Introduction and Goals

On the page, you will learn:

Short description of the requirements, and driving forces for the Keychain framework.
Important stakeholders and their expectation regarding architecture.

Introduction

Problem

Companies used to manage their business data in silos, protecting business secrets and client data by defending the outer network perimeter. This practice had low business continuity, high cost of ownership, or both and it didn’t protect data from insider threats. Approaches to solve this problem, such as VDI, are expensive and their restrictiveness hinders the productivity of the entire organization.

Later companies began leveraging cloud services to reduce the cost of ownership of their IT systems. This however increased operational risk exposure to a new emerging problem: in the event the cloud/network/certificate authority service is compromised, the company faces significant monetary and reputation damage, and yet they have little recourse as these vendors accept little to no liability.

This problem, called the Technology Agency Problem, represents a large, unmitigated operational risk for companies that manage highly sensitive operational data such as personally identifying information, financial data, health records.

Add to that the fact that employees access their company data through mobile phones and work remotely more than ever, and the diversity and complexity of technology vendors that are de facto inside companies' trusted partner circle grew significantly.

Goals

This Agency Problem gives rise to a need for a new data security infrastructure that is fit-for-purpose in the most demanding, mission-critical scenarios throughout all business sectors.

The goal of Keychain is to provide companies with the tools and framework to solve the Agency Problem by taking ownership of the responsibility for data security without having to entrust it to unaccountable third parties. We do that by providing an application development framework that makes data security easy to implement and integrate with a focus on easy key management, exchange, and replacement.

The top three requirements of Keychain Core:

Top Requirements

Self-sovereign, data-centric security
1. Data confidentiality
2. Data integrity
3. Historical digital signature attribution
4. Security guarantee must remain regardless of where data is stored or how it gets there
5. Companies must be able to protect their data without having to entrust security to an unaccountable third party
Break-glass recovery
1. Operate through and recovery from degradations in cyber security
2. In the event of a partial breach of security, say firewall breach or access to data on the cloud, you need to be able to ensure that the stolen data is itself protected as well that any subsequently secured data uses new cryptographic credentials
Ease of integration
1. Solutions must integrate and be interoperable with existing infrastructure / applications

Stakeholders

Stakeholder	Role	Expectations
Solution creators	Keychain partners who build applications on Keychain Core. Deploy and support applications for end corporate and individual users	Need to be able to integrate Keychain Core into their environment of choice, including small Internet-connected devices.
Corporate Users	Corporate users distribute Keychain-powered applications to their users and/or clients. They manage application workflow administration.	Expect the solution to integrate into corporate network architectures, support compliance with security regulations such as ISO 27001. Need control over the choice of network, cloud services, architecture. Need to be able to change architecture without restriction by the partner-supplied application. Expect the solution to work globally over different networks regardless of the quality or security of the medium.
Individual end users	Use the partner-created applications for personal scenarios.	Expect the solution to work globally over different networks regardless of the quality or security of the medium. Expect the solution to work transparently on their existing personal devices.

Stakeholder

Role

Expectations

Solution creators

Keychain partners who build applications on Keychain Core. Deploy and support applications for end corporate and individual users

Need to be able to integrate Keychain Core into their environment of choice, including small Internet-connected devices.

Corporate Users

Corporate users distribute Keychain-powered applications to their users and/or clients. They manage application workflow administration.

Expect the solution to integrate into corporate network architectures, support compliance with security regulations such as ISO 27001.
Need control over the choice of network, cloud services, architecture.
Need to be able to change architecture without restriction by the partner-supplied application.
Expect the solution to work globally over different networks regardless of the quality or security of the medium.

Individual end users

Use the partner-created applications for personal scenarios.

Expect the solution to work globally over different networks regardless of the quality or security of the medium.
Expect the solution to work transparently on their existing personal devices.