What The Byzantine Generals’ Problem Means for Managing Data Risk
What does a fable starring deceptive generals from medieval history have to do with protecting your enterprise data in the current threat landscape?
As a cybersecurity leader, you can apply the Byzantine Generals’ Problem to ensure your distributed data is fully protected in the event of an attack and strive for Byzantine fault tolerance.
What is the Byzantine Generals’ Problem?
The Byzantine Generals’ Problem began as Software Implemented Fault Tolerance (SIFT), a project by SRI International with the goal of designing reliable computer systems for aircraft control in the late 1970s.
The idea is that the generals share one fortress filled with gold coins accessible by a single key that they all co-own. Because there is just a single key, any of the generals can betray the others by using the key to steal the gold coins. If each keeps a copy, only one key needs to be compromised to have the coins stolen. If only one general is entrusted with the master key, that person could lose it or betray the others to get to the gold.Gabriel Gumbs | Chief Product Officer, Myota
The generals must come to a consensus about how to manage the keys. Since the generals lead armies that are spread far and wide and communication and loyalty is an issue, security breaches are rampant. The gold is essential to the survival of the Byzantine empire not only for wealth but to pay off invaders and acquire more territory. It must be protected at all costs. Yet human temptation and the inherently flawed design of their physical key system make it an impossible problem to solve.
How does the Byzantine Generals’ Problem apply to cybersecurity?
When the Byzantine Generals’ analogy is applied to cybersecurity, the gold represents mission-critical enterprise data. Fortresses are data storage, and physical keys are encryption key management.
While businesses don’t build moats, confronting treachery is built into doing business. Cybersecurity leaders are waging an everyday battle against the threats of ransomware, malware, and internal breaches. They face constant threats to their data through servers and across different cloud providers.
Like the generals, cybersecurity leaders must be able to see every potential entry and exit point. This becomes complicated when enterprises have dozens of tools to manage encryption keys across different storage platforms. Each must have its own storage and be able to be easily retrieved in the event of an attack.
Enterprises can only solve this problem, or achieve Byzantine fault tolerance, by decentralizing encryption key management.
How does Myota help you achieve Byzantine fault tolerance?
In the Byzantine Generals’ Problem, the keys to the fortress all worked, and the gold coins were of value no matter who eventually accessed them. But what if those keys didn’t work and the gold coins were useless as soon as they were stolen?
Traditional data encryption and encryption key management systems leave companies vulnerable to enterprise data loss. The Myota methodology works because we start with a clear understanding of the potential flaws.
Myota’s converged data security platform ensures that if one decryption key store is lost or attacked, you won’t lose access to valuable data. Our signature data micro-segmentation technology ensures that there is no single point of failure while assuring protection from quantum and brute force attacks.
The ability to render stored data unusable to attackers gives your cybersecurity team greater confidence that your data is fully protected and inaccessible to attackers. There is less concern about human intervention because data and keys achieve immunity to threats by decentralizing data and key management systems.
If an attacker or an employee with malicious intent gained access to one key management system, they would not be able to decrypt the data.
The original data can only be reconstructed by using a minimum number of encrypted shards, which provides resiliency against attacks such as ransomware. At the same time, your data remains as good as gold to your enterprise, and you can restore it immediately after an attack.
In the Byzantine Generals’ Problem, the gold would be valuable no matter how someone accessed it, so the generals had to rely on trust and make their fortress impenetrable. Myota goes beyond perimeter security, data encryption and key management systems so your “gold” has no value for an attacker to exfiltrate or exploit. At the same time, that gold — your mission-critical data — is always accessible to you through Zero Trust administrative controls.
Learn more about how we can keep your valuable data assets safe from attacks, even when other security fails. Schedule a demo today.