Things (IoT) device monitoring and control
- Critical infrastructure state transition system (RSTS)
- Digital forensics
- Ethics & Polycentric Governance systems and DAOs
- Secure CI/CD assurance
- Anti-Deepfake Audio / Video assurance
- Dependency management
- Continuous identity and authentication (+AAA)
- Intrusion detection and analysis, machine learning and AI
- Malware analysis with machine learning
- Disaster recovery and data redundancy
IV. Why is IAP so important?
- The only open, decentralised blockchain startup creating a cybersecurity toolbelt applicable to a broad range of challenges in the $231.94 billion information assurance market
- Over 35+ use cases identified already
- Its first app, Blockliance, is providing an entirely original solution to the GRC market, projected to be worth $64.61 billion by 2025
- Poised to capture extreme growth in the Asia Pacific information assurance market, which is expected to grow at a CAGR of 14.2% from 2017 to 2025.
- A founding team of senior leaders from the world of cybersecurity and blockchain (see the “Who is behind IAP?” section of this article for more details)
- Relevant and high-impact advisors, including some highly noted cybersecurity writers, academics, Fortune 500 cybersec leaders, a senior policy advisor for HM Tax & Revenue, HM Government, and a managing partner of BDO, the world’s 5th largest accounting firm
- Substantive experience and a high-level network in APAC, where the information assurance industry is expected to boom in the coming years
- A clear vision: “To enable implicit trust; driving risk free information assurance between devices, individuals, organisations, companies and governments globally.”
V. Top Line: How does IAP work?
The IAP is a decentralised set of tools that can be used individually or in combination as building blocks for cutting-edge cybersecurity applications. It is based upon:
- CyberTraces (Assurance Proofs): proof of existence
- CyberChains (Evidence Chains): proof of procedure and operations
- CyberStates (Universal daemons): proof of device & machine state — critical infrastructure — IoT monitoring
- CyberShields (Computational verification): proof of computation
- A marketplace per tool, developers can add new tools to network
- Decentralised computation for workloads including artificial intelligence and machine learning contracts
- Zero knowledge cryptography
It consists of four high-level components:
- IAP Core: Provides distributed redundancy and metaconsensus for security of entire network, in a fully decentralised and distributed manner, across multiple public blockchains
- IAP Client: The nodes form the basis of the network and facilitate multiple operations, including individual tool and marketplace operations
- IAP Chains: Computational chains that branch from core, doing the heavy lifting of the applications built to use the network
- IAP Standard: An open standard that will facilitate the creation and interaction of applications that use the platform
VI. Who is behind IAP?
Perhaps the most exciting thing about IAP is the impressive team at the helm. In their previous roles, team members have worked on projects with some of the world’s largest multinationals, as well as the likes of the:
- US Federal Bureau of Investigation (FBI)
- US Homeland Security (HSI)
- UK National Crime Agency (NCA)
- Thailand Internet Crimes Against Children (TICAC)
- Royal Thai Police (RTP)
- Department of Special Investigations (DSI)
Here is a snapshot of the founding team:
- The CEO is a serial entrepreneur and cybersecurity veteran Will Vacher. He was previously head of cybersecurity at Omise, the company behind one of the world’s foremost blockchain projects, OmiseGo. He has 15 years of leadership experience, including at CISO and CEO level, building and managing both teams and investments
- The Chief Architect is Tony Woodhouse, who has over 20 years of experience in leading technology companies, including previously being Head Of Development at Omise. At Agoda, one of the world’s leading online booking platforms, he led and managed the development of mission-critical products
- Founding team member Steve Franks was Group CTO of Telenor (Asia), one of the world’s largest companies, and served as digital advisor to Microsoft
- Founding team member Christopher Mosby is a white hat hacker who has worked with government agencies around the world and has clients in over 39 countries
- Founding team member John Cattral brings three years of blockchain architecture experience to IAP and served, before that, as infrastructure architect for Agoda. He has worked on multiple large-scale cryptocurrency projects, including a large scale mining operation in Iceland running on 100% renewable energy sources
- Founding team member Philipp Wiendl has held senior engineering roles at multiple startups, and was most recently lead devops engineer at Omise
Many blockchain projects recruit advisors who, while well-known on the blockchain conference circuit, are unable to bring relevant expertise or connections to the company in question. This is not the case for IAP, which has received support from some of the foremost names in its field, as well as proven entrepreneurs and business people, including:
- Jeff Hall, a world-renowned compliance expert who has helped hundreds of thousands of people navigate the murky waters of the Payment Card Industry Data Security Standard. He is the “PCI guru”, providing support on one of the most convoluted and difficult to understand standards of any industry. He has been involved in cybersecurity for a long time and has worked with multiple blue chips such as KPMG. He holds a broad range of qualifications, including CGEIT, CISM, CISSP, PCIP, PCI QSA and runs PCI Guru (https://pciguru.wordpress.com) one of the world’s most respected resources on compliance.
- Daniel Miessler, who has been a practicing security tester and consultant for close to 20 years, with focus on the security of network, web application, mobile, and IoT systems across multiple verticals and within both consumer and top Global and Fortune enterprises. He published the “Real Internet of Things”, one of the key texts examining the future of IoT technology.
- Dr. Stephen Boulter, a professor of ethics at Oxford Brookes who has published multiple books and research pieces. Currently he is leading IAP research into polycentric governance and ethics for distributed, decentralised communities. This will allow IAP to manage governance in the best possible way for the community, and to retain the ability for self governance without centralisation.
- Paul Ashburn, co-managing partner of BDO and was previously a partner at KPMG. BDO have agreed to partner with IAP and Blockliance and will both actively collaborate and expand the reach of the project. Paul has an exceptional network in the fast-growing APAC cybersecurity space.
- David Langer, a serial entrepreneur who most recently raised $20M+ in funding from investors including Index Ventures, Founders Fund and Y Combinator. His areas of expertise include growth, product strategy, fundraising, hiring and helping founders manage their own psychology.
VI. What Partners And Platform Users Has The IAP Secured To Date?
Finally, the IAP’s use case is not simply a theoretical one. It has already secured multiple partners who will be early users of the platform. These include a (currently confidential) member of the “Big Four” global accounting firms, and:
BDO: The world’s 5th largest accounting firm, offering a multinational network of public accounting, tax, consulting and business services with over 70,000 employees
Movaci: A provider of Managed IT and IT Security Services who have several key use cases and are building a threat intelligence (TI) application on the platform
Aperio Forensics: A digital forensics provider who have designed an app that runs on the IAP for police investigators to use at crime scenes
GoPomelo: Asia Pacific’s premier Google cloud partner who will be using the IAP to improve cybersecurity for their clients
There is more information available on the website.
These are all partners who will be platform-users of the IAP and there are many more who the IAP has agreements in place with, which will be announced shortly. This demonstrates a rare level of early traction and shows promising signs for the adoption of the platform.
One often looks at new blockchain projects and asks: why blockchain? Not so with IAP. The IAP is bringing blockchain and cybersecurity experts together and using the most powerful features of blockchain technology to take on “the greatest threat to every profession, every industry, every company in the world.”
This article was originally published in a newsletter in August 2018